grpc 1.53.0 → 1.55.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +132 -89
- data/include/grpc/event_engine/event_engine.h +30 -14
- data/include/grpc/grpc_security.h +4 -0
- data/include/grpc/impl/grpc_types.h +13 -2
- data/include/grpc/support/port_platform.h +4 -4
- data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +12 -1
- data/src/core/ext/filters/client_channel/backend_metric.cc +8 -1
- data/src/core/ext/filters/client_channel/backup_poller.cc +2 -11
- data/src/core/ext/filters/client_channel/backup_poller.h +0 -3
- data/src/core/ext/filters/client_channel/client_channel.cc +853 -822
- data/src/core/ext/filters/client_channel/client_channel.h +140 -178
- data/src/core/ext/filters/client_channel/client_channel_channelz.cc +1 -1
- data/src/core/ext/filters/client_channel/client_channel_internal.h +82 -0
- data/src/core/ext/filters/client_channel/client_channel_service_config.cc +2 -2
- data/src/core/ext/filters/client_channel/config_selector.h +9 -20
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +1 -1
- data/src/core/ext/filters/client_channel/http_proxy.cc +35 -2
- data/src/core/ext/filters/client_channel/lb_policy/backend_metric_data.h +6 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +19 -20
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.cc +5 -5
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +3 -3
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +134 -151
- data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +46 -61
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +14 -10
- data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/weighted_round_robin.cc +70 -33
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +14 -6
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +3 -3
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +12 -5
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +5 -8
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +9 -9
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.cc +6 -6
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_wrr_locality.cc +5 -4
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +46 -153
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.h +30 -0
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +4 -4
- data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_plugin.cc +60 -0
- data/src/core/ext/filters/client_channel/resolver/dns/{dns_resolver_selection.h → dns_resolver_plugin.h} +10 -12
- data/src/core/ext/filters/client_channel/resolver/dns/event_engine/event_engine_client_channel_resolver.cc +524 -0
- data/src/core/ext/filters/client_channel/resolver/dns/event_engine/event_engine_client_channel_resolver.h +35 -0
- data/src/core/ext/filters/client_channel/resolver/dns/event_engine/service_config_helper.cc +97 -0
- data/src/core/ext/filters/client_channel/resolver/dns/event_engine/service_config_helper.h +32 -0
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +19 -36
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.h +24 -0
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +34 -181
- data/src/core/ext/filters/client_channel/resolver/polling_resolver.cc +1 -2
- data/src/core/ext/filters/client_channel/resolver/polling_resolver.h +1 -2
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +11 -36
- data/src/core/ext/filters/client_channel/retry_filter.cc +117 -156
- data/src/core/ext/filters/client_channel/retry_service_config.cc +8 -8
- data/src/core/ext/filters/client_channel/subchannel.cc +2 -4
- data/src/core/ext/filters/client_channel/subchannel_stream_client.cc +26 -27
- data/src/core/ext/filters/client_channel/subchannel_stream_client.h +8 -5
- data/src/core/ext/filters/fault_injection/fault_injection_service_config_parser.cc +1 -1
- data/src/core/ext/filters/http/client/http_client_filter.cc +3 -3
- data/src/core/ext/filters/http/http_filters_plugin.cc +1 -12
- data/src/core/ext/filters/http/message_compress/compression_filter.cc +29 -13
- data/src/core/ext/filters/message_size/message_size_filter.cc +141 -224
- data/src/core/ext/filters/message_size/message_size_filter.h +48 -3
- data/src/core/ext/filters/rbac/rbac_service_config_parser.cc +68 -69
- data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +7 -6
- data/src/core/ext/gcp/metadata_query.cc +137 -0
- data/src/core/ext/gcp/metadata_query.h +87 -0
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +70 -55
- data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +12 -8
- data/src/core/ext/transport/chttp2/transport/bin_encoder.h +5 -1
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +226 -82
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +21 -0
- data/src/core/ext/transport/chttp2/transport/context_list_entry.h +70 -0
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +5 -2
- data/src/core/ext/transport/chttp2/transport/flow_control.h +2 -1
- data/src/core/ext/transport/chttp2/transport/frame_ping.cc +1 -7
- data/src/core/ext/transport/chttp2/transport/frame_ping.h +0 -3
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +4 -1
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +118 -222
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +296 -113
- data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.h +2 -0
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +466 -273
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +7 -3
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +15 -12
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +9 -1
- data/src/core/ext/transport/chttp2/transport/internal.h +20 -6
- data/src/core/ext/transport/chttp2/transport/parsing.cc +9 -2
- data/src/core/ext/transport/chttp2/transport/writing.cc +24 -8
- data/src/core/ext/transport/inproc/inproc_transport.cc +20 -14
- data/src/core/ext/upb-generated/envoy/admin/v3/certs.upb.c +87 -52
- data/src/core/ext/upb-generated/envoy/admin/v3/certs.upb.h +414 -181
- data/src/core/ext/upb-generated/envoy/admin/v3/clusters.upb.c +121 -60
- data/src/core/ext/upb-generated/envoy/admin/v3/clusters.upb.h +481 -224
- data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.c +90 -55
- data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.h +415 -188
- data/src/core/ext/upb-generated/envoy/admin/v3/config_dump_shared.upb.c +357 -210
- data/src/core/ext/upb-generated/envoy/admin/v3/config_dump_shared.upb.h +1572 -729
- data/src/core/ext/upb-generated/envoy/admin/v3/init_dump.upb.c +30 -17
- data/src/core/ext/upb-generated/envoy/admin/v3/init_dump.upb.h +144 -47
- data/src/core/ext/upb-generated/envoy/admin/v3/listeners.upb.c +34 -21
- data/src/core/ext/upb-generated/envoy/admin/v3/listeners.upb.h +160 -62
- data/src/core/ext/upb-generated/envoy/admin/v3/memory.upb.c +27 -14
- data/src/core/ext/upb-generated/envoy/admin/v3/memory.upb.h +78 -38
- data/src/core/ext/upb-generated/envoy/admin/v3/metrics.upb.c +20 -11
- data/src/core/ext/upb-generated/envoy/admin/v3/metrics.upb.h +48 -26
- data/src/core/ext/upb-generated/envoy/admin/v3/mutex_stats.upb.c +20 -11
- data/src/core/ext/upb-generated/envoy/admin/v3/mutex_stats.upb.h +48 -26
- data/src/core/ext/upb-generated/envoy/admin/v3/server_info.upb.c +109 -62
- data/src/core/ext/upb-generated/envoy/admin/v3/server_info.upb.h +566 -244
- data/src/core/ext/upb-generated/envoy/admin/v3/tap.upb.c +21 -12
- data/src/core/ext/upb-generated/envoy/admin/v3/tap.upb.h +45 -30
- data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.c +22 -19
- data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +82 -29
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.c +23 -16
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +45 -30
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +230 -143
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.h +733 -404
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +417 -262
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +1850 -888
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.c +74 -41
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.h +286 -148
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +531 -334
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +2017 -1131
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.c +21 -12
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.h +45 -30
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.c +89 -52
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +347 -232
- data/src/core/ext/upb-generated/envoy/config/common/matcher/v3/matcher.upb.c +264 -165
- data/src/core/ext/upb-generated/envoy/config/common/matcher/v3/matcher.upb.h +888 -476
- data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.c +139 -80
- data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.h +527 -274
- data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.c +22 -13
- data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.h +50 -36
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +380 -221
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +1168 -611
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +166 -94
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +666 -292
- data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.c +18 -11
- data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.h +37 -26
- data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.c +21 -12
- data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.h +45 -30
- data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_method_list.upb.c +30 -17
- data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_method_list.upb.h +144 -47
- data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.c +274 -167
- data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.h +789 -440
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +228 -137
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +1100 -501
- data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.c +22 -13
- data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.h +60 -37
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +350 -209
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +1083 -635
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +44 -11
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +175 -18
- data/src/core/ext/upb-generated/envoy/config/core/v3/resolver.upb.c +34 -19
- data/src/core/ext/upb-generated/envoy/config/core/v3/resolver.upb.h +118 -56
- data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.c +38 -21
- data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.h +148 -64
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +31 -18
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +143 -65
- data/src/core/ext/upb-generated/envoy/config/core/v3/udp_socket_config.upb.c +22 -13
- data/src/core/ext/upb-generated/envoy/config/core/v3/udp_socket_config.upb.h +51 -37
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +78 -43
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.h +265 -127
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.c +145 -88
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.h +438 -241
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.c +115 -62
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.h +559 -227
- data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.c +18 -11
- data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.h +35 -26
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +187 -109
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +956 -421
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +172 -95
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +864 -374
- data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.c +49 -25
- data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.h +171 -100
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +39 -18
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.h +74 -56
- data/src/core/ext/upb-generated/envoy/config/metrics/v3/metrics_service.upb.c +28 -15
- data/src/core/ext/upb-generated/envoy/config/metrics/v3/metrics_service.upb.h +71 -45
- data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.c +131 -74
- data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.h +489 -249
- data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.c +135 -80
- data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.h +505 -245
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +256 -129
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +996 -397
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +80 -49
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +616 -201
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +1283 -774
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +5430 -2509
- data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.c +49 -28
- data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.h +164 -84
- data/src/core/ext/upb-generated/envoy/config/tap/v3/common.upb.c +228 -141
- data/src/core/ext/upb-generated/envoy/config/tap/v3/common.upb.h +738 -399
- data/src/core/ext/upb-generated/envoy/config/trace/v3/datadog.upb.c +20 -11
- data/src/core/ext/upb-generated/envoy/config/trace/v3/datadog.upb.h +48 -26
- data/src/core/ext/upb-generated/envoy/config/trace/v3/dynamic_ot.upb.c +21 -12
- data/src/core/ext/upb-generated/envoy/config/trace/v3/dynamic_ot.upb.h +45 -30
- data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +32 -19
- data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.h +70 -49
- data/src/core/ext/upb-generated/envoy/config/trace/v3/lightstep.upb.c +27 -14
- data/src/core/ext/upb-generated/envoy/config/trace/v3/lightstep.upb.h +110 -43
- data/src/core/ext/upb-generated/envoy/config/trace/v3/opencensus.upb.c +46 -25
- data/src/core/ext/upb-generated/envoy/config/trace/v3/opencensus.upb.h +259 -100
- data/src/core/ext/upb-generated/envoy/config/trace/v3/opentelemetry.upb.c +21 -13
- data/src/core/ext/upb-generated/envoy/config/trace/v3/opentelemetry.upb.h +45 -30
- data/src/core/ext/upb-generated/envoy/config/trace/v3/service.upb.c +18 -11
- data/src/core/ext/upb-generated/envoy/config/trace/v3/service.upb.h +35 -26
- data/src/core/ext/upb-generated/envoy/config/trace/v3/skywalking.upb.c +42 -23
- data/src/core/ext/upb-generated/envoy/config/trace/v3/skywalking.upb.h +108 -70
- data/src/core/ext/upb-generated/envoy/config/trace/v3/trace.upb.c +7 -4
- data/src/core/ext/upb-generated/envoy/config/trace/v3/trace.upb.h +21 -16
- data/src/core/ext/upb-generated/envoy/config/trace/v3/xray.upb.c +43 -24
- data/src/core/ext/upb-generated/envoy/config/trace/v3/xray.upb.h +110 -75
- data/src/core/ext/upb-generated/envoy/config/trace/v3/zipkin.upb.c +30 -17
- data/src/core/ext/upb-generated/envoy/config/trace/v3/zipkin.upb.h +95 -50
- data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c +16 -9
- data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h +73 -23
- data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c +60 -37
- data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h +150 -108
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c +74 -43
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h +357 -167
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.c +44 -25
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.h +114 -80
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c +41 -20
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h +245 -82
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/stateful_session/v3/stateful_session.upb.c +32 -19
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/stateful_session/v3/stateful_session.upb.h +73 -51
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +474 -292
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +2144 -1055
- data/src/core/ext/upb-generated/envoy/extensions/http/stateful_session/cookie/v3/cookie.upb.c +18 -11
- data/src/core/ext/upb-generated/envoy/extensions/http/stateful_session/cookie/v3/cookie.upb.h +35 -26
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.c +34 -19
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.h +125 -67
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/common/v3/common.upb.c +72 -45
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/common/v3/common.upb.h +193 -138
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.c +34 -19
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.h +131 -66
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/wrr_locality/v3/wrr_locality.upb.c +18 -11
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/wrr_locality/v3/wrr_locality.upb.h +35 -26
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c +7 -4
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.h +15 -10
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +184 -96
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +907 -360
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +56 -33
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +150 -101
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +188 -111
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +816 -419
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.upb.c +32 -19
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.upb.h +109 -53
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.c +10 -7
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.h +18 -14
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +300 -177
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +1284 -522
- data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +42 -23
- data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.h +188 -75
- data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.c +130 -83
- data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.h +510 -238
- data/src/core/ext/upb-generated/envoy/type/http/v3/cookie.upb.c +22 -13
- data/src/core/ext/upb-generated/envoy/type/http/v3/cookie.upb.h +55 -34
- data/src/core/ext/upb-generated/envoy/type/http/v3/path_transformation.upb.c +39 -26
- data/src/core/ext/upb-generated/envoy/type/http/v3/path_transformation.upb.h +124 -68
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/filter_state.upb.c +21 -12
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/filter_state.upb.h +47 -30
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.c +60 -26
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.h +130 -51
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c +37 -20
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.h +133 -63
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.c +22 -13
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.h +91 -40
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c +21 -12
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.h +50 -32
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.c +18 -11
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.h +37 -26
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c +46 -27
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.h +101 -70
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/status_code_input.upb.c +13 -10
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/status_code_input.upb.h +25 -22
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +40 -23
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.h +161 -75
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.c +31 -18
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.h +114 -56
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c +46 -29
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.h +139 -91
- data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.c +65 -42
- data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.h +200 -121
- data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.c +80 -45
- data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.h +208 -131
- data/src/core/ext/upb-generated/envoy/type/v3/hash_policy.upb.c +34 -21
- data/src/core/ext/upb-generated/envoy/type/v3/hash_policy.upb.h +74 -53
- data/src/core/ext/upb-generated/envoy/type/v3/http.upb.c +7 -4
- data/src/core/ext/upb-generated/envoy/type/v3/http.upb.h +13 -8
- data/src/core/ext/upb-generated/envoy/type/v3/http_status.upb.c +16 -9
- data/src/core/ext/upb-generated/envoy/type/v3/http_status.upb.h +28 -18
- data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.c +28 -15
- data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.h +55 -34
- data/src/core/ext/upb-generated/envoy/type/v3/range.upb.c +43 -22
- data/src/core/ext/upb-generated/envoy/type/v3/range.upb.h +91 -53
- data/src/core/ext/upb-generated/envoy/type/v3/ratelimit_strategy.upb.c +35 -20
- data/src/core/ext/upb-generated/envoy/type/v3/ratelimit_strategy.upb.h +92 -57
- data/src/core/ext/upb-generated/envoy/type/v3/ratelimit_unit.upb.c +7 -4
- data/src/core/ext/upb-generated/envoy/type/v3/ratelimit_unit.upb.h +13 -8
- data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.c +20 -11
- data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.h +48 -26
- data/src/core/ext/upb-generated/envoy/type/v3/token_bucket.upb.c +23 -14
- data/src/core/ext/upb-generated/envoy/type/v3/token_bucket.upb.h +61 -41
- data/src/core/ext/upb-generated/google/api/annotations.upb.c +14 -11
- data/src/core/ext/upb-generated/google/api/annotations.upb.h +30 -20
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.c +255 -154
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.h +934 -450
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +299 -180
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +946 -483
- data/src/core/ext/upb-generated/google/api/http.upb.c +68 -35
- data/src/core/ext/upb-generated/google/api/http.upb.h +284 -120
- data/src/core/ext/upb-generated/google/api/httpbody.upb.c +22 -13
- data/src/core/ext/upb-generated/google/api/httpbody.upb.h +95 -37
- data/src/core/ext/upb-generated/google/protobuf/any.upb.c +19 -10
- data/src/core/ext/upb-generated/google/protobuf/any.upb.h +38 -22
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +1018 -424
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +3851 -1412
- data/src/core/ext/upb-generated/google/protobuf/duration.upb.c +19 -10
- data/src/core/ext/upb-generated/google/protobuf/duration.upb.h +38 -22
- data/src/core/ext/upb-generated/google/protobuf/empty.upb.c +10 -7
- data/src/core/ext/upb-generated/google/protobuf/empty.upb.h +18 -14
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.c +62 -39
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +207 -102
- data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.c +19 -10
- data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.h +38 -22
- data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.c +90 -51
- data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.h +157 -107
- data/src/core/ext/upb-generated/google/rpc/status.upb.c +22 -13
- data/src/core/ext/upb-generated/google/rpc/status.upb.h +95 -37
- data/src/core/ext/upb-generated/opencensus/proto/trace/v1/trace_config.upb.c +59 -34
- data/src/core/ext/upb-generated/opencensus/proto/trace/v1/trace_config.upb.h +154 -92
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.c +43 -24
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.h +118 -60
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +250 -145
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +919 -415
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.c +34 -19
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.h +76 -51
- data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.c +25 -14
- data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.h +45 -30
- data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.c +144 -81
- data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +405 -217
- data/src/core/ext/upb-generated/src/proto/grpc/lookup/v1/rls.upb.c +51 -26
- data/src/core/ext/upb-generated/src/proto/grpc/lookup/v1/rls.upb.h +153 -61
- data/src/core/ext/upb-generated/src/proto/grpc/lookup/v1/rls_config.upb.c +173 -102
- data/src/core/ext/upb-generated/src/proto/grpc/lookup/v1/rls_config.upb.h +855 -298
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.c +68 -49
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +155 -104
- data/src/core/ext/upb-generated/udpa/annotations/security.upb.c +26 -17
- data/src/core/ext/upb-generated/udpa/annotations/security.upb.h +55 -34
- data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.c +12 -9
- data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +31 -14
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +26 -17
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +55 -34
- data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.c +23 -16
- data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.h +45 -30
- data/src/core/ext/upb-generated/validate/validate.upb.c +845 -455
- data/src/core/ext/upb-generated/validate/validate.upb.h +4347 -1908
- data/src/core/ext/upb-generated/xds/annotations/v3/migrate.upb.c +68 -49
- data/src/core/ext/upb-generated/xds/annotations/v3/migrate.upb.h +155 -104
- data/src/core/ext/upb-generated/xds/annotations/v3/security.upb.c +26 -17
- data/src/core/ext/upb-generated/xds/annotations/v3/security.upb.h +55 -34
- data/src/core/ext/upb-generated/xds/annotations/v3/sensitive.upb.c +12 -9
- data/src/core/ext/upb-generated/xds/annotations/v3/sensitive.upb.h +31 -14
- data/src/core/ext/upb-generated/xds/annotations/v3/status.upb.c +65 -44
- data/src/core/ext/upb-generated/xds/annotations/v3/status.upb.h +137 -91
- data/src/core/ext/upb-generated/xds/annotations/v3/versioning.upb.c +23 -16
- data/src/core/ext/upb-generated/xds/annotations/v3/versioning.upb.h +45 -30
- data/src/core/ext/upb-generated/xds/core/v3/authority.upb.c +16 -9
- data/src/core/ext/upb-generated/xds/core/v3/authority.upb.h +28 -18
- data/src/core/ext/upb-generated/xds/core/v3/cidr.upb.c +21 -12
- data/src/core/ext/upb-generated/xds/core/v3/cidr.upb.h +45 -30
- data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.c +37 -22
- data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.h +96 -63
- data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.c +26 -17
- data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.h +52 -29
- data/src/core/ext/upb-generated/xds/core/v3/extension.upb.c +21 -12
- data/src/core/ext/upb-generated/xds/core/v3/extension.upb.h +45 -30
- data/src/core/ext/upb-generated/xds/core/v3/resource.upb.c +23 -14
- data/src/core/ext/upb-generated/xds/core/v3/resource.upb.h +62 -42
- data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.c +44 -25
- data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.h +169 -79
- data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.c +27 -14
- data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.h +65 -38
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.c +77 -31
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.h +203 -58
- data/src/core/ext/upb-generated/xds/service/orca/v3/orca.upb.c +21 -12
- data/src/core/ext/upb-generated/xds/service/orca/v3/orca.upb.h +89 -34
- data/src/core/ext/upb-generated/xds/type/matcher/v3/cel.upb.c +18 -11
- data/src/core/ext/upb-generated/xds/type/matcher/v3/cel.upb.h +35 -26
- data/src/core/ext/upb-generated/xds/type/matcher/v3/domain.upb.c +32 -19
- data/src/core/ext/upb-generated/xds/type/matcher/v3/domain.upb.h +150 -54
- data/src/core/ext/upb-generated/xds/type/matcher/v3/http_inputs.upb.c +10 -7
- data/src/core/ext/upb-generated/xds/type/matcher/v3/http_inputs.upb.h +18 -14
- data/src/core/ext/upb-generated/xds/type/matcher/v3/ip.upb.c +34 -21
- data/src/core/ext/upb-generated/xds/type/matcher/v3/ip.upb.h +161 -63
- data/src/core/ext/upb-generated/xds/type/matcher/v3/matcher.upb.c +162 -101
- data/src/core/ext/upb-generated/xds/type/matcher/v3/matcher.upb.h +501 -293
- data/src/core/ext/upb-generated/xds/type/matcher/v3/range.upb.c +85 -52
- data/src/core/ext/upb-generated/xds/type/matcher/v3/range.upb.h +430 -164
- data/src/core/ext/upb-generated/xds/type/matcher/v3/regex.upb.c +24 -15
- data/src/core/ext/upb-generated/xds/type/matcher/v3/regex.upb.h +53 -37
- data/src/core/ext/upb-generated/xds/type/matcher/v3/string.upb.c +40 -23
- data/src/core/ext/upb-generated/xds/type/matcher/v3/string.upb.h +161 -75
- data/src/core/ext/upb-generated/xds/type/v3/cel.upb.c +37 -22
- data/src/core/ext/upb-generated/xds/type/v3/cel.upb.h +92 -66
- data/src/core/ext/upb-generated/xds/type/v3/range.upb.c +43 -22
- data/src/core/ext/upb-generated/xds/type/v3/range.upb.h +91 -53
- data/src/core/ext/upb-generated/xds/type/v3/typed_struct.upb.c +21 -12
- data/src/core/ext/upb-generated/xds/type/v3/typed_struct.upb.h +45 -30
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/certs.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/certs.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/clusters.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/clusters.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump_shared.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump_shared.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/init_dump.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/init_dump.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/listeners.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/listeners.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/memory.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/memory.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/metrics.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/metrics.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/mutex_stats.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/mutex_stats.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/server_info.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/server_info.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/tap.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/tap.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/annotations/resource.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/annotations/resource.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +251 -248
- data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/circuit_breaker.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/circuit_breaker.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/filter.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/filter.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/config/common/matcher/v3/matcher.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/config/common/matcher/v3/matcher.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/address.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/address.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/backoff.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/backoff.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +13 -12
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.h +11 -5
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/event_service_config.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/event_service_config.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/extension.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/extension.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_method_list.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_method_list.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_service.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_service.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/http_uri.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/http_uri.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +140 -137
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +32 -16
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.h +11 -5
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/resolver.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/resolver.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/socket_option.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/socket_option.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/udp_socket_config.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/udp_socket_config.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/load_report.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/load_report.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/api_listener.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/api_listener.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +13 -10
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +21 -5
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.c +55 -46
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/metrics_service.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/metrics_service.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c +142 -120
- data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h +16 -5
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +101 -98
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/config/tap/v3/common.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/config/tap/v3/common.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/datadog.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/datadog.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/dynamic_ot.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/dynamic_ot.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/lightstep.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/lightstep.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opencensus.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opencensus.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opentelemetry.upbdefs.c +16 -19
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opentelemetry.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/service.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/service.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/skywalking.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/skywalking.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/trace.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/trace.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/xray.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/xray.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/zipkin.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/zipkin.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/stateful_session/v3/stateful_session.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/stateful_session/v3/stateful_session.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +126 -115
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/extensions/http/stateful_session/cookie/v3/cookie.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/extensions/http/stateful_session/cookie/v3/cookie.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +138 -136
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +118 -118
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.c +6 -6
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +6 -6
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +12 -13
- data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/type/http/v3/cookie.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/type/http/v3/cookie.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/type/http/v3/path_transformation.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/type/http/v3/path_transformation.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/filter_state.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/filter_state.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.c +13 -10
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.h +11 -5
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/number.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/number.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/path.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/path.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/status_code_input.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/status_code_input.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/value.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/value.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/type/metadata/v3/metadata.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/type/metadata/v3/metadata.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/type/tracing/v3/custom_tag.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/type/tracing/v3/custom_tag.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/type/v3/hash_policy.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/type/v3/hash_policy.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/type/v3/http.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/type/v3/http.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/type/v3/http_status.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/type/v3/http_status.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/type/v3/percent.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/type/v3/percent.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/type/v3/ratelimit_strategy.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/type/v3/ratelimit_strategy.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/type/v3/ratelimit_unit.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/type/v3/ratelimit_unit.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/envoy/type/v3/token_bucket.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/type/v3/token_bucket.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/google/api/http.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/google/api/http.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/google/api/httpbody.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/google/api/httpbody.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c +329 -273
- data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.h +11 -5
- data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/opencensus/proto/trace/v1/trace_config.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/opencensus/proto/trace/v1/trace_config.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/src/proto/grpc/lookup/v1/rls_config.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/src/proto/grpc/lookup/v1/rls_config.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/udpa/annotations/migrate.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/udpa/annotations/migrate.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/udpa/annotations/security.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/udpa/annotations/security.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/udpa/annotations/sensitive.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/udpa/annotations/sensitive.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/udpa/annotations/status.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/udpa/annotations/status.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/udpa/annotations/versioning.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/udpa/annotations/versioning.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/xds/annotations/v3/migrate.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/xds/annotations/v3/migrate.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/xds/annotations/v3/security.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/xds/annotations/v3/security.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/xds/annotations/v3/sensitive.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/xds/annotations/v3/sensitive.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/xds/annotations/v3/status.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/xds/annotations/v3/status.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/xds/annotations/v3/versioning.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/xds/annotations/v3/versioning.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/xds/core/v3/cidr.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/xds/core/v3/cidr.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/xds/core/v3/extension.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/xds/core/v3/extension.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/cel.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/cel.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/domain.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/domain.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/http_inputs.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/http_inputs.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/ip.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/ip.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/matcher.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/matcher.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/range.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/range.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/regex.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/regex.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/string.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/string.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/xds/type/v3/cel.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/xds/type/v3/cel.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/xds/type/v3/range.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/xds/type/v3/range.upbdefs.h +6 -5
- data/src/core/ext/upbdefs-generated/xds/type/v3/typed_struct.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/xds/type/v3/typed_struct.upbdefs.h +6 -5
- data/src/core/ext/xds/certificate_provider_store.cc +4 -4
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +7 -7
- data/src/core/ext/xds/upb_utils.h +1 -1
- data/src/core/ext/xds/xds_api.cc +34 -14
- data/src/core/ext/xds/xds_api.h +2 -2
- data/src/core/ext/xds/xds_bootstrap.cc +3 -3
- data/src/core/ext/xds/xds_bootstrap_grpc.cc +15 -15
- data/src/core/ext/xds/xds_channel_stack_modifier.cc +1 -2
- data/src/core/ext/xds/xds_client.cc +24 -3
- data/src/core/ext/xds/xds_client.h +1 -1
- data/src/core/ext/xds/xds_client_stats.cc +29 -15
- data/src/core/ext/xds/xds_client_stats.h +24 -20
- data/src/core/ext/xds/xds_cluster.cc +26 -34
- data/src/core/ext/xds/xds_cluster.h +1 -2
- data/src/core/ext/xds/xds_cluster_specifier_plugin.cc +4 -3
- data/src/core/ext/xds/xds_cluster_specifier_plugin.h +2 -2
- data/src/core/ext/xds/xds_common_types.cc +5 -4
- data/src/core/ext/xds/xds_endpoint.cc +10 -4
- data/src/core/ext/xds/xds_endpoint.h +10 -2
- data/src/core/ext/xds/xds_http_fault_filter.cc +2 -2
- data/src/core/ext/xds/xds_http_fault_filter.h +1 -1
- data/src/core/ext/xds/xds_http_filters.h +3 -2
- data/src/core/ext/xds/xds_http_rbac_filter.cc +7 -9
- data/src/core/ext/xds/xds_http_rbac_filter.h +1 -1
- data/src/core/ext/xds/xds_http_stateful_session_filter.cc +2 -2
- data/src/core/ext/xds/xds_http_stateful_session_filter.h +1 -1
- data/src/core/ext/xds/xds_lb_policy_registry.cc +17 -22
- data/src/core/ext/xds/xds_listener.cc +10 -4
- data/src/core/ext/xds/xds_listener.h +1 -1
- data/src/core/ext/xds/xds_resource_type.h +2 -2
- data/src/core/ext/xds/xds_route_config.cc +8 -5
- data/src/core/ext/xds/xds_route_config.h +1 -1
- data/src/core/ext/xds/xds_transport_grpc.cc +1 -1
- data/src/core/lib/backoff/random_early_detection.cc +31 -0
- data/src/core/lib/backoff/random_early_detection.h +59 -0
- data/src/core/lib/channel/call_finalization.h +1 -1
- data/src/core/lib/channel/call_tracer.cc +51 -0
- data/src/core/lib/channel/call_tracer.h +101 -38
- data/src/core/lib/channel/channelz.cc +5 -4
- data/src/core/lib/channel/channelz_registry.cc +7 -6
- data/src/core/lib/channel/connected_channel.cc +533 -1045
- data/src/core/lib/channel/context.h +8 -1
- data/src/core/lib/channel/promise_based_filter.cc +100 -42
- data/src/core/lib/channel/promise_based_filter.h +27 -13
- data/src/core/lib/channel/server_call_tracer_filter.cc +110 -0
- data/src/core/lib/config/config_vars.cc +151 -0
- data/src/core/lib/config/config_vars.h +127 -0
- data/src/core/lib/config/config_vars_non_generated.cc +51 -0
- data/src/core/lib/config/load_config.cc +66 -0
- data/src/core/lib/config/load_config.h +49 -0
- data/src/core/lib/debug/trace.cc +21 -13
- data/src/core/lib/debug/trace.h +12 -9
- data/src/core/lib/event_engine/event_engine.cc +37 -2
- data/src/core/lib/event_engine/handle_containers.h +7 -22
- data/src/core/lib/event_engine/memory_allocator_factory.h +47 -0
- data/src/core/lib/event_engine/posix_engine/ev_poll_posix.cc +0 -4
- data/src/core/lib/event_engine/posix_engine/event_poller_posix_default.cc +3 -9
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +48 -15
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +8 -8
- data/src/core/lib/event_engine/posix_engine/posix_engine.cc +14 -31
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +6 -3
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +33 -19
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +3 -3
- data/src/core/lib/event_engine/resolved_address.cc +2 -1
- data/src/core/lib/event_engine/shim.cc +2 -0
- data/src/core/lib/event_engine/trace.cc +1 -0
- data/src/core/lib/event_engine/trace.h +6 -0
- data/src/core/lib/event_engine/windows/win_socket.cc +0 -1
- data/src/core/lib/event_engine/windows/windows_endpoint.cc +129 -82
- data/src/core/lib/event_engine/windows/windows_endpoint.h +21 -5
- data/src/core/lib/event_engine/windows/windows_engine.cc +39 -18
- data/src/core/lib/event_engine/windows/windows_engine.h +2 -1
- data/src/core/lib/event_engine/windows/windows_listener.cc +370 -0
- data/src/core/lib/event_engine/windows/windows_listener.h +155 -0
- data/src/core/lib/experiments/config.cc +3 -10
- data/src/core/lib/experiments/experiments.cc +10 -0
- data/src/core/lib/experiments/experiments.h +12 -1
- data/src/core/lib/gpr/log.cc +15 -28
- data/src/core/lib/gpr/{time_posix.cc → posix/time.cc} +5 -0
- data/src/core/lib/gprpp/fork.cc +8 -14
- data/src/core/lib/gprpp/orphanable.h +4 -3
- data/src/core/lib/gprpp/per_cpu.h +9 -3
- data/src/core/lib/gprpp/{thd_posix.cc → posix/thd.cc} +49 -37
- data/src/core/lib/gprpp/ref_counted.h +33 -34
- data/src/core/lib/gprpp/status_helper.cc +2 -2
- data/src/core/lib/gprpp/thd.h +16 -0
- data/src/core/lib/gprpp/time.cc +1 -0
- data/src/core/lib/gprpp/time.h +4 -4
- data/src/core/lib/gprpp/validation_errors.cc +8 -3
- data/src/core/lib/gprpp/validation_errors.h +16 -9
- data/src/core/lib/gprpp/{thd_windows.cc → windows/thd.cc} +2 -2
- data/src/core/lib/iomgr/buffer_list.h +0 -1
- data/src/core/lib/iomgr/call_combiner.h +2 -2
- data/src/core/lib/iomgr/endpoint_cfstream.cc +4 -2
- data/src/core/lib/iomgr/endpoint_pair.h +2 -2
- data/src/core/lib/iomgr/endpoint_pair_posix.cc +2 -2
- data/src/core/lib/iomgr/endpoint_pair_windows.cc +1 -1
- data/src/core/lib/iomgr/ev_posix.cc +13 -53
- data/src/core/lib/iomgr/ev_posix.h +0 -3
- data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +103 -76
- data/src/core/lib/iomgr/iomgr.cc +4 -8
- data/src/core/lib/iomgr/iomgr_windows.cc +8 -2
- data/src/core/lib/iomgr/pollset_set_windows.cc +9 -9
- data/src/core/lib/iomgr/pollset_windows.cc +1 -1
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +16 -3
- data/src/core/lib/iomgr/socket_utils_posix.cc +3 -0
- data/src/core/lib/iomgr/socket_utils_posix.h +3 -0
- data/src/core/lib/iomgr/tcp_client_posix.cc +4 -0
- data/src/core/lib/iomgr/tcp_client_windows.cc +2 -2
- data/src/core/lib/iomgr/tcp_posix.cc +0 -1
- data/src/core/lib/iomgr/tcp_server_posix.cc +5 -16
- data/src/core/lib/iomgr/tcp_server_windows.cc +176 -9
- data/src/core/lib/iomgr/tcp_windows.cc +12 -8
- data/src/core/lib/iomgr/timer_generic.cc +17 -16
- data/src/core/lib/json/json.h +61 -113
- data/src/core/lib/json/json_object_loader.cc +20 -20
- data/src/core/lib/json/json_object_loader.h +8 -3
- data/src/core/lib/json/json_reader.cc +58 -38
- data/src/core/{ext/filters/client_channel/lb_call_state_internal.h → lib/json/json_reader.h} +7 -12
- data/src/core/lib/json/json_util.cc +6 -6
- data/src/core/lib/json/json_util.h +5 -4
- data/src/core/lib/json/json_writer.cc +19 -19
- data/src/core/lib/{security/security_connector/ssl_utils_config.h → json/json_writer.h} +14 -10
- data/src/core/lib/load_balancing/lb_policy.cc +9 -13
- data/src/core/lib/load_balancing/lb_policy.h +4 -2
- data/src/core/lib/load_balancing/lb_policy_registry.cc +7 -7
- data/src/core/lib/promise/activity.cc +22 -6
- data/src/core/lib/promise/activity.h +61 -24
- data/src/core/lib/promise/cancel_callback.h +77 -0
- data/src/core/lib/promise/detail/basic_seq.h +1 -1
- data/src/core/lib/promise/detail/promise_factory.h +4 -0
- data/src/core/lib/promise/for_each.h +176 -0
- data/src/core/lib/promise/if.h +9 -0
- data/src/core/lib/promise/interceptor_list.h +23 -2
- data/src/core/lib/promise/latch.h +89 -3
- data/src/core/lib/promise/loop.h +13 -9
- data/src/core/lib/promise/map.h +7 -0
- data/src/core/lib/promise/party.cc +286 -0
- data/src/core/lib/promise/party.h +499 -0
- data/src/core/lib/promise/pipe.h +204 -57
- data/src/core/lib/promise/poll.h +48 -0
- data/src/core/lib/promise/promise.h +2 -2
- data/src/core/lib/resource_quota/arena.cc +19 -3
- data/src/core/lib/resource_quota/arena.h +119 -5
- data/src/core/lib/resource_quota/memory_quota.cc +1 -1
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +47 -72
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +1 -0
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +60 -62
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +22 -21
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +28 -27
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +4 -61
- data/src/core/lib/security/credentials/jwt/json_token.cc +6 -4
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +8 -5
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +39 -38
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +27 -21
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +13 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +2 -0
- data/src/core/lib/security/security_connector/load_system_roots_supported.cc +5 -9
- data/src/core/lib/security/security_connector/ssl_utils.cc +11 -25
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +12 -0
- data/src/core/lib/security/transport/secure_endpoint.cc +4 -2
- data/src/core/lib/security/transport/server_auth_filter.cc +20 -2
- data/src/core/lib/security/util/json_util.cc +5 -5
- data/src/core/lib/service_config/service_config_impl.cc +11 -5
- data/src/core/lib/slice/slice.cc +1 -1
- data/src/core/lib/slice/slice.h +2 -0
- data/src/core/lib/surface/builtins.cc +2 -0
- data/src/core/lib/surface/call.cc +985 -1038
- data/src/core/lib/surface/call.h +11 -5
- data/src/core/lib/surface/completion_queue.cc +2 -1
- data/src/core/lib/surface/lame_client.cc +1 -0
- data/src/core/lib/surface/server.cc +47 -19
- data/src/core/lib/surface/validate_metadata.cc +43 -42
- data/src/core/lib/surface/validate_metadata.h +9 -0
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/batch_builder.cc +179 -0
- data/src/core/lib/transport/batch_builder.h +476 -0
- data/src/core/lib/transport/bdp_estimator.cc +7 -7
- data/src/core/lib/transport/bdp_estimator.h +10 -6
- data/src/core/lib/transport/custom_metadata.h +30 -0
- data/src/core/lib/transport/metadata_batch.cc +9 -6
- data/src/core/lib/transport/metadata_batch.h +124 -31
- data/src/core/lib/transport/metadata_compression_traits.h +67 -0
- data/src/core/lib/transport/parsed_metadata.h +19 -9
- data/src/core/lib/transport/simple_slice_based_metadata.h +48 -0
- data/src/core/lib/transport/timeout_encoding.cc +6 -1
- data/src/core/lib/transport/transport.cc +30 -2
- data/src/core/lib/transport/transport.h +73 -14
- data/src/core/lib/transport/transport_impl.h +7 -0
- data/src/core/lib/transport/transport_op_string.cc +52 -42
- data/src/core/plugin_registry/grpc_plugin_registry.cc +4 -6
- data/src/core/tsi/alts/frame_protector/alts_frame_protector.cc +1 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +21 -4
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +5 -0
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +1 -1
- data/src/core/tsi/ssl_transport_security.cc +4 -2
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/abseil-cpp/absl/base/config.h +1 -1
- data/third_party/abseil-cpp/absl/flags/commandlineflag.cc +34 -0
- data/third_party/abseil-cpp/absl/flags/commandlineflag.h +200 -0
- data/third_party/abseil-cpp/absl/flags/config.h +68 -0
- data/third_party/abseil-cpp/absl/flags/declare.h +73 -0
- data/third_party/abseil-cpp/absl/flags/flag.cc +38 -0
- data/third_party/abseil-cpp/absl/flags/flag.h +310 -0
- data/{src/core/lib/gprpp/global_config_custom.h → third_party/abseil-cpp/absl/flags/internal/commandlineflag.cc} +11 -14
- data/third_party/abseil-cpp/absl/flags/internal/commandlineflag.h +68 -0
- data/third_party/abseil-cpp/absl/flags/internal/flag.cc +615 -0
- data/third_party/abseil-cpp/absl/flags/internal/flag.h +800 -0
- data/third_party/abseil-cpp/absl/flags/internal/flag_msvc.inc +116 -0
- data/third_party/abseil-cpp/absl/flags/internal/path_util.h +62 -0
- data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.cc +65 -0
- data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.h +61 -0
- data/third_party/abseil-cpp/absl/flags/internal/program_name.cc +60 -0
- data/third_party/abseil-cpp/absl/flags/internal/program_name.h +50 -0
- data/third_party/abseil-cpp/absl/flags/internal/registry.h +97 -0
- data/third_party/abseil-cpp/absl/flags/internal/sequence_lock.h +187 -0
- data/third_party/abseil-cpp/absl/flags/marshalling.cc +241 -0
- data/third_party/abseil-cpp/absl/flags/marshalling.h +356 -0
- data/third_party/abseil-cpp/absl/flags/reflection.cc +354 -0
- data/third_party/abseil-cpp/absl/flags/reflection.h +90 -0
- data/third_party/abseil-cpp/absl/flags/usage_config.cc +165 -0
- data/third_party/abseil-cpp/absl/flags/usage_config.h +135 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +12 -8
- data/third_party/boringssl-with-bazel/err_data.c +728 -712
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +177 -177
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +28 -55
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_d2i_fp.c +21 -23
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_dup.c +20 -23
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.c +66 -185
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_i2d_fp.c +18 -21
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +356 -311
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +174 -194
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +146 -210
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +6 -9
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strex.c +346 -526
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +110 -131
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +130 -116
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +93 -60
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +93 -181
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +242 -305
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_par.c +41 -18
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +30 -33
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +36 -33
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +29 -26
- data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +133 -88
- data/third_party/boringssl-with-bazel/src/crypto/asn1/posix_time.c +230 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +791 -791
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +526 -526
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +114 -135
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +201 -207
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +21 -26
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +55 -68
- data/third_party/boringssl-with-bazel/src/crypto/base64/base64.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +11 -7
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio_mem.c +37 -51
- data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +15 -9
- data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +11 -8
- data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +17 -10
- data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +1 -3
- data/third_party/boringssl-with-bazel/src/crypto/bio/printf.c +0 -13
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket.c +3 -6
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +9 -5
- data/third_party/boringssl-with-bazel/src/crypto/bn_extra/convert.c +10 -23
- data/third_party/boringssl-with-bazel/src/crypto/buf/buf.c +2 -6
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/asn1_compat.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +29 -28
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbb.c +161 -201
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +254 -39
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/internal.h +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/chacha/chacha.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesctrhmac.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesgcmsiv.c +37 -75
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +8 -10
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/cipher → cipher_extra}/e_des.c +100 -78
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_null.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc2.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc4.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +6 -12
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +14 -11
- data/third_party/boringssl-with-bazel/src/crypto/conf/conf.c +6 -10
- data/third_party/boringssl-with-bazel/src/crypto/conf/conf_def.h +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/conf/internal.h +12 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_apple.c +74 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_freebsd.c +62 -0
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-fuchsia.c → cpu_aarch64_fuchsia.c} +8 -7
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-linux.c → cpu_aarch64_linux.c} +6 -4
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-win.c → cpu_aarch64_win.c} +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm.c → cpu_arm.c} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_freebsd.c +55 -0
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.c → cpu_arm_linux.c} +11 -90
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.h → cpu_arm_linux.h} +0 -38
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-intel.c → cpu_intel.c} +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/crypto.c +25 -20
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +16 -27
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +17 -32
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/des.c +232 -232
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/dh_extra/dh_asn1.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/dh_extra/params.c +232 -29
- data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +0 -3
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +39 -16
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa_asn1.c +37 -7
- data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +11 -36
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +214 -99
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +21 -5
- data/third_party/boringssl-with-bazel/src/crypto/ecdsa_extra/ecdsa_asn1.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/err/err.c +83 -60
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +46 -12
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_ctx.c +25 -23
- data/third_party/boringssl-with-bazel/src/crypto/evp/internal.h +43 -9
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_dsa_asn1.c +75 -44
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec.c +19 -25
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec_asn1.c +96 -45
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519.c +7 -8
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519_asn1.c +26 -23
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_hkdf.c +233 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa_asn1.c +42 -25
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519_asn1.c +35 -47
- data/third_party/boringssl-with-bazel/src/crypto/evp/print.c +135 -244
- data/third_party/boringssl-with-bazel/src/crypto/evp/scrypt.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/evp/sign.c +15 -10
- data/third_party/boringssl-with-bazel/src/crypto/ex_data.c +29 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +13 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +3 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/key_wrap.c +13 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +9 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +35 -27
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +16 -26
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bytes.c +88 -60
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/cmp.c +4 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/ctx.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div_extra.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +99 -113
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd_extra.c +5 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/generic.c +112 -168
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +86 -31
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +11 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery_inv.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +13 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/random.c +13 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.c +19 -108
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.h +19 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/shift.c +15 -16
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/sqrt.c +22 -21
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/aead.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +79 -19
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +102 -99
- data/third_party/boringssl-with-bazel/src/crypto/{cipher_extra → fipsmodule/cipher}/e_aesccm.c +52 -46
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/internal.h +39 -0
- data/third_party/boringssl-with-bazel/src/crypto/{cmac → fipsmodule/cmac}/cmac.c +55 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/check.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/dh.c +21 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/internal.h +56 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +5 -3
- data/third_party/boringssl-with-bazel/src/crypto/{evp → fipsmodule/digestsign}/digestsign.c +51 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +25 -25
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +91 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +34 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +54 -23
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +44 -60
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64-table.h → p256-nistz-table.h} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.c → p256-nistz.c} +60 -53
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.h → p256-nistz.h} +5 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +48 -36
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +2 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +2 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +42 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +6 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hmac/hmac.c +52 -24
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +9 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cfb.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +71 -43
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +14 -16
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/ctrdrbg.c +31 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +16 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +9 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +73 -59
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +11 -45
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +22 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/padding.c +63 -52
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +107 -62
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +58 -31
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +41 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +523 -422
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/internal.h +89 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/service_indicator.c +334 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +3 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +12 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +14 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/kdf.c +19 -6
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +32 -14
- data/third_party/boringssl-with-bazel/src/crypto/hrss/hrss.c +65 -29
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +373 -18
- data/third_party/boringssl-with-bazel/src/crypto/kyber/internal.h +91 -0
- data/third_party/boringssl-with-bazel/src/crypto/kyber/keccak.c +204 -0
- data/third_party/boringssl-with-bazel/src/crypto/kyber/kyber.c +826 -0
- data/third_party/boringssl-with-bazel/src/crypto/lhash/internal.h +13 -1
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +220 -13
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +19 -7
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +13 -1
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_all.c +81 -90
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_info.c +150 -245
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +629 -613
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_oth.c +17 -17
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +142 -149
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +99 -131
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_x509.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_xaux.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8.c +0 -3
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +36 -66
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +31 -38
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +18 -31
- data/third_party/boringssl-with-bazel/src/crypto/pool/internal.h +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +8 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +129 -5
- data/third_party/boringssl-with-bazel/src/crypto/refcount_c11.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/refcount_lock.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/siphash/siphash.c +8 -11
- data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +61 -27
- data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +10 -13
- data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +10 -13
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +66 -34
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +200 -89
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +81 -284
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +117 -52
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_digest.c +22 -24
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_sign.c +54 -55
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_verify.c +32 -34
- data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +32 -16
- data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +465 -704
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +285 -331
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +183 -178
- data/third_party/boringssl-with-bazel/src/crypto/x509/i2d_pr.c +11 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +68 -50
- data/third_party/boringssl-with-bazel/src/crypto/x509/name_print.c +153 -150
- data/third_party/boringssl-with-bazel/src/crypto/x509/policy.c +790 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +95 -102
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +72 -57
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +12 -10
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +227 -252
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509a.c +52 -47
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +230 -224
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +161 -327
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_d2.c +37 -33
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_def.c +14 -31
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +55 -85
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +528 -616
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +129 -122
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +116 -182
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +132 -132
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +186 -203
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_txt.c +64 -79
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +175 -160
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +1864 -2050
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +380 -480
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +156 -163
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +267 -263
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509rset.c +40 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.c +59 -63
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +63 -67
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +114 -144
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +25 -26
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +329 -416
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_exten.c +8 -7
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_info.c +30 -28
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +354 -370
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +37 -32
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +116 -119
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_req.c +36 -26
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_spki.c +10 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_val.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +419 -261
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +113 -105
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/ext_dat.h +11 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +78 -170
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +126 -131
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akeya.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +465 -469
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bcons.c +56 -54
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +46 -49
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +309 -346
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +341 -365
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_crld.c +429 -393
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +29 -24
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_extku.c +65 -59
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +125 -121
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +43 -42
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +122 -125
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_int.c +50 -20
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +249 -254
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ncons.c +386 -389
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ocsp.c +45 -32
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcons.c +57 -54
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pmaps.c +63 -67
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +143 -136
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +652 -691
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +83 -75
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +1063 -1145
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +8 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +28 -48
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +211 -187
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +26 -78
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +19 -14
- data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +29 -10
- data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +49 -17
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +99 -29
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +49 -60
- data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +2 -15
- data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +16 -200
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +34 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ctrdrbg.h +82 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +32 -30
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +7 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +48 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h +37 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/err.h +33 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +22 -30
- data/third_party/boringssl-with-bazel/src/include/openssl/ex_data.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/hmac.h +7 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +41 -16
- data/third_party/boringssl-with-bazel/src/include/openssl/kdf.h +91 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/kyber.h +128 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +74 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +13 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/obj.h +8 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +11 -15
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +8 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +12 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +7 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/service_indicator.h +96 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +13 -21
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +139 -75
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl3.h +1 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/stack.h +381 -287
- data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +5 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/time.h +41 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +18 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +49 -23
- data/third_party/boringssl-with-bazel/src/include/openssl/type_check.h +0 -11
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +1635 -1126
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +202 -205
- data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +6 -13
- data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +17 -18
- data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +4 -5
- data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +25 -33
- data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +34 -20
- data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +65 -34
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +198 -54
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +5 -5
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +41 -30
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +76 -44
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +147 -115
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +27 -11
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +91 -75
- data/third_party/boringssl-with-bazel/src/ssl/ssl_aead_ctx.cc +8 -10
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +47 -69
- data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +1 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +5 -9
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +30 -33
- data/third_party/boringssl-with-bazel/src/ssl/ssl_file.cc +78 -101
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +187 -107
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +164 -30
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +150 -60
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +41 -32
- data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +22 -6
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +15 -13
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +7 -44
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +7 -4
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +22 -34
- data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +16 -98
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +1241 -657
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +751 -398
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +3551 -1938
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +1272 -487
- data/third_party/upb/upb/{table_internal.h → alloc.h} +6 -6
- data/third_party/upb/upb/arena.h +4 -193
- data/third_party/upb/upb/array.h +4 -51
- data/third_party/upb/upb/base/descriptor_constants.h +104 -0
- data/third_party/upb/upb/base/log2.h +57 -0
- data/third_party/upb/upb/{status.c → base/status.c} +2 -7
- data/third_party/upb/upb/base/status.h +66 -0
- data/third_party/upb/upb/base/string_view.h +75 -0
- data/third_party/upb/upb/{array.c → collections/array.c} +67 -36
- data/third_party/upb/upb/collections/array.h +85 -0
- data/third_party/upb/upb/collections/array_internal.h +135 -0
- data/third_party/upb/upb/{map.c → collections/map.c} +53 -26
- data/third_party/upb/upb/collections/map.h +135 -0
- data/third_party/upb/upb/collections/map_gencode_util.h +78 -0
- data/third_party/upb/upb/collections/map_internal.h +170 -0
- data/third_party/upb/upb/collections/map_sorter.c +166 -0
- data/third_party/upb/upb/collections/map_sorter_internal.h +109 -0
- data/third_party/upb/upb/{message_value.h → collections/message_value.h} +12 -13
- data/third_party/upb/upb/decode.h +3 -62
- data/third_party/upb/upb/def.h +4 -384
- data/third_party/upb/upb/def.hpp +3 -411
- data/third_party/upb/upb/encode.h +3 -48
- data/third_party/upb/upb/extension_registry.h +3 -52
- data/third_party/upb/upb/{table.c → hash/common.c} +52 -110
- data/third_party/upb/upb/hash/common.h +199 -0
- data/third_party/upb/upb/hash/int_table.h +102 -0
- data/third_party/upb/upb/hash/str_table.h +161 -0
- data/third_party/upb/upb/{json_decode.c → json/decode.c} +63 -98
- data/third_party/upb/upb/json/decode.h +52 -0
- data/third_party/upb/upb/{json_encode.c → json/encode.c} +69 -45
- data/third_party/upb/upb/json/encode.h +70 -0
- data/third_party/upb/upb/json_decode.h +4 -15
- data/third_party/upb/upb/json_encode.h +4 -33
- data/third_party/upb/upb/lex/atoi.c +68 -0
- data/third_party/upb/upb/lex/atoi.h +53 -0
- data/third_party/upb/upb/{upb.c → lex/round_trip.c} +2 -11
- data/third_party/upb/upb/{internal/upb.h → lex/round_trip.h} +17 -30
- data/third_party/upb/upb/lex/strtod.c +97 -0
- data/third_party/upb/upb/lex/strtod.h +46 -0
- data/third_party/upb/upb/lex/unicode.c +57 -0
- data/third_party/upb/upb/lex/unicode.h +77 -0
- data/third_party/upb/upb/map.h +4 -85
- data/third_party/upb/upb/mem/alloc.c +47 -0
- data/third_party/upb/upb/mem/alloc.h +98 -0
- data/third_party/upb/upb/mem/arena.c +367 -0
- data/third_party/upb/upb/mem/arena.h +160 -0
- data/third_party/upb/upb/mem/arena_internal.h +114 -0
- data/third_party/upb/upb/message/accessors.c +68 -0
- data/third_party/upb/upb/message/accessors.h +379 -0
- data/third_party/upb/upb/message/accessors_internal.h +325 -0
- data/third_party/upb/upb/message/extension_internal.h +83 -0
- data/third_party/upb/upb/message/internal.h +135 -0
- data/third_party/upb/upb/message/message.c +180 -0
- data/third_party/upb/upb/message/message.h +69 -0
- data/third_party/upb/upb/mini_table/common.c +128 -0
- data/third_party/upb/upb/mini_table/common.h +170 -0
- data/third_party/upb/upb/mini_table/common_internal.h +111 -0
- data/third_party/upb/upb/{mini_table.c → mini_table/decode.c} +513 -533
- data/third_party/upb/upb/mini_table/decode.h +179 -0
- data/third_party/upb/upb/mini_table/encode.c +300 -0
- data/third_party/upb/upb/mini_table/encode_internal.h +111 -0
- data/third_party/upb/upb/{mini_table.hpp → mini_table/encode_internal.hpp} +32 -8
- data/third_party/upb/upb/mini_table/enum_internal.h +88 -0
- data/third_party/upb/upb/mini_table/extension_internal.h +47 -0
- data/third_party/upb/upb/{extension_registry.c → mini_table/extension_registry.c} +27 -24
- data/third_party/upb/upb/mini_table/extension_registry.h +104 -0
- data/third_party/upb/upb/mini_table/field_internal.h +192 -0
- data/third_party/upb/upb/mini_table/file_internal.h +47 -0
- data/third_party/upb/upb/mini_table/message_internal.h +136 -0
- data/third_party/upb/upb/mini_table/sub_internal.h +38 -0
- data/third_party/upb/upb/mini_table/types.h +40 -0
- data/third_party/upb/upb/mini_table.h +4 -157
- data/third_party/upb/upb/msg.h +3 -38
- data/third_party/upb/upb/port/atomic.h +101 -0
- data/third_party/upb/upb/{port_def.inc → port/def.inc} +94 -27
- data/third_party/upb/upb/{port_undef.inc → port/undef.inc} +13 -3
- data/third_party/upb/upb/{internal → port}/vsnprintf_compat.h +5 -7
- data/third_party/upb/upb/reflection/common.h +67 -0
- data/third_party/upb/upb/reflection/def.h +42 -0
- data/third_party/upb/upb/reflection/def.hpp +610 -0
- data/third_party/upb/upb/reflection/def_builder.c +357 -0
- data/third_party/upb/upb/reflection/def_builder_internal.h +157 -0
- data/third_party/upb/upb/reflection/def_pool.c +462 -0
- data/third_party/upb/upb/reflection/def_pool.h +108 -0
- data/third_party/upb/upb/reflection/def_pool_internal.h +77 -0
- data/third_party/upb/upb/reflection/def_type.c +50 -0
- data/third_party/upb/upb/reflection/def_type.h +81 -0
- data/third_party/upb/upb/reflection/desc_state.c +53 -0
- data/third_party/upb/upb/reflection/desc_state_internal.h +64 -0
- data/third_party/upb/upb/reflection/enum_def.c +310 -0
- data/third_party/upb/upb/reflection/enum_def.h +80 -0
- data/third_party/upb/upb/reflection/enum_def_internal.h +56 -0
- data/third_party/upb/upb/reflection/enum_reserved_range.c +84 -0
- data/third_party/upb/upb/reflection/enum_reserved_range.h +51 -0
- data/third_party/upb/upb/reflection/enum_reserved_range_internal.h +55 -0
- data/third_party/upb/upb/reflection/enum_value_def.c +144 -0
- data/third_party/upb/upb/reflection/enum_value_def.h +57 -0
- data/third_party/upb/upb/reflection/enum_value_def_internal.h +57 -0
- data/third_party/upb/upb/reflection/extension_range.c +93 -0
- data/third_party/upb/upb/reflection/extension_range.h +55 -0
- data/third_party/upb/upb/reflection/extension_range_internal.h +54 -0
- data/third_party/upb/upb/reflection/field_def.c +930 -0
- data/third_party/upb/upb/reflection/field_def.h +91 -0
- data/third_party/upb/upb/reflection/field_def_internal.h +76 -0
- data/third_party/upb/upb/reflection/file_def.c +370 -0
- data/third_party/upb/upb/reflection/file_def.h +77 -0
- data/third_party/upb/upb/reflection/file_def_internal.h +57 -0
- data/third_party/upb/upb/reflection/message.c +233 -0
- data/third_party/upb/upb/reflection/message.h +102 -0
- data/third_party/upb/upb/reflection/message.hpp +37 -0
- data/third_party/upb/upb/reflection/message_def.c +718 -0
- data/third_party/upb/upb/reflection/message_def.h +174 -0
- data/third_party/upb/upb/reflection/message_def_internal.h +63 -0
- data/third_party/upb/upb/reflection/message_reserved_range.c +81 -0
- data/third_party/upb/upb/reflection/message_reserved_range.h +51 -0
- data/third_party/upb/upb/reflection/message_reserved_range_internal.h +55 -0
- data/third_party/upb/upb/reflection/method_def.c +124 -0
- data/third_party/upb/upb/reflection/method_def.h +59 -0
- data/third_party/upb/upb/reflection/method_def_internal.h +53 -0
- data/third_party/upb/upb/reflection/oneof_def.c +226 -0
- data/third_party/upb/upb/reflection/oneof_def.h +66 -0
- data/third_party/upb/upb/reflection/oneof_def_internal.h +57 -0
- data/third_party/upb/upb/reflection/service_def.c +128 -0
- data/third_party/upb/upb/reflection/service_def.h +60 -0
- data/third_party/upb/upb/reflection/service_def_internal.h +53 -0
- data/third_party/upb/upb/reflection.h +4 -78
- data/third_party/upb/upb/reflection.hpp +3 -7
- data/third_party/upb/upb/status.h +4 -34
- data/third_party/upb/upb/{collections.h → string_view.h} +7 -7
- data/third_party/upb/upb/{text_encode.c → text/encode.c} +74 -70
- data/third_party/upb/upb/text/encode.h +69 -0
- data/third_party/upb/upb/text_encode.h +4 -32
- data/third_party/upb/upb/upb.h +6 -151
- data/third_party/upb/upb/upb.hpp +10 -18
- data/third_party/upb/upb/wire/common.h +44 -0
- data/third_party/upb/upb/wire/common_internal.h +50 -0
- data/third_party/upb/upb/wire/decode.c +1343 -0
- data/third_party/upb/upb/wire/decode.h +108 -0
- data/third_party/upb/upb/{decode_fast.c → wire/decode_fast.c} +184 -225
- data/third_party/upb/upb/{decode_fast.h → wire/decode_fast.h} +21 -7
- data/third_party/upb/upb/{internal/decode.h → wire/decode_internal.h} +44 -92
- data/third_party/upb/upb/{encode.c → wire/encode.c} +114 -95
- data/third_party/upb/upb/wire/encode.h +92 -0
- data/third_party/upb/upb/wire/eps_copy_input_stream.c +39 -0
- data/third_party/upb/upb/wire/eps_copy_input_stream.h +425 -0
- data/third_party/upb/upb/wire/reader.c +67 -0
- data/third_party/upb/upb/wire/reader.h +227 -0
- data/third_party/upb/upb/wire/swap_internal.h +63 -0
- data/third_party/upb/upb/wire/types.h +41 -0
- data/third_party/{upb/third_party/utf8_range → utf8_range}/range2-neon.c +1 -1
- data/third_party/{upb/third_party/utf8_range → utf8_range}/utf8_range.h +12 -0
- metadata +257 -107
- data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.cc +0 -30
- data/src/core/ext/transport/chttp2/transport/context_list.cc +0 -71
- data/src/core/ext/transport/chttp2/transport/context_list.h +0 -54
- data/src/core/lib/gprpp/global_config.h +0 -93
- data/src/core/lib/gprpp/global_config_env.cc +0 -140
- data/src/core/lib/gprpp/global_config_env.h +0 -133
- data/src/core/lib/gprpp/global_config_generic.h +0 -40
- data/src/core/lib/promise/intra_activity_waiter.h +0 -55
- data/src/core/lib/security/security_connector/ssl_utils_config.cc +0 -32
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +0 -195
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_print.c +0 -83
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utf8.c +0 -236
- data/third_party/boringssl-with-bazel/src/crypto/asn1/charmap.h +0 -15
- data/third_party/boringssl-with-bazel/src/crypto/asn1/time_support.c +0 -206
- data/third_party/boringssl-with-bazel/src/crypto/cpu-ppc64le.c +0 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1-altivec.c +0 -361
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_cache.c +0 -287
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +0 -132
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_lib.c +0 -155
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_map.c +0 -131
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_node.c +0 -189
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_tree.c +0 -843
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pci.c +0 -289
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcia.c +0 -57
- data/third_party/upb/upb/arena.c +0 -277
- data/third_party/upb/upb/decode.c +0 -1221
- data/third_party/upb/upb/def.c +0 -3269
- data/third_party/upb/upb/internal/table.h +0 -385
- data/third_party/upb/upb/msg.c +0 -368
- data/third_party/upb/upb/msg_internal.h +0 -837
- data/third_party/upb/upb/reflection.c +0 -323
- /data/src/core/lib/gpr/{log_android.cc → android/log.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_iphone.cc → iphone/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_linux.cc → linux/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{log_linux.cc → linux/log.cc} +0 -0
- /data/src/core/lib/gpr/{tmpfile_msys.cc → msys/tmpfile.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_posix.cc → posix/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{log_posix.cc → posix/log.cc} +0 -0
- /data/src/core/lib/gpr/{string_posix.cc → posix/string.cc} +0 -0
- /data/src/core/lib/gpr/{sync_posix.cc → posix/sync.cc} +0 -0
- /data/src/core/lib/gpr/{tmpfile_posix.cc → posix/tmpfile.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_windows.cc → windows/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{log_windows.cc → windows/log.cc} +0 -0
- /data/src/core/lib/gpr/{string_windows.cc → windows/string.cc} +0 -0
- /data/src/core/lib/gpr/{string_util_windows.cc → windows/string_util.cc} +0 -0
- /data/src/core/lib/gpr/{sync_windows.cc → windows/sync.cc} +0 -0
- /data/src/core/lib/gpr/{time_windows.cc → windows/time.cc} +0 -0
- /data/src/core/lib/gpr/{tmpfile_windows.cc → windows/tmpfile.cc} +0 -0
- /data/src/core/lib/gprpp/{env_linux.cc → linux/env.cc} +0 -0
- /data/src/core/lib/gprpp/{env_posix.cc → posix/env.cc} +0 -0
- /data/src/core/lib/gprpp/{stat_posix.cc → posix/stat.cc} +0 -0
- /data/src/core/lib/gprpp/{env_windows.cc → windows/env.cc} +0 -0
- /data/src/core/lib/gprpp/{stat_windows.cc → windows/stat.cc} +0 -0
- /data/third_party/{upb/third_party/utf8_range → utf8_range}/naive.c +0 -0
- /data/third_party/{upb/third_party/utf8_range → utf8_range}/range2-sse.c +0 -0
@@ -60,8 +60,8 @@
|
|
60
60
|
* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
|
61
61
|
*/
|
62
62
|
|
63
|
-
#ifndef
|
64
|
-
#define
|
63
|
+
#ifndef OPENSSL_HEADER_X509_H
|
64
|
+
#define OPENSSL_HEADER_X509_H
|
65
65
|
|
66
66
|
#include <openssl/asn1.h>
|
67
67
|
#include <openssl/base.h>
|
@@ -90,379 +90,427 @@ extern "C" {
|
|
90
90
|
// Legacy X.509 library.
|
91
91
|
//
|
92
92
|
// This header is part of OpenSSL's X.509 implementation. It is retained for
|
93
|
-
// compatibility but
|
94
|
-
//
|
93
|
+
// compatibility but should not be used by new code. The functions are difficult
|
94
|
+
// to use correctly, and have buggy or non-standard behaviors. They are thus
|
95
|
+
// particularly prone to behavior changes and API removals, as BoringSSL
|
96
|
+
// iterates on these issues.
|
97
|
+
//
|
98
|
+
// In the future, a replacement library will be available. Meanwhile, minimize
|
95
99
|
// dependencies on this header where possible.
|
100
|
+
//
|
101
|
+
// TODO(https://crbug.com/boringssl/426): Documentation for this library is
|
102
|
+
// still in progress. Some functions have not yet been documented, and some
|
103
|
+
// functions have not yet been grouped into sections.
|
96
104
|
|
97
105
|
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
#define X509v3_KU_DECIPHER_ONLY 0x8000
|
111
|
-
#define X509v3_KU_UNDEF 0xffff
|
106
|
+
// Certificates.
|
107
|
+
//
|
108
|
+
// An |X509| object represents an X.509 certificate, defined in RFC 5280.
|
109
|
+
//
|
110
|
+
// Although an |X509| is a mutable object, mutating an |X509| can give incorrect
|
111
|
+
// results. Callers typically obtain |X509|s by parsing some input with
|
112
|
+
// |d2i_X509|, etc. Such objects carry information such as the serialized
|
113
|
+
// TBSCertificate and decoded extensions, which will become inconsistent when
|
114
|
+
// mutated.
|
115
|
+
//
|
116
|
+
// Instead, mutation functions should only be used when issuing new
|
117
|
+
// certificates, as described in a later section.
|
112
118
|
|
113
|
-
|
114
|
-
ASN1_OBJECT *algorithm;
|
115
|
-
ASN1_TYPE *parameter;
|
116
|
-
} /* X509_ALGOR */;
|
119
|
+
DEFINE_STACK_OF(X509)
|
117
120
|
|
118
|
-
|
121
|
+
// X509 is an |ASN1_ITEM| whose ASN.1 type is X.509 Certificate (RFC 5280) and C
|
122
|
+
// type is |X509*|.
|
123
|
+
DECLARE_ASN1_ITEM(X509)
|
119
124
|
|
120
|
-
|
125
|
+
// X509_up_ref adds one to the reference count of |x509| and returns one.
|
126
|
+
OPENSSL_EXPORT int X509_up_ref(X509 *x509);
|
121
127
|
|
122
|
-
|
128
|
+
// X509_chain_up_ref returns a newly-allocated |STACK_OF(X509)| containing a
|
129
|
+
// shallow copy of |chain|, or NULL on error. That is, the return value has the
|
130
|
+
// same contents as |chain|, and each |X509|'s reference count is incremented by
|
131
|
+
// one.
|
132
|
+
OPENSSL_EXPORT STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
|
123
133
|
|
124
|
-
|
134
|
+
// X509_dup returns a newly-allocated copy of |x509|, or NULL on error. This
|
135
|
+
// function works by serializing the structure, so auxiliary properties (see
|
136
|
+
// |i2d_X509_AUX|) are not preserved. Additionally, if |x509| is incomplete,
|
137
|
+
// this function may fail.
|
138
|
+
//
|
139
|
+
// TODO(https://crbug.com/boringssl/407): This function should be const and
|
140
|
+
// thread-safe but is currently neither in some cases, notably if |crl| was
|
141
|
+
// mutated.
|
142
|
+
OPENSSL_EXPORT X509 *X509_dup(X509 *x509);
|
125
143
|
|
126
|
-
|
144
|
+
// X509_free decrements |x509|'s reference count and, if zero, releases memory
|
145
|
+
// associated with |x509|.
|
146
|
+
OPENSSL_EXPORT void X509_free(X509 *x509);
|
127
147
|
|
128
|
-
|
148
|
+
// d2i_X509 parses up to |len| bytes from |*inp| as a DER-encoded X.509
|
149
|
+
// Certificate (RFC 5280), as described in |d2i_SAMPLE|.
|
150
|
+
OPENSSL_EXPORT X509 *d2i_X509(X509 **out, const uint8_t **inp, long len);
|
129
151
|
|
130
|
-
|
152
|
+
// X509_parse_from_buffer parses an X.509 structure from |buf| and returns a
|
153
|
+
// fresh X509 or NULL on error. There must not be any trailing data in |buf|.
|
154
|
+
// The returned structure (if any) holds a reference to |buf| rather than
|
155
|
+
// copying parts of it as a normal |d2i_X509| call would do.
|
156
|
+
OPENSSL_EXPORT X509 *X509_parse_from_buffer(CRYPTO_BUFFER *buf);
|
131
157
|
|
132
|
-
|
158
|
+
// i2d_X509 marshals |x509| as a DER-encoded X.509 Certificate (RFC 5280), as
|
159
|
+
// described in |i2d_SAMPLE|.
|
160
|
+
//
|
161
|
+
// TODO(https://crbug.com/boringssl/407): This function should be const and
|
162
|
+
// thread-safe but is currently neither in some cases, notably if |x509| was
|
163
|
+
// mutated.
|
164
|
+
OPENSSL_EXPORT int i2d_X509(X509 *x509, uint8_t **outp);
|
133
165
|
|
134
|
-
//
|
135
|
-
//
|
136
|
-
|
137
|
-
|
166
|
+
// X509_VERSION_* are X.509 version numbers. Note the numerical values of all
|
167
|
+
// defined X.509 versions are one less than the named version.
|
168
|
+
#define X509_VERSION_1 0
|
169
|
+
#define X509_VERSION_2 1
|
170
|
+
#define X509_VERSION_3 2
|
138
171
|
|
139
|
-
|
140
|
-
|
172
|
+
// X509_get_version returns the numerical value of |x509|'s version, which will
|
173
|
+
// be one of the |X509_VERSION_*| constants.
|
174
|
+
OPENSSL_EXPORT long X509_get_version(const X509 *x509);
|
141
175
|
|
142
|
-
|
176
|
+
// X509_get0_serialNumber returns |x509|'s serial number.
|
177
|
+
OPENSSL_EXPORT const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x509);
|
143
178
|
|
144
|
-
//
|
179
|
+
// X509_get0_notBefore returns |x509|'s notBefore time.
|
180
|
+
OPENSSL_EXPORT const ASN1_TIME *X509_get0_notBefore(const X509 *x509);
|
145
181
|
|
146
|
-
|
147
|
-
|
148
|
-
int flags;
|
149
|
-
int (*check_trust)(struct x509_trust_st *, X509 *, int);
|
150
|
-
char *name;
|
151
|
-
int arg1;
|
152
|
-
void *arg2;
|
153
|
-
} /* X509_TRUST */;
|
182
|
+
// X509_get0_notAfter returns |x509|'s notAfter time.
|
183
|
+
OPENSSL_EXPORT const ASN1_TIME *X509_get0_notAfter(const X509 *x509);
|
154
184
|
|
155
|
-
|
185
|
+
// X509_get_issuer_name returns |x509|'s issuer.
|
186
|
+
OPENSSL_EXPORT X509_NAME *X509_get_issuer_name(const X509 *x509);
|
156
187
|
|
157
|
-
//
|
188
|
+
// X509_get_subject_name returns |x509|'s subject.
|
189
|
+
OPENSSL_EXPORT X509_NAME *X509_get_subject_name(const X509 *x509);
|
158
190
|
|
159
|
-
|
191
|
+
// X509_get_X509_PUBKEY returns the public key of |x509|. Note this function is
|
192
|
+
// not const-correct for legacy reasons. Callers should not modify the returned
|
193
|
+
// object.
|
194
|
+
OPENSSL_EXPORT X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x509);
|
160
195
|
|
161
|
-
|
162
|
-
|
163
|
-
|
164
|
-
|
165
|
-
|
166
|
-
#define X509_TRUST_OCSP_SIGN 6
|
167
|
-
#define X509_TRUST_OCSP_REQUEST 7
|
168
|
-
#define X509_TRUST_TSA 8
|
196
|
+
// X509_get_pubkey returns |x509|'s public key as an |EVP_PKEY|, or NULL if the
|
197
|
+
// public key was unsupported or could not be decoded. This function returns a
|
198
|
+
// reference to the |EVP_PKEY|. The caller must release the result with
|
199
|
+
// |EVP_PKEY_free| when done.
|
200
|
+
OPENSSL_EXPORT EVP_PKEY *X509_get_pubkey(X509 *x509);
|
169
201
|
|
170
|
-
//
|
171
|
-
|
172
|
-
|
202
|
+
// X509_get0_pubkey_bitstr returns the BIT STRING portion of |x509|'s public
|
203
|
+
// key. Note this does not contain the AlgorithmIdentifier portion.
|
204
|
+
//
|
205
|
+
// WARNING: This function returns a non-const pointer for OpenSSL compatibility,
|
206
|
+
// but the caller must not modify the resulting object. Doing so will break
|
207
|
+
// internal invariants in |x509|.
|
208
|
+
OPENSSL_EXPORT ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x509);
|
173
209
|
|
210
|
+
// X509_get0_uids sets |*out_issuer_uid| to a non-owning pointer to the
|
211
|
+
// issuerUID field of |x509|, or NULL if |x509| has no issuerUID. It similarly
|
212
|
+
// outputs |x509|'s subjectUID field to |*out_subject_uid|.
|
213
|
+
//
|
214
|
+
// Callers may pass NULL to either |out_issuer_uid| or |out_subject_uid| to
|
215
|
+
// ignore the corresponding field.
|
216
|
+
OPENSSL_EXPORT void X509_get0_uids(const X509 *x509,
|
217
|
+
const ASN1_BIT_STRING **out_issuer_uid,
|
218
|
+
const ASN1_BIT_STRING **out_subject_uid);
|
174
219
|
|
175
|
-
//
|
176
|
-
|
177
|
-
|
220
|
+
// X509_get0_extensions returns |x509|'s extension list, or NULL if |x509| omits
|
221
|
+
// it.
|
222
|
+
OPENSSL_EXPORT const STACK_OF(X509_EXTENSION) *X509_get0_extensions(
|
223
|
+
const X509 *x509);
|
178
224
|
|
179
|
-
//
|
225
|
+
// X509_get_ext_count returns the number of extensions in |x|.
|
226
|
+
OPENSSL_EXPORT int X509_get_ext_count(const X509 *x);
|
180
227
|
|
181
|
-
|
182
|
-
|
183
|
-
|
228
|
+
// X509_get_ext_by_NID behaves like |X509v3_get_ext_by_NID| but searches for
|
229
|
+
// extensions in |x|.
|
230
|
+
OPENSSL_EXPORT int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos);
|
184
231
|
|
185
|
-
//
|
232
|
+
// X509_get_ext_by_OBJ behaves like |X509v3_get_ext_by_OBJ| but searches for
|
233
|
+
// extensions in |x|.
|
234
|
+
OPENSSL_EXPORT int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj,
|
235
|
+
int lastpos);
|
186
236
|
|
187
|
-
|
188
|
-
|
189
|
-
|
190
|
-
|
191
|
-
#define X509_FLAG_NO_SIGNAME (1L << 3)
|
192
|
-
#define X509_FLAG_NO_ISSUER (1L << 4)
|
193
|
-
#define X509_FLAG_NO_VALIDITY (1L << 5)
|
194
|
-
#define X509_FLAG_NO_SUBJECT (1L << 6)
|
195
|
-
#define X509_FLAG_NO_PUBKEY (1L << 7)
|
196
|
-
#define X509_FLAG_NO_EXTENSIONS (1L << 8)
|
197
|
-
#define X509_FLAG_NO_SIGDUMP (1L << 9)
|
198
|
-
#define X509_FLAG_NO_AUX (1L << 10)
|
199
|
-
#define X509_FLAG_NO_ATTRIBUTES (1L << 11)
|
200
|
-
#define X509_FLAG_NO_IDS (1L << 12)
|
237
|
+
// X509_get_ext_by_critical behaves like |X509v3_get_ext_by_critical| but
|
238
|
+
// searches for extensions in |x|.
|
239
|
+
OPENSSL_EXPORT int X509_get_ext_by_critical(const X509 *x, int crit,
|
240
|
+
int lastpos);
|
201
241
|
|
202
|
-
//
|
242
|
+
// X509_get_ext returns the extension in |x| at index |loc|, or NULL if |loc| is
|
243
|
+
// out of bounds. This function returns a non-const pointer for OpenSSL
|
244
|
+
// compatibility, but callers should not mutate the result.
|
245
|
+
OPENSSL_EXPORT X509_EXTENSION *X509_get_ext(const X509 *x, int loc);
|
203
246
|
|
204
|
-
//
|
247
|
+
// X509_get0_tbs_sigalg returns the signature algorithm in |x509|'s
|
248
|
+
// TBSCertificate. For the outer signature algorithm, see |X509_get0_signature|.
|
249
|
+
//
|
250
|
+
// Certificates with mismatched signature algorithms will successfully parse,
|
251
|
+
// but they will be rejected when verifying.
|
252
|
+
OPENSSL_EXPORT const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x509);
|
205
253
|
|
206
|
-
|
254
|
+
// X509_get0_signature sets |*out_sig| and |*out_alg| to the signature and
|
255
|
+
// signature algorithm of |x509|, respectively. Either output pointer may be
|
256
|
+
// NULL to ignore the value.
|
257
|
+
//
|
258
|
+
// This function outputs the outer signature algorithm. For the one in the
|
259
|
+
// TBSCertificate, see |X509_get0_tbs_sigalg|. Certificates with mismatched
|
260
|
+
// signature algorithms will successfully parse, but they will be rejected when
|
261
|
+
// verifying.
|
262
|
+
OPENSSL_EXPORT void X509_get0_signature(const ASN1_BIT_STRING **out_sig,
|
263
|
+
const X509_ALGOR **out_alg,
|
264
|
+
const X509 *x509);
|
207
265
|
|
208
|
-
|
209
|
-
|
210
|
-
|
211
|
-
|
212
|
-
#define XN_FLAG_SEP_MULTILINE (4 << 16) // One line per field
|
266
|
+
// X509_get_signature_nid returns the NID corresponding to |x509|'s signature
|
267
|
+
// algorithm, or |NID_undef| if the signature algorithm does not correspond to
|
268
|
+
// a known NID.
|
269
|
+
OPENSSL_EXPORT int X509_get_signature_nid(const X509 *x509);
|
213
270
|
|
214
|
-
|
271
|
+
// i2d_X509_tbs serializes the TBSCertificate portion of |x509|, as described in
|
272
|
+
// |i2d_SAMPLE|.
|
273
|
+
//
|
274
|
+
// This function preserves the original encoding of the TBSCertificate and may
|
275
|
+
// not reflect modifications made to |x509|. It may be used to manually verify
|
276
|
+
// the signature of an existing certificate. To generate certificates, use
|
277
|
+
// |i2d_re_X509_tbs| instead.
|
278
|
+
OPENSSL_EXPORT int i2d_X509_tbs(X509 *x509, unsigned char **outp);
|
215
279
|
|
216
|
-
// How the field name is shown
|
217
280
|
|
218
|
-
|
281
|
+
// Issuing certificates.
|
282
|
+
//
|
283
|
+
// An |X509| object may also represent an incomplete certificate. Callers may
|
284
|
+
// construct empty |X509| objects, fill in fields individually, and finally sign
|
285
|
+
// the result. The following functions may be used for this purpose.
|
219
286
|
|
220
|
-
|
221
|
-
|
222
|
-
|
223
|
-
|
287
|
+
// X509_new returns a newly-allocated, empty |X509| object, or NULL on error.
|
288
|
+
// This produces an incomplete certificate which may be filled in to issue a new
|
289
|
+
// certificate.
|
290
|
+
OPENSSL_EXPORT X509 *X509_new(void);
|
224
291
|
|
225
|
-
|
292
|
+
// X509_set_version sets |x509|'s version to |version|, which should be one of
|
293
|
+
// the |X509V_VERSION_*| constants. It returns one on success and zero on error.
|
294
|
+
//
|
295
|
+
// If unsure, use |X509_VERSION_3|.
|
296
|
+
OPENSSL_EXPORT int X509_set_version(X509 *x509, long version);
|
226
297
|
|
227
|
-
//
|
228
|
-
//
|
298
|
+
// X509_set_serialNumber sets |x509|'s serial number to |serial|. It returns one
|
299
|
+
// on success and zero on error.
|
300
|
+
OPENSSL_EXPORT int X509_set_serialNumber(X509 *x509,
|
301
|
+
const ASN1_INTEGER *serial);
|
229
302
|
|
230
|
-
|
303
|
+
// X509_set1_notBefore sets |x509|'s notBefore time to |tm|. It returns one on
|
304
|
+
// success and zero on error.
|
305
|
+
OPENSSL_EXPORT int X509_set1_notBefore(X509 *x509, const ASN1_TIME *tm);
|
231
306
|
|
232
|
-
|
307
|
+
// X509_set1_notAfter sets |x509|'s notAfter time to |tm|. it returns one on
|
308
|
+
// success and zero on error.
|
309
|
+
OPENSSL_EXPORT int X509_set1_notAfter(X509 *x509, const ASN1_TIME *tm);
|
233
310
|
|
234
|
-
//
|
311
|
+
// X509_getm_notBefore returns a mutable pointer to |x509|'s notBefore time.
|
312
|
+
OPENSSL_EXPORT ASN1_TIME *X509_getm_notBefore(X509 *x509);
|
235
313
|
|
236
|
-
|
237
|
-
|
238
|
-
XN_FLAG_FN_SN | XN_FLAG_DUMP_UNKNOWN_FIELDS)
|
314
|
+
// X509_getm_notAfter returns a mutable pointer to |x509|'s notAfter time.
|
315
|
+
OPENSSL_EXPORT ASN1_TIME *X509_getm_notAfter(X509 *x);
|
239
316
|
|
240
|
-
//
|
317
|
+
// X509_set_issuer_name sets |x509|'s issuer to a copy of |name|. It returns one
|
318
|
+
// on success and zero on error.
|
319
|
+
OPENSSL_EXPORT int X509_set_issuer_name(X509 *x509, X509_NAME *name);
|
241
320
|
|
242
|
-
|
243
|
-
|
244
|
-
|
321
|
+
// X509_set_subject_name sets |x509|'s subject to a copy of |name|. It returns
|
322
|
+
// one on success and zero on error.
|
323
|
+
OPENSSL_EXPORT int X509_set_subject_name(X509 *x509, X509_NAME *name);
|
245
324
|
|
246
|
-
//
|
325
|
+
// X509_set_pubkey sets |x509|'s public key to |pkey|. It returns one on success
|
326
|
+
// and zero on error. This function does not take ownership of |pkey| and
|
327
|
+
// internally copies and updates reference counts as needed.
|
328
|
+
OPENSSL_EXPORT int X509_set_pubkey(X509 *x509, EVP_PKEY *pkey);
|
247
329
|
|
248
|
-
|
249
|
-
|
250
|
-
|
330
|
+
// X509_delete_ext removes the extension in |x| at index |loc| and returns the
|
331
|
+
// removed extension, or NULL if |loc| was out of bounds. If non-NULL, the
|
332
|
+
// caller must release the result with |X509_EXTENSION_free|.
|
333
|
+
OPENSSL_EXPORT X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
|
251
334
|
|
252
|
-
|
253
|
-
|
254
|
-
|
255
|
-
|
256
|
-
|
257
|
-
|
258
|
-
|
259
|
-
|
260
|
-
int sequence; // load sequence
|
261
|
-
};
|
335
|
+
// X509_add_ext adds a copy of |ex| to |x|. It returns one on success and zero
|
336
|
+
// on failure. The caller retains ownership of |ex| and can release it
|
337
|
+
// independently of |x|.
|
338
|
+
//
|
339
|
+
// The new extension is inserted at index |loc|, shifting extensions to the
|
340
|
+
// right. If |loc| is -1 or out of bounds, the new extension is appended to the
|
341
|
+
// list.
|
342
|
+
OPENSSL_EXPORT int X509_add_ext(X509 *x, const X509_EXTENSION *ex, int loc);
|
262
343
|
|
263
|
-
|
264
|
-
|
265
|
-
|
266
|
-
|
267
|
-
|
268
|
-
|
269
|
-
struct private_key_st {
|
270
|
-
int version;
|
271
|
-
// The PKCS#8 data types
|
272
|
-
X509_ALGOR *enc_algor;
|
273
|
-
ASN1_OCTET_STRING *enc_pkey; // encrypted pub key
|
274
|
-
|
275
|
-
// When decrypted, the following will not be NULL
|
276
|
-
EVP_PKEY *dec_pkey;
|
277
|
-
|
278
|
-
// used to encrypt and decrypt
|
279
|
-
int key_length;
|
280
|
-
char *key_data;
|
281
|
-
int key_free; // true if we should auto free key_data
|
282
|
-
|
283
|
-
// expanded version of 'enc_algor'
|
284
|
-
EVP_CIPHER_INFO cipher;
|
285
|
-
} /* X509_PKEY */;
|
286
|
-
|
287
|
-
struct X509_info_st {
|
288
|
-
X509 *x509;
|
289
|
-
X509_CRL *crl;
|
290
|
-
X509_PKEY *x_pkey;
|
291
|
-
|
292
|
-
EVP_CIPHER_INFO enc_cipher;
|
293
|
-
int enc_len;
|
294
|
-
char *enc_data;
|
295
|
-
|
296
|
-
} /* X509_INFO */;
|
297
|
-
|
298
|
-
DEFINE_STACK_OF(X509_INFO)
|
299
|
-
|
300
|
-
// The next 2 structures and their 8 routines were sent to me by
|
301
|
-
// Pat Richard <patr@x509.com> and are used to manipulate
|
302
|
-
// Netscapes spki structures - useful if you are writing a CA web page
|
303
|
-
struct Netscape_spkac_st {
|
304
|
-
X509_PUBKEY *pubkey;
|
305
|
-
ASN1_IA5STRING *challenge; // challenge sent in atlas >= PR2
|
306
|
-
} /* NETSCAPE_SPKAC */;
|
307
|
-
|
308
|
-
struct Netscape_spki_st {
|
309
|
-
NETSCAPE_SPKAC *spkac; // signed public key and challenge
|
310
|
-
X509_ALGOR *sig_algor;
|
311
|
-
ASN1_BIT_STRING *signature;
|
312
|
-
} /* NETSCAPE_SPKI */;
|
313
|
-
|
314
|
-
// TODO(davidben): Document remaining functions, reorganize them, and define
|
315
|
-
// supported patterns for using |X509| objects in general. In particular, when
|
316
|
-
// it is safe to call mutating functions is a little tricky due to various
|
317
|
-
// internal caches.
|
318
|
-
|
319
|
-
// X509_VERSION_* are X.509 version numbers. Note the numerical values of all
|
320
|
-
// defined X.509 versions are one less than the named version.
|
321
|
-
#define X509_VERSION_1 0
|
322
|
-
#define X509_VERSION_2 1
|
323
|
-
#define X509_VERSION_3 2
|
344
|
+
// X509_sign signs |x509| with |pkey| and replaces the signature algorithm and
|
345
|
+
// signature fields. It returns one on success and zero on error. This function
|
346
|
+
// uses digest algorithm |md|, or |pkey|'s default if NULL. Other signing
|
347
|
+
// parameters use |pkey|'s defaults. To customize them, use |X509_sign_ctx|.
|
348
|
+
OPENSSL_EXPORT int X509_sign(X509 *x509, EVP_PKEY *pkey, const EVP_MD *md);
|
324
349
|
|
325
|
-
//
|
326
|
-
//
|
327
|
-
//
|
328
|
-
//
|
329
|
-
//
|
330
|
-
OPENSSL_EXPORT
|
350
|
+
// X509_sign_ctx signs |x509| with |ctx| and replaces the signature algorithm
|
351
|
+
// and signature fields. It returns one on success and zero on error. The
|
352
|
+
// signature algorithm and parameters come from |ctx|, which must have been
|
353
|
+
// initialized with |EVP_DigestSignInit|. The caller should configure the
|
354
|
+
// corresponding |EVP_PKEY_CTX| before calling this function.
|
355
|
+
OPENSSL_EXPORT int X509_sign_ctx(X509 *x509, EVP_MD_CTX *ctx);
|
331
356
|
|
332
|
-
//
|
333
|
-
//
|
357
|
+
// i2d_re_X509_tbs serializes the TBSCertificate portion of |x509|, as described
|
358
|
+
// in |i2d_SAMPLE|.
|
334
359
|
//
|
335
|
-
//
|
336
|
-
|
337
|
-
|
338
|
-
|
339
|
-
OPENSSL_EXPORT const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x509);
|
340
|
-
|
341
|
-
// X509_set_serialNumber sets |x509|'s serial number to |serial|. It returns one
|
342
|
-
// on success and zero on error.
|
343
|
-
OPENSSL_EXPORT int X509_set_serialNumber(X509 *x509,
|
344
|
-
const ASN1_INTEGER *serial);
|
345
|
-
|
346
|
-
// X509_get0_notBefore returns |x509|'s notBefore time.
|
347
|
-
OPENSSL_EXPORT const ASN1_TIME *X509_get0_notBefore(const X509 *x509);
|
348
|
-
|
349
|
-
// X509_get0_notAfter returns |x509|'s notAfter time.
|
350
|
-
OPENSSL_EXPORT const ASN1_TIME *X509_get0_notAfter(const X509 *x509);
|
351
|
-
|
352
|
-
// X509_set1_notBefore sets |x509|'s notBefore time to |tm|. It returns one on
|
353
|
-
// success and zero on error.
|
354
|
-
OPENSSL_EXPORT int X509_set1_notBefore(X509 *x509, const ASN1_TIME *tm);
|
355
|
-
|
356
|
-
// X509_set1_notAfter sets |x509|'s notAfter time to |tm|. it returns one on
|
357
|
-
// success and zero on error.
|
358
|
-
OPENSSL_EXPORT int X509_set1_notAfter(X509 *x509, const ASN1_TIME *tm);
|
360
|
+
// This function re-encodes the TBSCertificate and may not reflect |x509|'s
|
361
|
+
// original encoding. It may be used to manually generate a signature for a new
|
362
|
+
// certificate. To verify certificates, use |i2d_X509_tbs| instead.
|
363
|
+
OPENSSL_EXPORT int i2d_re_X509_tbs(X509 *x509, unsigned char **outp);
|
359
364
|
|
360
|
-
//
|
361
|
-
|
365
|
+
// X509_set1_signature_algo sets |x509|'s signature algorithm to |algo| and
|
366
|
+
// returns one on success or zero on error. It updates both the signature field
|
367
|
+
// of the TBSCertificate structure, and the signatureAlgorithm field of the
|
368
|
+
// Certificate.
|
369
|
+
OPENSSL_EXPORT int X509_set1_signature_algo(X509 *x509, const X509_ALGOR *algo);
|
362
370
|
|
363
|
-
//
|
364
|
-
|
371
|
+
// X509_set1_signature_value sets |x509|'s signature to a copy of the |sig_len|
|
372
|
+
// bytes pointed by |sig|. It returns one on success and zero on error.
|
373
|
+
//
|
374
|
+
// Due to a specification error, X.509 certificates store signatures in ASN.1
|
375
|
+
// BIT STRINGs, but signature algorithms return byte strings rather than bit
|
376
|
+
// strings. This function creates a BIT STRING containing a whole number of
|
377
|
+
// bytes, with the bit order matching the DER encoding. This matches the
|
378
|
+
// encoding used by all X.509 signature algorithms.
|
379
|
+
OPENSSL_EXPORT int X509_set1_signature_value(X509 *x509, const uint8_t *sig,
|
380
|
+
size_t sig_len);
|
365
381
|
|
366
|
-
// X509_get_notBefore returns |x509|'s notBefore time. Note this function is not
|
367
|
-
// const-correct for legacy reasons. Use |X509_get0_notBefore| or
|
368
|
-
// |X509_getm_notBefore| instead.
|
369
|
-
OPENSSL_EXPORT ASN1_TIME *X509_get_notBefore(const X509 *x509);
|
370
382
|
|
371
|
-
//
|
372
|
-
//
|
373
|
-
// |
|
374
|
-
|
383
|
+
// Auxiliary certificate properties.
|
384
|
+
//
|
385
|
+
// |X509| objects optionally maintain auxiliary properties. These are not part
|
386
|
+
// of the certificates themselves, and thus are not covered by signatures or
|
387
|
+
// preserved by the standard serialization. They are used as inputs or outputs
|
388
|
+
// to other functions in this library.
|
389
|
+
|
390
|
+
// i2d_X509_AUX marshals |x509| as a DER-encoded X.509 Certificate (RFC 5280),
|
391
|
+
// followed optionally by a separate, OpenSSL-specific structure with auxiliary
|
392
|
+
// properties. It behaves as described in |i2d_SAMPLE|.
|
393
|
+
//
|
394
|
+
// Unlike similarly-named functions, this function does not output a single
|
395
|
+
// ASN.1 element. Directly embedding the output in a larger ASN.1 structure will
|
396
|
+
// not behave correctly.
|
397
|
+
OPENSSL_EXPORT int i2d_X509_AUX(X509 *x509, unsigned char **outp);
|
398
|
+
|
399
|
+
// d2i_X509_AUX parses up to |length| bytes from |*inp| as a DER-encoded X.509
|
400
|
+
// Certificate (RFC 5280), followed optionally by a separate, OpenSSL-specific
|
401
|
+
// structure with auxiliary properties. It behaves as described in |d2i_SAMPLE|.
|
402
|
+
//
|
403
|
+
// Some auxiliary properties affect trust decisions, so this function should not
|
404
|
+
// be used with untrusted input.
|
405
|
+
//
|
406
|
+
// Unlike similarly-named functions, this function does not parse a single
|
407
|
+
// ASN.1 element. Trying to parse data directly embedded in a larger ASN.1
|
408
|
+
// structure will not behave correctly.
|
409
|
+
OPENSSL_EXPORT X509 *d2i_X509_AUX(X509 **x509, const unsigned char **inp,
|
410
|
+
long length);
|
375
411
|
|
376
|
-
//
|
377
|
-
// instead.
|
378
|
-
|
412
|
+
// X509_alias_set1 sets |x509|'s alias to |len| bytes from |name|. If |name| is
|
413
|
+
// NULL, the alias is cleared instead. Aliases are not part of the certificate
|
414
|
+
// itself and will not be serialized by |i2d_X509|.
|
415
|
+
OPENSSL_EXPORT int X509_alias_set1(X509 *x509, const unsigned char *name,
|
416
|
+
int len);
|
417
|
+
|
418
|
+
// X509_keyid_set1 sets |x509|'s key ID to |len| bytes from |id|. If |id| is
|
419
|
+
// NULL, the key ID is cleared instead. Key IDs are not part of the certificate
|
420
|
+
// itself and will not be serialized by |i2d_X509|.
|
421
|
+
OPENSSL_EXPORT int X509_keyid_set1(X509 *x509, const unsigned char *id,
|
422
|
+
int len);
|
423
|
+
|
424
|
+
// X509_alias_get0 looks up |x509|'s alias. If found, it sets |*out_len| to the
|
425
|
+
// alias's length and returns a pointer to a buffer containing the contents. If
|
426
|
+
// not found, it outputs the empty string by returning NULL and setting
|
427
|
+
// |*out_len| to zero.
|
428
|
+
//
|
429
|
+
// If |x509| was parsed from a PKCS#12 structure (see
|
430
|
+
// |PKCS12_get_key_and_certs|), the alias will reflect the friendlyName
|
431
|
+
// attribute (RFC 2985).
|
432
|
+
//
|
433
|
+
// WARNING: In OpenSSL, this function did not set |*out_len| when the alias was
|
434
|
+
// missing. Callers that target both OpenSSL and BoringSSL should set the value
|
435
|
+
// to zero before calling this function.
|
436
|
+
OPENSSL_EXPORT unsigned char *X509_alias_get0(X509 *x509, int *out_len);
|
437
|
+
|
438
|
+
// X509_keyid_get0 looks up |x509|'s key ID. If found, it sets |*out_len| to the
|
439
|
+
// key ID's length and returns a pointer to a buffer containing the contents. If
|
440
|
+
// not found, it outputs the empty string by returning NULL and setting
|
441
|
+
// |*out_len| to zero.
|
442
|
+
//
|
443
|
+
// WARNING: In OpenSSL, this function did not set |*out_len| when the alias was
|
444
|
+
// missing. Callers that target both OpenSSL and BoringSSL should set the value
|
445
|
+
// to zero before calling this function.
|
446
|
+
OPENSSL_EXPORT unsigned char *X509_keyid_get0(X509 *x509, int *out_len);
|
379
447
|
|
380
|
-
// X509_set_notAfter calls |X509_set1_notAfter|. Use |X509_set1_notAfter|
|
381
|
-
// instead.
|
382
|
-
OPENSSL_EXPORT int X509_set_notAfter(X509 *x509, const ASN1_TIME *tm);
|
383
448
|
|
384
|
-
//
|
385
|
-
// issuerUID field of |x509|, or NULL if |x509| has no issuerUID. It similarly
|
386
|
-
// outputs |x509|'s subjectUID field to |*out_subject_uid|.
|
449
|
+
// Certificate revocation lists.
|
387
450
|
//
|
388
|
-
//
|
389
|
-
//
|
390
|
-
|
391
|
-
|
392
|
-
|
451
|
+
// An |X509_CRL| object represents an X.509 certificate revocation list (CRL),
|
452
|
+
// defined in RFC 5280. A CRL is a signed list of certificates which are no
|
453
|
+
// longer considered valid.
|
454
|
+
//
|
455
|
+
// Although an |X509_CRL| is a mutable object, mutating an |X509_CRL| can give
|
456
|
+
// incorrect results. Callers typically obtain |X509_CRL|s by parsing some input
|
457
|
+
// with |d2i_X509_CRL|, etc. Such objects carry information such as the
|
458
|
+
// serialized TBSCertList and decoded extensions, which will become inconsistent
|
459
|
+
// when mutated.
|
460
|
+
//
|
461
|
+
// Instead, mutation functions should only be used when issuing new CRLs, as
|
462
|
+
// described in a later section.
|
393
463
|
|
394
|
-
|
395
|
-
// |X509_get_pubkey| instead.
|
396
|
-
#define X509_extract_key(x) X509_get_pubkey(x)
|
464
|
+
DEFINE_STACK_OF(X509_CRL)
|
397
465
|
|
398
|
-
//
|
399
|
-
//
|
400
|
-
|
401
|
-
//
|
402
|
-
// Note that decoding an |X509| object will not check for invalid extensions. To
|
403
|
-
// detect the error case, call |X509_get_extensions_flags| and check the
|
404
|
-
// |EXFLAG_INVALID| bit.
|
405
|
-
OPENSSL_EXPORT long X509_get_pathlen(X509 *x509);
|
466
|
+
// X509_CRL is an |ASN1_ITEM| whose ASN.1 type is X.509 CertificateList (RFC
|
467
|
+
// 5280) and C type is |X509_CRL*|.
|
468
|
+
DECLARE_ASN1_ITEM(X509_CRL)
|
406
469
|
|
407
|
-
//
|
408
|
-
|
409
|
-
#define X509_REQ_VERSION_1 0
|
470
|
+
// X509_CRL_up_ref adds one to the reference count of |crl| and returns one.
|
471
|
+
OPENSSL_EXPORT int X509_CRL_up_ref(X509_CRL *crl);
|
410
472
|
|
411
|
-
//
|
412
|
-
//
|
413
|
-
//
|
473
|
+
// X509_CRL_dup returns a newly-allocated copy of |crl|, or NULL on error. This
|
474
|
+
// function works by serializing the structure, so if |crl| is incomplete, it
|
475
|
+
// may fail.
|
414
476
|
//
|
415
|
-
// TODO(
|
416
|
-
|
477
|
+
// TODO(https://crbug.com/boringssl/407): This function should be const and
|
478
|
+
// thread-safe but is currently neither in some cases, notably if |crl| was
|
479
|
+
// mutated.
|
480
|
+
OPENSSL_EXPORT X509_CRL *X509_CRL_dup(X509_CRL *crl);
|
417
481
|
|
418
|
-
//
|
419
|
-
//
|
420
|
-
OPENSSL_EXPORT
|
482
|
+
// X509_CRL_free decrements |crl|'s reference count and, if zero, releases
|
483
|
+
// memory associated with |crl|.
|
484
|
+
OPENSSL_EXPORT void X509_CRL_free(X509_CRL *crl);
|
421
485
|
|
422
|
-
//
|
423
|
-
|
486
|
+
// d2i_X509_CRL parses up to |len| bytes from |*inp| as a DER-encoded X.509
|
487
|
+
// CertificateList (RFC 5280), as described in |d2i_SAMPLE|.
|
488
|
+
OPENSSL_EXPORT X509_CRL *d2i_X509_CRL(X509_CRL **out, const uint8_t **inp,
|
489
|
+
long len);
|
424
490
|
|
425
|
-
//
|
426
|
-
|
491
|
+
// i2d_X509_CRL marshals |crl| as a X.509 CertificateList (RFC 5280), as
|
492
|
+
// described in |i2d_SAMPLE|.
|
493
|
+
//
|
494
|
+
// TODO(https://crbug.com/boringssl/407): This function should be const and
|
495
|
+
// thread-safe but is currently neither in some cases, notably if |crl| was
|
496
|
+
// mutated.
|
497
|
+
OPENSSL_EXPORT int i2d_X509_CRL(X509_CRL *crl, uint8_t **outp);
|
427
498
|
|
428
499
|
#define X509_CRL_VERSION_1 0
|
429
500
|
#define X509_CRL_VERSION_2 1
|
430
501
|
|
431
|
-
// X509_CRL_get_version returns the numerical value of |crl|'s version
|
432
|
-
//
|
433
|
-
// invalid, it may return another value, or -1 on overflow.
|
434
|
-
//
|
435
|
-
// TODO(davidben): Enforce the version number in the parser.
|
502
|
+
// X509_CRL_get_version returns the numerical value of |crl|'s version, which
|
503
|
+
// will be one of the |X509_CRL_VERSION_*| constants.
|
436
504
|
OPENSSL_EXPORT long X509_CRL_get_version(const X509_CRL *crl);
|
437
505
|
|
438
|
-
// X509_CRL_get0_lastUpdate returns |crl|'s
|
506
|
+
// X509_CRL_get0_lastUpdate returns |crl|'s thisUpdate time. The OpenSSL API
|
507
|
+
// refers to this field as lastUpdate.
|
439
508
|
OPENSSL_EXPORT const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl);
|
440
509
|
|
441
510
|
// X509_CRL_get0_nextUpdate returns |crl|'s nextUpdate time, or NULL if |crl|
|
442
511
|
// has none.
|
443
512
|
OPENSSL_EXPORT const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl);
|
444
513
|
|
445
|
-
// X509_CRL_set1_lastUpdate sets |crl|'s lastUpdate time to |tm|. It returns one
|
446
|
-
// on success and zero on error.
|
447
|
-
OPENSSL_EXPORT int X509_CRL_set1_lastUpdate(X509_CRL *crl, const ASN1_TIME *tm);
|
448
|
-
|
449
|
-
// X509_CRL_set1_nextUpdate sets |crl|'s nextUpdate time to |tm|. It returns one
|
450
|
-
// on success and zero on error.
|
451
|
-
OPENSSL_EXPORT int X509_CRL_set1_nextUpdate(X509_CRL *crl, const ASN1_TIME *tm);
|
452
|
-
|
453
|
-
// The following symbols are deprecated aliases to |X509_CRL_set1_*|.
|
454
|
-
#define X509_CRL_set_lastUpdate X509_CRL_set1_lastUpdate
|
455
|
-
#define X509_CRL_set_nextUpdate X509_CRL_set1_nextUpdate
|
456
|
-
|
457
|
-
// X509_CRL_get_lastUpdate returns a mutable pointer to |crl|'s lastUpdate time.
|
458
|
-
// Use |X509_CRL_get0_lastUpdate| or |X509_CRL_set1_lastUpdate| instead.
|
459
|
-
OPENSSL_EXPORT ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl);
|
460
|
-
|
461
|
-
// X509_CRL_get_nextUpdate returns a mutable pointer to |crl|'s nextUpdate time,
|
462
|
-
// or NULL if |crl| has none. Use |X509_CRL_get0_nextUpdate| or
|
463
|
-
// |X509_CRL_set1_nextUpdate| instead.
|
464
|
-
OPENSSL_EXPORT ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl);
|
465
|
-
|
466
514
|
// X509_CRL_get_issuer returns |crl|'s issuer name. Note this function is not
|
467
515
|
// const-correct for legacy reasons.
|
468
516
|
OPENSSL_EXPORT X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl);
|
@@ -480,103 +528,247 @@ OPENSSL_EXPORT STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl);
|
|
480
528
|
OPENSSL_EXPORT const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(
|
481
529
|
const X509_CRL *crl);
|
482
530
|
|
483
|
-
//
|
484
|
-
|
485
|
-
// |out_digest| may be NULL to skip those fields.
|
486
|
-
OPENSSL_EXPORT void X509_SIG_get0(const X509_SIG *sig,
|
487
|
-
const X509_ALGOR **out_alg,
|
488
|
-
const ASN1_OCTET_STRING **out_digest);
|
489
|
-
|
490
|
-
// X509_SIG_getm behaves like |X509_SIG_get0| but returns mutable pointers.
|
491
|
-
OPENSSL_EXPORT void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **out_alg,
|
492
|
-
ASN1_OCTET_STRING **out_digest);
|
531
|
+
// X509_CRL_get_ext_count returns the number of extensions in |x|.
|
532
|
+
OPENSSL_EXPORT int X509_CRL_get_ext_count(const X509_CRL *x);
|
493
533
|
|
494
|
-
|
495
|
-
|
496
|
-
|
497
|
-
|
498
|
-
X509_NAME *issuer),
|
499
|
-
int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk));
|
500
|
-
OPENSSL_EXPORT void X509_CRL_METHOD_free(X509_CRL_METHOD *m);
|
534
|
+
// X509_CRL_get_ext_by_NID behaves like |X509v3_get_ext_by_NID| but searches for
|
535
|
+
// extensions in |x|.
|
536
|
+
OPENSSL_EXPORT int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid,
|
537
|
+
int lastpos);
|
501
538
|
|
502
|
-
|
503
|
-
|
539
|
+
// X509_CRL_get_ext_by_OBJ behaves like |X509v3_get_ext_by_OBJ| but searches for
|
540
|
+
// extensions in |x|.
|
541
|
+
OPENSSL_EXPORT int X509_CRL_get_ext_by_OBJ(const X509_CRL *x,
|
542
|
+
const ASN1_OBJECT *obj, int lastpos);
|
504
543
|
|
505
|
-
//
|
506
|
-
//
|
507
|
-
|
508
|
-
|
544
|
+
// X509_CRL_get_ext_by_critical behaves like |X509v3_get_ext_by_critical| but
|
545
|
+
// searches for extensions in |x|.
|
546
|
+
OPENSSL_EXPORT int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit,
|
547
|
+
int lastpos);
|
509
548
|
|
510
|
-
//
|
511
|
-
// |
|
512
|
-
//
|
513
|
-
OPENSSL_EXPORT const
|
549
|
+
// X509_CRL_get_ext returns the extension in |x| at index |loc|, or NULL if
|
550
|
+
// |loc| is out of bounds. This function returns a non-const pointer for OpenSSL
|
551
|
+
// compatibility, but callers should not mutate the result.
|
552
|
+
OPENSSL_EXPORT X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc);
|
514
553
|
|
515
|
-
//
|
516
|
-
//
|
517
|
-
//
|
518
|
-
//
|
519
|
-
|
554
|
+
// X509_CRL_get0_signature sets |*out_sig| and |*out_alg| to the signature and
|
555
|
+
// signature algorithm of |crl|, respectively. Either output pointer may be NULL
|
556
|
+
// to ignore the value.
|
557
|
+
//
|
558
|
+
// This function outputs the outer signature algorithm, not the one in the
|
559
|
+
// TBSCertList. CRLs with mismatched signature algorithms will successfully
|
560
|
+
// parse, but they will be rejected when verifying.
|
561
|
+
OPENSSL_EXPORT void X509_CRL_get0_signature(const X509_CRL *crl,
|
562
|
+
const ASN1_BIT_STRING **out_sig,
|
563
|
+
const X509_ALGOR **out_alg);
|
520
564
|
|
521
|
-
//
|
522
|
-
//
|
523
|
-
|
565
|
+
// X509_CRL_get_signature_nid returns the NID corresponding to |crl|'s signature
|
566
|
+
// algorithm, or |NID_undef| if the signature algorithm does not correspond to
|
567
|
+
// a known NID.
|
568
|
+
OPENSSL_EXPORT int X509_CRL_get_signature_nid(const X509_CRL *crl);
|
524
569
|
|
525
|
-
//
|
526
|
-
//
|
527
|
-
|
570
|
+
// i2d_X509_CRL_tbs serializes the TBSCertList portion of |crl|, as described in
|
571
|
+
// |i2d_SAMPLE|.
|
572
|
+
//
|
573
|
+
// This function preserves the original encoding of the TBSCertList and may not
|
574
|
+
// reflect modifications made to |crl|. It may be used to manually verify the
|
575
|
+
// signature of an existing CRL. To generate CRLs, use |i2d_re_X509_CRL_tbs|
|
576
|
+
// instead.
|
577
|
+
OPENSSL_EXPORT int i2d_X509_CRL_tbs(X509_CRL *crl, unsigned char **outp);
|
528
578
|
|
529
|
-
// NETSCAPE_SPKI_verify checks that |spki| has a valid signature by |pkey|. It
|
530
|
-
// returns one if the signature is valid and zero otherwise.
|
531
|
-
OPENSSL_EXPORT int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *spki, EVP_PKEY *pkey);
|
532
579
|
|
533
|
-
//
|
534
|
-
//
|
535
|
-
//
|
536
|
-
//
|
537
|
-
//
|
538
|
-
OPENSSL_EXPORT NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str,
|
539
|
-
int len);
|
580
|
+
// Issuing certificate revocation lists.
|
581
|
+
//
|
582
|
+
// An |X509_CRL| object may also represent an incomplete CRL. Callers may
|
583
|
+
// construct empty |X509_CRL| objects, fill in fields individually, and finally
|
584
|
+
// sign the result. The following functions may be used for this purpose.
|
540
585
|
|
541
|
-
//
|
542
|
-
//
|
543
|
-
|
544
|
-
// release the memory with |OPENSSL_free| when done.
|
545
|
-
OPENSSL_EXPORT char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki);
|
586
|
+
// X509_CRL_new returns a newly-allocated, empty |X509_CRL| object, or NULL on
|
587
|
+
// error. This object may be filled in and then signed to construct a CRL.
|
588
|
+
OPENSSL_EXPORT X509_CRL *X509_CRL_new(void);
|
546
589
|
|
547
|
-
//
|
548
|
-
//
|
549
|
-
//
|
550
|
-
|
590
|
+
// X509_CRL_set_version sets |crl|'s version to |version|, which should be one
|
591
|
+
// of the |X509_CRL_VERSION_*| constants. It returns one on success and zero on
|
592
|
+
// error.
|
593
|
+
//
|
594
|
+
// If unsure, use |X509_CRL_VERSION_2|. Note that, unlike certificates, CRL
|
595
|
+
// versions are only defined up to v2. Callers should not use |X509_VERSION_3|.
|
596
|
+
OPENSSL_EXPORT int X509_CRL_set_version(X509_CRL *crl, long version);
|
551
597
|
|
552
|
-
//
|
553
|
-
// on success
|
554
|
-
|
555
|
-
OPENSSL_EXPORT int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *spki,
|
556
|
-
EVP_PKEY *pkey);
|
598
|
+
// X509_CRL_set_issuer_name sets |crl|'s issuer to a copy of |name|. It returns
|
599
|
+
// one on success and zero on error.
|
600
|
+
OPENSSL_EXPORT int X509_CRL_set_issuer_name(X509_CRL *crl, X509_NAME *name);
|
557
601
|
|
558
|
-
//
|
559
|
-
//
|
560
|
-
|
561
|
-
|
602
|
+
// X509_CRL_set1_lastUpdate sets |crl|'s thisUpdate time to |tm|. It returns one
|
603
|
+
// on success and zero on error. The OpenSSL API refers to this field as
|
604
|
+
// lastUpdate.
|
605
|
+
OPENSSL_EXPORT int X509_CRL_set1_lastUpdate(X509_CRL *crl, const ASN1_TIME *tm);
|
562
606
|
|
563
|
-
//
|
564
|
-
//
|
565
|
-
OPENSSL_EXPORT int
|
566
|
-
const ASN1_STRING *sig);
|
607
|
+
// X509_CRL_set1_nextUpdate sets |crl|'s nextUpdate time to |tm|. It returns one
|
608
|
+
// on success and zero on error.
|
609
|
+
OPENSSL_EXPORT int X509_CRL_set1_nextUpdate(X509_CRL *crl, const ASN1_TIME *tm);
|
567
610
|
|
568
|
-
//
|
569
|
-
//
|
570
|
-
//
|
571
|
-
|
572
|
-
OPENSSL_EXPORT int X509_sign(X509 *x509, EVP_PKEY *pkey, const EVP_MD *md);
|
611
|
+
// X509_CRL_delete_ext removes the extension in |x| at index |loc| and returns
|
612
|
+
// the removed extension, or NULL if |loc| was out of bounds. If non-NULL, the
|
613
|
+
// caller must release the result with |X509_EXTENSION_free|.
|
614
|
+
OPENSSL_EXPORT X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
|
573
615
|
|
574
|
-
//
|
616
|
+
// X509_CRL_add_ext adds a copy of |ex| to |x|. It returns one on success and
|
617
|
+
// zero on failure. The caller retains ownership of |ex| and can release it
|
618
|
+
// independently of |x|.
|
619
|
+
//
|
620
|
+
// The new extension is inserted at index |loc|, shifting extensions to the
|
621
|
+
// right. If |loc| is -1 or out of bounds, the new extension is appended to the
|
622
|
+
// list.
|
623
|
+
OPENSSL_EXPORT int X509_CRL_add_ext(X509_CRL *x, const X509_EXTENSION *ex,
|
624
|
+
int loc);
|
625
|
+
|
626
|
+
// X509_CRL_sign signs |crl| with |pkey| and replaces the signature algorithm
|
627
|
+
// and signature fields. It returns one on success and zero on error. This
|
628
|
+
// function uses digest algorithm |md|, or |pkey|'s default if NULL. Other
|
629
|
+
// signing parameters use |pkey|'s defaults. To customize them, use
|
630
|
+
// |X509_CRL_sign_ctx|.
|
631
|
+
OPENSSL_EXPORT int X509_CRL_sign(X509_CRL *crl, EVP_PKEY *pkey,
|
632
|
+
const EVP_MD *md);
|
633
|
+
|
634
|
+
// X509_CRL_sign_ctx signs |crl| with |ctx| and replaces the signature algorithm
|
575
635
|
// and signature fields. It returns one on success and zero on error. The
|
576
636
|
// signature algorithm and parameters come from |ctx|, which must have been
|
577
637
|
// initialized with |EVP_DigestSignInit|. The caller should configure the
|
578
638
|
// corresponding |EVP_PKEY_CTX| before calling this function.
|
579
|
-
OPENSSL_EXPORT int
|
639
|
+
OPENSSL_EXPORT int X509_CRL_sign_ctx(X509_CRL *crl, EVP_MD_CTX *ctx);
|
640
|
+
|
641
|
+
// i2d_re_X509_CRL_tbs serializes the TBSCertList portion of |crl|, as described
|
642
|
+
// in |i2d_SAMPLE|.
|
643
|
+
//
|
644
|
+
// This function re-encodes the TBSCertList and may not reflect |crl|'s original
|
645
|
+
// encoding. It may be used to manually generate a signature for a new CRL. To
|
646
|
+
// verify CRLs, use |i2d_X509_CRL_tbs| instead.
|
647
|
+
OPENSSL_EXPORT int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **outp);
|
648
|
+
|
649
|
+
// X509_CRL_set1_signature_algo sets |crl|'s signature algorithm to |algo| and
|
650
|
+
// returns one on success or zero on error. It updates both the signature field
|
651
|
+
// of the TBSCertList structure, and the signatureAlgorithm field of the CRL.
|
652
|
+
OPENSSL_EXPORT int X509_CRL_set1_signature_algo(X509_CRL *crl,
|
653
|
+
const X509_ALGOR *algo);
|
654
|
+
|
655
|
+
// X509_CRL_set1_signature_value sets |crl|'s signature to a copy of the
|
656
|
+
// |sig_len| bytes pointed by |sig|. It returns one on success and zero on
|
657
|
+
// error.
|
658
|
+
//
|
659
|
+
// Due to a specification error, X.509 CRLs store signatures in ASN.1 BIT
|
660
|
+
// STRINGs, but signature algorithms return byte strings rather than bit
|
661
|
+
// strings. This function creates a BIT STRING containing a whole number of
|
662
|
+
// bytes, with the bit order matching the DER encoding. This matches the
|
663
|
+
// encoding used by all X.509 signature algorithms.
|
664
|
+
OPENSSL_EXPORT int X509_CRL_set1_signature_value(X509_CRL *crl,
|
665
|
+
const uint8_t *sig,
|
666
|
+
size_t sig_len);
|
667
|
+
|
668
|
+
|
669
|
+
// Certificate requests.
|
670
|
+
//
|
671
|
+
// An |X509_REQ| represents a PKCS #10 certificate request (RFC 2986). These are
|
672
|
+
// also referred to as certificate signing requests or CSRs. CSRs are a common
|
673
|
+
// format used to request a certificate from a CA.
|
674
|
+
//
|
675
|
+
// Although an |X509_REQ| is a mutable object, mutating an |X509_REQ| can give
|
676
|
+
// incorrect results. Callers typically obtain |X509_REQ|s by parsing some input
|
677
|
+
// with |d2i_X509_REQ|, etc. Such objects carry information such as the
|
678
|
+
// serialized CertificationRequestInfo, which will become inconsistent when
|
679
|
+
// mutated.
|
680
|
+
//
|
681
|
+
// Instead, mutation functions should only be used when issuing new CRLs, as
|
682
|
+
// described in a later section.
|
683
|
+
|
684
|
+
// X509_REQ is an |ASN1_ITEM| whose ASN.1 type is CertificateRequest (RFC 2986)
|
685
|
+
// and C type is |X509_REQ*|.
|
686
|
+
DECLARE_ASN1_ITEM(X509_REQ)
|
687
|
+
|
688
|
+
// X509_REQ_dup returns a newly-allocated copy of |req|, or NULL on error. This
|
689
|
+
// function works by serializing the structure, so if |req| is incomplete, it
|
690
|
+
// may fail.
|
691
|
+
//
|
692
|
+
// TODO(https://crbug.com/boringssl/407): This function should be const and
|
693
|
+
// thread-safe but is currently neither in some cases, notably if |req| was
|
694
|
+
// mutated.
|
695
|
+
OPENSSL_EXPORT X509_REQ *X509_REQ_dup(X509_REQ *req);
|
696
|
+
|
697
|
+
// X509_REQ_free releases memory associated with |req|.
|
698
|
+
OPENSSL_EXPORT void X509_REQ_free(X509_REQ *req);
|
699
|
+
|
700
|
+
// d2i_X509_REQ parses up to |len| bytes from |*inp| as a DER-encoded
|
701
|
+
// CertificateRequest (RFC 2986), as described in |d2i_SAMPLE|.
|
702
|
+
OPENSSL_EXPORT X509_REQ *d2i_X509_REQ(X509_REQ **out, const uint8_t **inp,
|
703
|
+
long len);
|
704
|
+
|
705
|
+
// i2d_X509_REQ marshals |req| as a CertificateRequest (RFC 2986), as described
|
706
|
+
// in |i2d_SAMPLE|.
|
707
|
+
//
|
708
|
+
// TODO(https://crbug.com/boringssl/407): This function should be const and
|
709
|
+
// thread-safe but is currently neither in some cases, notably if |req| was
|
710
|
+
// mutated.
|
711
|
+
OPENSSL_EXPORT int i2d_X509_REQ(X509_REQ *req, uint8_t **outp);
|
712
|
+
|
713
|
+
|
714
|
+
// X509_REQ_VERSION_1 is the version constant for |X509_REQ| objects. No other
|
715
|
+
// versions are defined.
|
716
|
+
#define X509_REQ_VERSION_1 0
|
717
|
+
|
718
|
+
// X509_REQ_get_version returns the numerical value of |req|'s version. This
|
719
|
+
// will always be |X509_REQ_VERSION_1| for valid CSRs. For compatibility,
|
720
|
+
// |d2i_X509_REQ| also accepts some invalid version numbers, in which case this
|
721
|
+
// function may return other values.
|
722
|
+
OPENSSL_EXPORT long X509_REQ_get_version(const X509_REQ *req);
|
723
|
+
|
724
|
+
// X509_REQ_get_subject_name returns |req|'s subject name. Note this function is
|
725
|
+
// not const-correct for legacy reasons.
|
726
|
+
OPENSSL_EXPORT X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req);
|
727
|
+
|
728
|
+
// X509_REQ_get_pubkey returns |req|'s public key as an |EVP_PKEY|, or NULL if
|
729
|
+
// the public key was unsupported or could not be decoded. This function returns
|
730
|
+
// a reference to the |EVP_PKEY|. The caller must release the result with
|
731
|
+
// |EVP_PKEY_free| when done.
|
732
|
+
OPENSSL_EXPORT EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
|
733
|
+
|
734
|
+
// X509_REQ_get0_signature sets |*out_sig| and |*out_alg| to the signature and
|
735
|
+
// signature algorithm of |req|, respectively. Either output pointer may be NULL
|
736
|
+
// to ignore the value.
|
737
|
+
OPENSSL_EXPORT void X509_REQ_get0_signature(const X509_REQ *req,
|
738
|
+
const ASN1_BIT_STRING **out_sig,
|
739
|
+
const X509_ALGOR **out_alg);
|
740
|
+
|
741
|
+
// X509_REQ_get_signature_nid returns the NID corresponding to |req|'s signature
|
742
|
+
// algorithm, or |NID_undef| if the signature algorithm does not correspond to
|
743
|
+
// a known NID.
|
744
|
+
OPENSSL_EXPORT int X509_REQ_get_signature_nid(const X509_REQ *req);
|
745
|
+
|
746
|
+
|
747
|
+
// Issuing certificate requests.
|
748
|
+
//
|
749
|
+
// An |X509_REQ| object may also represent an incomplete CSR. Callers may
|
750
|
+
// construct empty |X509_REQ| objects, fill in fields individually, and finally
|
751
|
+
// sign the result. The following functions may be used for this purpose.
|
752
|
+
|
753
|
+
// X509_REQ_new returns a newly-allocated, empty |X509_REQ| object, or NULL on
|
754
|
+
// error. This object may be filled in and then signed to construct a CSR.
|
755
|
+
OPENSSL_EXPORT X509_REQ *X509_REQ_new(void);
|
756
|
+
|
757
|
+
// X509_REQ_set_version sets |req|'s version to |version|, which should be
|
758
|
+
// |X509_REQ_VERSION_1|. It returns one on success and zero on error.
|
759
|
+
//
|
760
|
+
// The only defined CSR version is |X509_REQ_VERSION_1|, so there is no need to
|
761
|
+
// call this function.
|
762
|
+
OPENSSL_EXPORT int X509_REQ_set_version(X509_REQ *req, long version);
|
763
|
+
|
764
|
+
// X509_REQ_set_subject_name sets |req|'s subject to a copy of |name|. It
|
765
|
+
// returns one on success and zero on error.
|
766
|
+
OPENSSL_EXPORT int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name);
|
767
|
+
|
768
|
+
// X509_REQ_set_pubkey sets |req|'s public key to |pkey|. It returns one on
|
769
|
+
// success and zero on error. This function does not take ownership of |pkey|
|
770
|
+
// and internally copies and updates reference counts as needed.
|
771
|
+
OPENSSL_EXPORT int X509_REQ_set_pubkey(X509_REQ *req, EVP_PKEY *pkey);
|
580
772
|
|
581
773
|
// X509_REQ_sign signs |req| with |pkey| and replaces the signature algorithm
|
582
774
|
// and signature fields. It returns one on success and zero on error. This
|
@@ -593,151 +785,461 @@ OPENSSL_EXPORT int X509_REQ_sign(X509_REQ *req, EVP_PKEY *pkey,
|
|
593
785
|
// corresponding |EVP_PKEY_CTX| before calling this function.
|
594
786
|
OPENSSL_EXPORT int X509_REQ_sign_ctx(X509_REQ *req, EVP_MD_CTX *ctx);
|
595
787
|
|
596
|
-
//
|
597
|
-
//
|
598
|
-
//
|
599
|
-
//
|
600
|
-
// |
|
601
|
-
|
602
|
-
|
788
|
+
// i2d_re_X509_REQ_tbs serializes the CertificationRequestInfo (see RFC 2986)
|
789
|
+
// portion of |req|, as described in |i2d_SAMPLE|.
|
790
|
+
//
|
791
|
+
// This function re-encodes the CertificationRequestInfo and may not reflect
|
792
|
+
// |req|'s original encoding. It may be used to manually generate a signature
|
793
|
+
// for a new certificate request.
|
794
|
+
OPENSSL_EXPORT int i2d_re_X509_REQ_tbs(X509_REQ *req, uint8_t **outp);
|
603
795
|
|
604
|
-
//
|
605
|
-
//
|
606
|
-
|
607
|
-
|
608
|
-
// corresponding |EVP_PKEY_CTX| before calling this function.
|
609
|
-
OPENSSL_EXPORT int X509_CRL_sign_ctx(X509_CRL *crl, EVP_MD_CTX *ctx);
|
796
|
+
// X509_REQ_set1_signature_algo sets |req|'s signature algorithm to |algo| and
|
797
|
+
// returns one on success or zero on error.
|
798
|
+
OPENSSL_EXPORT int X509_REQ_set1_signature_algo(X509_REQ *req,
|
799
|
+
const X509_ALGOR *algo);
|
610
800
|
|
611
|
-
//
|
612
|
-
//
|
613
|
-
//
|
614
|
-
//
|
615
|
-
|
616
|
-
|
801
|
+
// X509_REQ_set1_signature_value sets |req|'s signature to a copy of the
|
802
|
+
// |sig_len| bytes pointed by |sig|. It returns one on success and zero on
|
803
|
+
// error.
|
804
|
+
//
|
805
|
+
// Due to a specification error, PKCS#10 certificate requests store signatures
|
806
|
+
// in ASN.1 BIT STRINGs, but signature algorithms return byte strings rather
|
807
|
+
// than bit strings. This function creates a BIT STRING containing a whole
|
808
|
+
// number of bytes, with the bit order matching the DER encoding. This matches
|
809
|
+
// the encoding used by all X.509 signature algorithms.
|
810
|
+
OPENSSL_EXPORT int X509_REQ_set1_signature_value(X509_REQ *req,
|
811
|
+
const uint8_t *sig,
|
812
|
+
size_t sig_len);
|
617
813
|
|
618
|
-
// X509_pubkey_digest hashes the DER encoding of |x509|'s subjectPublicKeyInfo
|
619
|
-
// field with |md| and writes the result to |out|. |EVP_MD_CTX_size| bytes are
|
620
|
-
// written, which is at most |EVP_MAX_MD_SIZE|. If |out_len| is not NULL,
|
621
|
-
// |*out_len| is set to the number of bytes written. This function returns one
|
622
|
-
// on success and zero on error.
|
623
|
-
OPENSSL_EXPORT int X509_pubkey_digest(const X509 *x509, const EVP_MD *md,
|
624
|
-
uint8_t *out, unsigned *out_len);
|
625
814
|
|
626
|
-
//
|
627
|
-
//
|
628
|
-
//
|
629
|
-
//
|
630
|
-
//
|
631
|
-
|
632
|
-
|
815
|
+
// Names.
|
816
|
+
//
|
817
|
+
// An |X509_NAME| represents an X.509 Name structure (RFC 5280). X.509 names are
|
818
|
+
// a complex, hierarchical structure over a collection of attributes. Each name
|
819
|
+
// is sequence of relative distinguished names (RDNs), decreasing in
|
820
|
+
// specificity. For example, the first RDN may specify the country, while the
|
821
|
+
// next RDN may specify a locality. Each RDN is, itself, a set of attributes.
|
822
|
+
// Having more than one attribute in an RDN is uncommon, but possible. Within an
|
823
|
+
// RDN, attributes have the same level in specificity. Attribute types are
|
824
|
+
// OBJECT IDENTIFIERs. This determines the ASN.1 type of the value, which is
|
825
|
+
// commonly a string but may be other types.
|
826
|
+
//
|
827
|
+
// The |X509_NAME| representation flattens this two-level structure into a
|
828
|
+
// single list of attributes. Each attribute is stored in an |X509_NAME_ENTRY|,
|
829
|
+
// with also maintains the index of the RDN it is part of, accessible via
|
830
|
+
// |X509_NAME_ENTRY_set|. This can be used to recover the two-level structure.
|
831
|
+
//
|
832
|
+
// X.509 names are largely vestigial. Historically, DNS names were parsed out of
|
833
|
+
// the subject's common name attribute, but this is deprecated and has since
|
834
|
+
// moved to the subject alternative name extension. In modern usage, X.509 names
|
835
|
+
// are primarily opaque identifiers to link a certificate with its issuer.
|
633
836
|
|
634
|
-
|
635
|
-
|
636
|
-
// |EVP_MAX_MD_SIZE|. If |out_len| is not NULL, |*out_len| is set to the number
|
637
|
-
// of bytes written. This function returns one on success and zero on error.
|
638
|
-
// Note this digest covers the entire CRL, not just the signed portion.
|
639
|
-
OPENSSL_EXPORT int X509_CRL_digest(const X509_CRL *crl, const EVP_MD *md,
|
640
|
-
uint8_t *out, unsigned *out_len);
|
837
|
+
DEFINE_STACK_OF(X509_NAME_ENTRY)
|
838
|
+
DEFINE_STACK_OF(X509_NAME)
|
641
839
|
|
642
|
-
//
|
643
|
-
//
|
644
|
-
|
645
|
-
// of bytes written. This function returns one on success and zero on error.
|
646
|
-
// Note this digest covers the entire certificate request, not just the signed
|
647
|
-
// portion.
|
648
|
-
OPENSSL_EXPORT int X509_REQ_digest(const X509_REQ *req, const EVP_MD *md,
|
649
|
-
uint8_t *out, unsigned *out_len);
|
840
|
+
// X509_NAME is an |ASN1_ITEM| whose ASN.1 type is X.509 Name (RFC 5280) and C
|
841
|
+
// type is |X509_NAME*|.
|
842
|
+
DECLARE_ASN1_ITEM(X509_NAME)
|
650
843
|
|
651
|
-
//
|
652
|
-
//
|
653
|
-
|
654
|
-
// of bytes written. This function returns one on success and zero on error.
|
655
|
-
OPENSSL_EXPORT int X509_NAME_digest(const X509_NAME *name, const EVP_MD *md,
|
656
|
-
uint8_t *out, unsigned *out_len);
|
844
|
+
// X509_NAME_new returns a new, empty |X509_NAME_new|, or NULL on
|
845
|
+
// error.
|
846
|
+
OPENSSL_EXPORT X509_NAME *X509_NAME_new(void);
|
657
847
|
|
658
|
-
//
|
659
|
-
|
660
|
-
// The returned structure (if any) holds a reference to |buf| rather than
|
661
|
-
// copying parts of it as a normal |d2i_X509| call would do.
|
662
|
-
OPENSSL_EXPORT X509 *X509_parse_from_buffer(CRYPTO_BUFFER *buf);
|
848
|
+
// X509_NAME_free releases memory associated with |name|.
|
849
|
+
OPENSSL_EXPORT void X509_NAME_free(X509_NAME *name);
|
663
850
|
|
664
|
-
|
665
|
-
|
666
|
-
OPENSSL_EXPORT
|
667
|
-
|
668
|
-
OPENSSL_EXPORT X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req);
|
669
|
-
OPENSSL_EXPORT int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req);
|
670
|
-
OPENSSL_EXPORT RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa);
|
671
|
-
OPENSSL_EXPORT int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa);
|
672
|
-
OPENSSL_EXPORT RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa);
|
673
|
-
OPENSSL_EXPORT int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa);
|
674
|
-
OPENSSL_EXPORT RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa);
|
675
|
-
OPENSSL_EXPORT int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa);
|
676
|
-
#ifndef OPENSSL_NO_DSA
|
677
|
-
OPENSSL_EXPORT DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa);
|
678
|
-
OPENSSL_EXPORT int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa);
|
679
|
-
OPENSSL_EXPORT DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa);
|
680
|
-
OPENSSL_EXPORT int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa);
|
681
|
-
#endif
|
682
|
-
OPENSSL_EXPORT EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey);
|
683
|
-
OPENSSL_EXPORT int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey);
|
684
|
-
OPENSSL_EXPORT EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey);
|
685
|
-
OPENSSL_EXPORT int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey);
|
686
|
-
OPENSSL_EXPORT X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8);
|
687
|
-
OPENSSL_EXPORT int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8);
|
688
|
-
OPENSSL_EXPORT PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(
|
689
|
-
FILE *fp, PKCS8_PRIV_KEY_INFO **p8inf);
|
690
|
-
OPENSSL_EXPORT int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
|
691
|
-
PKCS8_PRIV_KEY_INFO *p8inf);
|
692
|
-
OPENSSL_EXPORT int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key);
|
693
|
-
OPENSSL_EXPORT int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey);
|
694
|
-
OPENSSL_EXPORT EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
|
695
|
-
OPENSSL_EXPORT int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey);
|
696
|
-
OPENSSL_EXPORT EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
|
851
|
+
// d2i_X509_NAME parses up to |len| bytes from |*inp| as a DER-encoded X.509
|
852
|
+
// Name (RFC 5280), as described in |d2i_SAMPLE|.
|
853
|
+
OPENSSL_EXPORT X509_NAME *d2i_X509_NAME(X509_NAME **out, const uint8_t **inp,
|
854
|
+
long len);
|
697
855
|
|
698
|
-
|
699
|
-
|
700
|
-
|
701
|
-
|
702
|
-
|
703
|
-
|
704
|
-
OPENSSL_EXPORT
|
705
|
-
|
706
|
-
|
707
|
-
|
708
|
-
|
709
|
-
|
710
|
-
|
711
|
-
OPENSSL_EXPORT
|
712
|
-
|
713
|
-
|
714
|
-
|
715
|
-
|
716
|
-
|
717
|
-
|
718
|
-
|
719
|
-
OPENSSL_EXPORT int
|
720
|
-
|
721
|
-
|
722
|
-
|
723
|
-
|
724
|
-
|
725
|
-
|
726
|
-
|
727
|
-
|
728
|
-
OPENSSL_EXPORT
|
729
|
-
|
730
|
-
|
731
|
-
OPENSSL_EXPORT
|
732
|
-
|
856
|
+
// i2d_X509_NAME marshals |in| as a DER-encoded X.509 Name (RFC 5280), as
|
857
|
+
// described in |i2d_SAMPLE|.
|
858
|
+
//
|
859
|
+
// TODO(https://crbug.com/boringssl/407): This function should be const and
|
860
|
+
// thread-safe but is currently neither in some cases, notably if |in| was
|
861
|
+
// mutated.
|
862
|
+
OPENSSL_EXPORT int i2d_X509_NAME(X509_NAME *in, uint8_t **outp);
|
863
|
+
|
864
|
+
// X509_NAME_dup returns a newly-allocated copy of |name|, or NULL on error.
|
865
|
+
//
|
866
|
+
// TODO(https://crbug.com/boringssl/407): This function should be const and
|
867
|
+
// thread-safe but is currently neither in some cases, notably if |name| was
|
868
|
+
// mutated.
|
869
|
+
OPENSSL_EXPORT X509_NAME *X509_NAME_dup(X509_NAME *name);
|
870
|
+
|
871
|
+
// X509_NAME_get0_der sets |*out_der| and |*out_der_len|
|
872
|
+
//
|
873
|
+
// Avoid this function and prefer |i2d_X509_NAME|. It is one of the reasons
|
874
|
+
// these functions are not consistently thread-safe or const-correct. Depending
|
875
|
+
// on the resolution of https://crbug.com/boringssl/407, this function may be
|
876
|
+
// removed or cause poor performance.
|
877
|
+
OPENSSL_EXPORT int X509_NAME_get0_der(X509_NAME *name, const uint8_t **out_der,
|
878
|
+
size_t *out_der_len);
|
879
|
+
|
880
|
+
// X509_NAME_set makes a copy of |name|. On success, it frees |*xn|, sets |*xn|
|
881
|
+
// to the copy, and returns one. Otherwise, it returns zero.
|
882
|
+
//
|
883
|
+
// TODO(https://crbug.com/boringssl/407): This function should be const and
|
884
|
+
// thread-safe but is currently neither in some cases, notably if |name| was
|
885
|
+
// mutated.
|
886
|
+
OPENSSL_EXPORT int X509_NAME_set(X509_NAME **xn, X509_NAME *name);
|
887
|
+
|
888
|
+
// X509_NAME_entry_count returns the number of entries in |name|.
|
889
|
+
OPENSSL_EXPORT int X509_NAME_entry_count(const X509_NAME *name);
|
890
|
+
|
891
|
+
// X509_NAME_get_index_by_NID returns the zero-based index of the first
|
892
|
+
// attribute in |name| with type |nid|, or -1 if there is none. |nid| should be
|
893
|
+
// one of the |NID_*| constants. If |lastpos| is non-negative, it begins
|
894
|
+
// searching at |lastpos+1|. To search all attributes, pass in -1, not zero.
|
895
|
+
//
|
896
|
+
// Indices from this function refer to |X509_NAME|'s flattened representation.
|
897
|
+
OPENSSL_EXPORT int X509_NAME_get_index_by_NID(const X509_NAME *name, int nid,
|
898
|
+
int lastpos);
|
899
|
+
|
900
|
+
// X509_NAME_get_index_by_OBJ behaves like |X509_NAME_get_index_by_NID| but
|
901
|
+
// looks for attributes with type |obj|.
|
902
|
+
OPENSSL_EXPORT int X509_NAME_get_index_by_OBJ(const X509_NAME *name,
|
903
|
+
const ASN1_OBJECT *obj,
|
904
|
+
int lastpos);
|
905
|
+
|
906
|
+
// X509_NAME_get_entry returns the attribute in |name| at index |loc|, or NULL
|
907
|
+
// if |loc| is out of range. |loc| is interpreted using |X509_NAME|'s flattened
|
908
|
+
// representation. This function returns a non-const pointer for OpenSSL
|
909
|
+
// compatibility, but callers should not mutate the result. Doing so will break
|
910
|
+
// internal invariants in the library.
|
911
|
+
OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name,
|
912
|
+
int loc);
|
913
|
+
|
914
|
+
// X509_NAME_delete_entry removes and returns the attribute in |name| at index
|
915
|
+
// |loc|, or NULL if |loc| is out of range. |loc| is interpreted using
|
916
|
+
// |X509_NAME|'s flattened representation. If the attribute is found, the caller
|
917
|
+
// is responsible for releasing the result with |X509_NAME_ENTRY_free|.
|
918
|
+
//
|
919
|
+
// This function will internally update RDN indices (see |X509_NAME_ENTRY_set|)
|
920
|
+
// so they continue to be consecutive.
|
921
|
+
OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name,
|
922
|
+
int loc);
|
923
|
+
|
924
|
+
// X509_NAME_add_entry adds a copy of |entry| to |name| and returns one on
|
925
|
+
// success or zero on error. If |loc| is -1, the entry is appended to |name|.
|
926
|
+
// Otherwise, it is inserted at index |loc|. If |set| is -1, the entry is added
|
927
|
+
// to the previous entry's RDN. If it is 0, the entry becomes a singleton RDN.
|
928
|
+
// If 1, it is added to next entry's RDN.
|
929
|
+
//
|
930
|
+
// This function will internally update RDN indices (see |X509_NAME_ENTRY_set|)
|
931
|
+
// so they continue to be consecutive.
|
932
|
+
OPENSSL_EXPORT int X509_NAME_add_entry(X509_NAME *name,
|
933
|
+
const X509_NAME_ENTRY *entry, int loc,
|
934
|
+
int set);
|
935
|
+
|
936
|
+
// X509_NAME_add_entry_by_OBJ adds a new entry to |name| and returns one on
|
937
|
+
// success or zero on error. The entry's attribute type is |obj|. The entry's
|
938
|
+
// attribute value is determined by |type|, |bytes|, and |len|, as in
|
939
|
+
// |X509_NAME_ENTRY_set_data|. The entry's position is determined by |loc| and
|
940
|
+
// |set| as in |X509_NAME_add_entry|.
|
941
|
+
OPENSSL_EXPORT int X509_NAME_add_entry_by_OBJ(X509_NAME *name,
|
942
|
+
const ASN1_OBJECT *obj, int type,
|
943
|
+
const uint8_t *bytes, int len,
|
944
|
+
int loc, int set);
|
945
|
+
|
946
|
+
// X509_NAME_add_entry_by_NID behaves like |X509_NAME_add_entry_by_OBJ| but sets
|
947
|
+
// the entry's attribute type to |nid|, which should be one of the |NID_*|
|
948
|
+
// constants.
|
949
|
+
OPENSSL_EXPORT int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid,
|
950
|
+
int type, const uint8_t *bytes,
|
951
|
+
int len, int loc, int set);
|
952
|
+
|
953
|
+
// X509_NAME_add_entry_by_txt behaves like |X509_NAME_add_entry_by_OBJ| but sets
|
954
|
+
// the entry's attribute type to |field|, which is passed to |OBJ_txt2obj|.
|
955
|
+
OPENSSL_EXPORT int X509_NAME_add_entry_by_txt(X509_NAME *name,
|
956
|
+
const char *field, int type,
|
957
|
+
const uint8_t *bytes, int len,
|
958
|
+
int loc, int set);
|
959
|
+
|
960
|
+
// X509_NAME_ENTRY is an |ASN1_ITEM| whose ASN.1 type is AttributeTypeAndValue
|
961
|
+
// (RFC 5280) and C type is |X509_NAME_ENTRY*|.
|
962
|
+
DECLARE_ASN1_ITEM(X509_NAME_ENTRY)
|
963
|
+
|
964
|
+
// X509_NAME_ENTRY_new returns a new, empty |X509_NAME_ENTRY_new|, or NULL on
|
965
|
+
// error.
|
966
|
+
OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_ENTRY_new(void);
|
967
|
+
|
968
|
+
// X509_NAME_ENTRY_free releases memory associated with |entry|.
|
969
|
+
OPENSSL_EXPORT void X509_NAME_ENTRY_free(X509_NAME_ENTRY *entry);
|
970
|
+
|
971
|
+
// d2i_X509_NAME_ENTRY parses up to |len| bytes from |*inp| as a DER-encoded
|
972
|
+
// AttributeTypeAndValue (RFC 5280), as described in |d2i_SAMPLE|.
|
973
|
+
OPENSSL_EXPORT X509_NAME_ENTRY *d2i_X509_NAME_ENTRY(X509_NAME_ENTRY **out,
|
974
|
+
const uint8_t **inp,
|
975
|
+
long len);
|
976
|
+
|
977
|
+
// i2d_X509_NAME_ENTRY marshals |in| as a DER-encoded AttributeTypeAndValue (RFC
|
978
|
+
// 5280), as described in |i2d_SAMPLE|.
|
979
|
+
OPENSSL_EXPORT int i2d_X509_NAME_ENTRY(const X509_NAME_ENTRY *in,
|
980
|
+
uint8_t **outp);
|
981
|
+
|
982
|
+
// X509_NAME_ENTRY_dup returns a newly-allocated copy of |entry|, or NULL on
|
983
|
+
// error.
|
984
|
+
OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_ENTRY_dup(
|
985
|
+
const X509_NAME_ENTRY *entry);
|
986
|
+
|
987
|
+
// X509_NAME_ENTRY_get_object returns |entry|'s attribute type. This function
|
988
|
+
// returns a non-const pointer for OpenSSL compatibility, but callers should not
|
989
|
+
// mutate the result. Doing so will break internal invariants in the library.
|
990
|
+
OPENSSL_EXPORT ASN1_OBJECT *X509_NAME_ENTRY_get_object(
|
991
|
+
const X509_NAME_ENTRY *entry);
|
992
|
+
|
993
|
+
// X509_NAME_ENTRY_set_object sets |entry|'s attribute type to |obj|. It returns
|
994
|
+
// one on success and zero on error.
|
995
|
+
OPENSSL_EXPORT int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *entry,
|
996
|
+
const ASN1_OBJECT *obj);
|
997
|
+
|
998
|
+
// X509_NAME_ENTRY_get_data returns |entry|'s attribute value, represented as an
|
999
|
+
// |ASN1_STRING|. This value may have any ASN.1 type, so callers must check the
|
1000
|
+
// type before interpreting the contents. This function returns a non-const
|
1001
|
+
// pointer for OpenSSL compatibility, but callers should not mutate the result.
|
1002
|
+
// Doing so will break internal invariants in the library.
|
1003
|
+
//
|
1004
|
+
// TODO(https://crbug.com/boringssl/412): Although the spec says any ASN.1 type
|
1005
|
+
// is allowed, we currently only allow an ad-hoc set of types. Additionally, it
|
1006
|
+
// is unclear if some types can even be represented by this function.
|
1007
|
+
OPENSSL_EXPORT ASN1_STRING *X509_NAME_ENTRY_get_data(
|
1008
|
+
const X509_NAME_ENTRY *entry);
|
1009
|
+
|
1010
|
+
// X509_NAME_ENTRY_set_data sets |entry|'s value to |len| bytes from |bytes|. It
|
1011
|
+
// returns one on success and zero on error. If |len| is -1, |bytes| must be a
|
1012
|
+
// NUL-terminated C string and the length is determined by |strlen|. |bytes| is
|
1013
|
+
// converted to an ASN.1 type as follows:
|
1014
|
+
//
|
1015
|
+
// If |type| is a |MBSTRING_*| constant, the value is an ASN.1 string. The
|
1016
|
+
// string is determined by decoding |bytes| in the encoding specified by |type|,
|
1017
|
+
// and then re-encoding it in a form appropriate for |entry|'s attribute type.
|
1018
|
+
// See |ASN1_STRING_set_by_NID| for details.
|
1019
|
+
//
|
1020
|
+
// Otherwise, the value is an |ASN1_STRING| with type |type| and value |bytes|.
|
1021
|
+
// See |ASN1_STRING| for how to format ASN.1 types as an |ASN1_STRING|. If
|
1022
|
+
// |type| is |V_ASN1_UNDEF| the previous |ASN1_STRING| type is reused.
|
1023
|
+
OPENSSL_EXPORT int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *entry, int type,
|
1024
|
+
const uint8_t *bytes, int len);
|
1025
|
+
|
1026
|
+
// X509_NAME_ENTRY_set returns the zero-based index of the RDN which contains
|
1027
|
+
// |entry|. Consecutive entries with the same index are part of the same RDN.
|
1028
|
+
OPENSSL_EXPORT int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *entry);
|
1029
|
+
|
1030
|
+
// X509_NAME_ENTRY_create_by_OBJ creates a new |X509_NAME_ENTRY| with attribute
|
1031
|
+
// type |obj|. The attribute value is determined from |type|, |bytes|, and |len|
|
1032
|
+
// as in |X509_NAME_ENTRY_set_data|. It returns the |X509_NAME_ENTRY| on success
|
1033
|
+
// and NULL on error.
|
1034
|
+
//
|
1035
|
+
// If |out| is non-NULL and |*out| is NULL, it additionally sets |*out| to the
|
1036
|
+
// result on success. If both |out| and |*out| are non-NULL, it updates the
|
1037
|
+
// object at |*out| instead of allocating a new one.
|
1038
|
+
OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(
|
1039
|
+
X509_NAME_ENTRY **out, const ASN1_OBJECT *obj, int type,
|
1040
|
+
const uint8_t *bytes, int len);
|
1041
|
+
|
1042
|
+
// X509_NAME_ENTRY_create_by_NID behaves like |X509_NAME_ENTRY_create_by_OBJ|
|
1043
|
+
// except the attribute type is |nid|, which should be one of the |NID_*|
|
1044
|
+
// constants.
|
1045
|
+
OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(
|
1046
|
+
X509_NAME_ENTRY **out, int nid, int type, const uint8_t *bytes, int len);
|
1047
|
+
|
1048
|
+
// X509_NAME_ENTRY_create_by_txt behaves like |X509_NAME_ENTRY_create_by_OBJ|
|
1049
|
+
// except the attribute type is |field|, which is passed to |OBJ_txt2obj|.
|
1050
|
+
OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(
|
1051
|
+
X509_NAME_ENTRY **out, const char *field, int type, const uint8_t *bytes,
|
1052
|
+
int len);
|
1053
|
+
|
1054
|
+
|
1055
|
+
// Extensions.
|
1056
|
+
//
|
1057
|
+
// X.509 certificates and CRLs may contain a list of extensions (RFC 5280).
|
1058
|
+
// Extensions have a type, specified by an object identifier (|ASN1_OBJECT|) and
|
1059
|
+
// a byte string value, which should a DER-encoded structure whose type is
|
1060
|
+
// determined by the extension type. This library represents extensions with the
|
1061
|
+
// |X509_EXTENSION| type.
|
1062
|
+
|
1063
|
+
// X509_EXTENSION is an |ASN1_ITEM| whose ASN.1 type is X.509 Extension (RFC
|
1064
|
+
// 5280) and C type is |X509_EXTENSION*|.
|
1065
|
+
DECLARE_ASN1_ITEM(X509_EXTENSION)
|
1066
|
+
|
1067
|
+
// X509_EXTENSION_new returns a newly-allocated, empty |X509_EXTENSION| object
|
1068
|
+
// or NULL on error.
|
1069
|
+
OPENSSL_EXPORT X509_EXTENSION *X509_EXTENSION_new(void);
|
1070
|
+
|
1071
|
+
// X509_EXTENSION_free releases memory associated with |ex|.
|
1072
|
+
OPENSSL_EXPORT void X509_EXTENSION_free(X509_EXTENSION *ex);
|
1073
|
+
|
1074
|
+
// d2i_X509_EXTENSION parses up to |len| bytes from |*inp| as a DER-encoded
|
1075
|
+
// X.509 Extension (RFC 5280), as described in |d2i_SAMPLE|.
|
1076
|
+
OPENSSL_EXPORT X509_EXTENSION *d2i_X509_EXTENSION(X509_EXTENSION **out,
|
1077
|
+
const uint8_t **inp,
|
1078
|
+
long len);
|
1079
|
+
|
1080
|
+
// i2d_X509_EXTENSION marshals |ex| as a DER-encoded X.509 Extension (RFC
|
1081
|
+
// 5280), as described in |i2d_SAMPLE|.
|
1082
|
+
OPENSSL_EXPORT int i2d_X509_EXTENSION(const X509_EXTENSION *ex, uint8_t **outp);
|
1083
|
+
|
1084
|
+
// X509_EXTENSION_dup returns a newly-allocated copy of |ex|, or NULL on error.
|
1085
|
+
// This function works by serializing the structure, so if |ex| is incomplete,
|
1086
|
+
// it may fail.
|
1087
|
+
OPENSSL_EXPORT X509_EXTENSION *X509_EXTENSION_dup(const X509_EXTENSION *ex);
|
1088
|
+
|
1089
|
+
// X509_EXTENSION_create_by_NID creates a new |X509_EXTENSION| with type |nid|,
|
1090
|
+
// value |data|, and critical bit |crit|. It returns an |X509_EXTENSION| on
|
1091
|
+
// success, and NULL on error. |nid| should be a |NID_*| constant.
|
1092
|
+
//
|
1093
|
+
// If |ex| and |*ex| are both non-NULL, |*ex| is used to hold the result,
|
1094
|
+
// otherwise a new object is allocated. If |ex| is non-NULL and |*ex| is NULL,
|
1095
|
+
// the function sets |*ex| to point to the newly allocated result, in addition
|
1096
|
+
// to returning the result.
|
1097
|
+
OPENSSL_EXPORT X509_EXTENSION *X509_EXTENSION_create_by_NID(
|
1098
|
+
X509_EXTENSION **ex, int nid, int crit, const ASN1_OCTET_STRING *data);
|
1099
|
+
|
1100
|
+
// X509_EXTENSION_create_by_OBJ behaves like |X509_EXTENSION_create_by_NID|, but
|
1101
|
+
// the extension type is determined by an |ASN1_OBJECT|.
|
1102
|
+
OPENSSL_EXPORT X509_EXTENSION *X509_EXTENSION_create_by_OBJ(
|
1103
|
+
X509_EXTENSION **ex, const ASN1_OBJECT *obj, int crit,
|
1104
|
+
const ASN1_OCTET_STRING *data);
|
1105
|
+
|
1106
|
+
// X509_EXTENSION_get_object returns |ex|'s extension type. This function
|
1107
|
+
// returns a non-const pointer for OpenSSL compatibility, but callers should not
|
1108
|
+
// mutate the result.
|
1109
|
+
OPENSSL_EXPORT ASN1_OBJECT *X509_EXTENSION_get_object(const X509_EXTENSION *ex);
|
1110
|
+
|
1111
|
+
// X509_EXTENSION_get_data returns |ne|'s extension value. This function returns
|
1112
|
+
// a non-const pointer for OpenSSL compatibility, but callers should not mutate
|
1113
|
+
// the result.
|
1114
|
+
OPENSSL_EXPORT ASN1_OCTET_STRING *X509_EXTENSION_get_data(
|
1115
|
+
const X509_EXTENSION *ne);
|
1116
|
+
|
1117
|
+
// X509_EXTENSION_get_critical returns one if |ex| is critical and zero
|
1118
|
+
// otherwise.
|
1119
|
+
OPENSSL_EXPORT int X509_EXTENSION_get_critical(const X509_EXTENSION *ex);
|
1120
|
+
|
1121
|
+
// X509_EXTENSION_set_object sets |ex|'s extension type to |obj|. It returns one
|
1122
|
+
// on success and zero on error.
|
1123
|
+
OPENSSL_EXPORT int X509_EXTENSION_set_object(X509_EXTENSION *ex,
|
1124
|
+
const ASN1_OBJECT *obj);
|
1125
|
+
|
1126
|
+
// X509_EXTENSION_set_critical sets |ex| to critical if |crit| is non-zero and
|
1127
|
+
// to non-critical if |crit| is zero.
|
1128
|
+
OPENSSL_EXPORT int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit);
|
1129
|
+
|
1130
|
+
// X509_EXTENSION_set_data set's |ex|'s extension value to a copy of |data|. It
|
1131
|
+
// returns one on success and zero on error.
|
1132
|
+
OPENSSL_EXPORT int X509_EXTENSION_set_data(X509_EXTENSION *ex,
|
1133
|
+
const ASN1_OCTET_STRING *data);
|
1134
|
+
|
1135
|
+
|
1136
|
+
// Extension lists.
|
1137
|
+
//
|
1138
|
+
// The following functions manipulate lists of extensions. Most of them have
|
1139
|
+
// corresponding functions on the containing |X509|, |X509_CRL|, or
|
1140
|
+
// |X509_REVOKED|.
|
1141
|
+
|
1142
|
+
DEFINE_STACK_OF(X509_EXTENSION)
|
1143
|
+
typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS;
|
1144
|
+
|
1145
|
+
// X509_EXTENSIONS is an |ASN1_ITEM| whose ASN.1 type is SEQUENCE of Extension
|
1146
|
+
// (RFC 5280) and C type is |STACK_OF(X509_EXTENSION)*|.
|
1147
|
+
DECLARE_ASN1_ITEM(X509_EXTENSIONS)
|
1148
|
+
|
1149
|
+
// d2i_X509_EXTENSIONS parses up to |len| bytes from |*inp| as a DER-encoded
|
1150
|
+
// SEQUENCE OF Extension (RFC 5280), as described in |d2i_SAMPLE|.
|
1151
|
+
OPENSSL_EXPORT X509_EXTENSIONS *d2i_X509_EXTENSIONS(X509_EXTENSIONS **out,
|
1152
|
+
const uint8_t **inp,
|
1153
|
+
long len);
|
1154
|
+
|
1155
|
+
// i2d_X509_EXTENSIONS marshals |alg| as a DER-encoded SEQUENCE OF Extension
|
1156
|
+
// (RFC 5280), as described in |i2d_SAMPLE|.
|
1157
|
+
OPENSSL_EXPORT int i2d_X509_EXTENSIONS(const X509_EXTENSIONS *alg,
|
1158
|
+
uint8_t **outp);
|
1159
|
+
|
1160
|
+
// X509v3_get_ext_count returns the number of extensions in |x|.
|
1161
|
+
OPENSSL_EXPORT int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x);
|
1162
|
+
|
1163
|
+
// X509v3_get_ext_by_NID returns the index of the first extension in |x| with
|
1164
|
+
// type |nid|, or a negative number if not found. If found, callers can use
|
1165
|
+
// |X509v3_get_ext| to look up the extension by index.
|
1166
|
+
//
|
1167
|
+
// If |lastpos| is non-negative, it begins searching at |lastpos| + 1. Callers
|
1168
|
+
// can thus loop over all matching extensions by first passing -1 and then
|
1169
|
+
// passing the previously-returned value until no match is returned.
|
1170
|
+
OPENSSL_EXPORT int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x,
|
1171
|
+
int nid, int lastpos);
|
1172
|
+
|
1173
|
+
// X509v3_get_ext_by_OBJ behaves like |X509v3_get_ext_by_NID| but looks for
|
1174
|
+
// extensions matching |obj|.
|
1175
|
+
OPENSSL_EXPORT int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x,
|
1176
|
+
const ASN1_OBJECT *obj, int lastpos);
|
1177
|
+
|
1178
|
+
// X509v3_get_ext_by_critical returns the index of the first extension in |x|
|
1179
|
+
// whose critical bit matches |crit|, or a negative number if no such extension
|
1180
|
+
// was found.
|
1181
|
+
//
|
1182
|
+
// If |lastpos| is non-negative, it begins searching at |lastpos| + 1. Callers
|
1183
|
+
// can thus loop over all matching extensions by first passing -1 and then
|
1184
|
+
// passing the previously-returned value until no match is returned.
|
1185
|
+
OPENSSL_EXPORT int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x,
|
1186
|
+
int crit, int lastpos);
|
1187
|
+
|
1188
|
+
// X509v3_get_ext returns the extension in |x| at index |loc|, or NULL if |loc|
|
1189
|
+
// is out of bounds. This function returns a non-const pointer for OpenSSL
|
1190
|
+
// compatibility, but callers should not mutate the result.
|
1191
|
+
OPENSSL_EXPORT X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x,
|
1192
|
+
int loc);
|
1193
|
+
|
1194
|
+
// X509v3_delete_ext removes the extension in |x| at index |loc| and returns the
|
1195
|
+
// removed extension, or NULL if |loc| was out of bounds. If an extension was
|
1196
|
+
// returned, the caller must release it with |X509_EXTENSION_free|.
|
1197
|
+
OPENSSL_EXPORT X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x,
|
1198
|
+
int loc);
|
1199
|
+
|
1200
|
+
// X509v3_add_ext adds a copy of |ex| to the extension list in |*x|. If |*x| is
|
1201
|
+
// NULL, it allocates a new |STACK_OF(X509_EXTENSION)| to hold the copy and sets
|
1202
|
+
// |*x| to the new list. It returns |*x| on success and NULL on error. The
|
1203
|
+
// caller retains ownership of |ex| and can release it independently of |*x|.
|
1204
|
+
//
|
1205
|
+
// The new extension is inserted at index |loc|, shifting extensions to the
|
1206
|
+
// right. If |loc| is -1 or out of bounds, the new extension is appended to the
|
1207
|
+
// list.
|
1208
|
+
OPENSSL_EXPORT STACK_OF(X509_EXTENSION) *X509v3_add_ext(
|
1209
|
+
STACK_OF(X509_EXTENSION) **x, const X509_EXTENSION *ex, int loc);
|
733
1210
|
|
734
|
-
|
735
|
-
|
736
|
-
|
737
|
-
|
738
|
-
|
739
|
-
|
740
|
-
|
1211
|
+
|
1212
|
+
// Algorithm identifiers.
|
1213
|
+
//
|
1214
|
+
// An |X509_ALGOR| represents an AlgorithmIdentifier structure, used in X.509
|
1215
|
+
// to represent signature algorithms and public key algorithms.
|
1216
|
+
|
1217
|
+
DEFINE_STACK_OF(X509_ALGOR)
|
1218
|
+
|
1219
|
+
// X509_ALGOR is an |ASN1_ITEM| whose ASN.1 type is AlgorithmIdentifier and C
|
1220
|
+
// type is |X509_ALGOR*|.
|
1221
|
+
DECLARE_ASN1_ITEM(X509_ALGOR)
|
1222
|
+
|
1223
|
+
// X509_ALGOR_new returns a newly-allocated, empty |X509_ALGOR| object, or NULL
|
1224
|
+
// on error.
|
1225
|
+
OPENSSL_EXPORT X509_ALGOR *X509_ALGOR_new(void);
|
1226
|
+
|
1227
|
+
// X509_ALGOR_dup returns a newly-allocated copy of |alg|, or NULL on error.
|
1228
|
+
// This function works by serializing the structure, so if |alg| is incomplete,
|
1229
|
+
// it may fail.
|
1230
|
+
OPENSSL_EXPORT X509_ALGOR *X509_ALGOR_dup(const X509_ALGOR *alg);
|
1231
|
+
|
1232
|
+
// X509_ALGOR_free releases memory associated with |alg|.
|
1233
|
+
OPENSSL_EXPORT void X509_ALGOR_free(X509_ALGOR *alg);
|
1234
|
+
|
1235
|
+
// d2i_X509_ALGOR parses up to |len| bytes from |*inp| as a DER-encoded
|
1236
|
+
// AlgorithmIdentifier, as described in |d2i_SAMPLE|.
|
1237
|
+
OPENSSL_EXPORT X509_ALGOR *d2i_X509_ALGOR(X509_ALGOR **out, const uint8_t **inp,
|
1238
|
+
long len);
|
1239
|
+
|
1240
|
+
// i2d_X509_ALGOR marshals |alg| as a DER-encoded AlgorithmIdentifier, as
|
1241
|
+
// described in |i2d_SAMPLE|.
|
1242
|
+
OPENSSL_EXPORT int i2d_X509_ALGOR(const X509_ALGOR *alg, uint8_t **outp);
|
741
1243
|
|
742
1244
|
// X509_ALGOR_set0 sets |alg| to an AlgorithmIdentifier with algorithm |obj| and
|
743
1245
|
// parameter determined by |param_type| and |param_value|. It returns one on
|
@@ -778,22 +1280,553 @@ OPENSSL_EXPORT void X509_ALGOR_get0(const ASN1_OBJECT **out_obj,
|
|
778
1280
|
const void **out_param_value,
|
779
1281
|
const X509_ALGOR *alg);
|
780
1282
|
|
781
|
-
// X509_ALGOR_set_md sets |alg| to the hash function |md|. Note this
|
782
|
-
// AlgorithmIdentifier represents the hash function itself, not a signature
|
783
|
-
// algorithm that uses |md|.
|
784
|
-
OPENSSL_EXPORT void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md);
|
1283
|
+
// X509_ALGOR_set_md sets |alg| to the hash function |md|. Note this
|
1284
|
+
// AlgorithmIdentifier represents the hash function itself, not a signature
|
1285
|
+
// algorithm that uses |md|.
|
1286
|
+
OPENSSL_EXPORT void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md);
|
1287
|
+
|
1288
|
+
// X509_ALGOR_cmp returns zero if |a| and |b| are equal, and some non-zero value
|
1289
|
+
// otherwise. Note this function can only be used for equality checks, not an
|
1290
|
+
// ordering.
|
1291
|
+
OPENSSL_EXPORT int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b);
|
1292
|
+
|
1293
|
+
|
1294
|
+
// Printing functions.
|
1295
|
+
//
|
1296
|
+
// The following functions output human-readable representations of
|
1297
|
+
// X.509-related structures. They should only be used for debugging or logging
|
1298
|
+
// and not parsed programmatically.
|
1299
|
+
|
1300
|
+
// X509_signature_dump writes a human-readable representation of |sig| to |bio|,
|
1301
|
+
// indented with |indent| spaces. It returns one on success and zero on error.
|
1302
|
+
OPENSSL_EXPORT int X509_signature_dump(BIO *bio, const ASN1_STRING *sig,
|
1303
|
+
int indent);
|
1304
|
+
|
1305
|
+
// X509_signature_print writes a human-readable representation of |alg| and
|
1306
|
+
// |sig| to |bio|. It returns one on success and zero on error.
|
1307
|
+
OPENSSL_EXPORT int X509_signature_print(BIO *bio, const X509_ALGOR *alg,
|
1308
|
+
const ASN1_STRING *sig);
|
1309
|
+
|
1310
|
+
|
1311
|
+
// Convenience functions.
|
1312
|
+
|
1313
|
+
// X509_pubkey_digest hashes the contents of the BIT STRING in |x509|'s
|
1314
|
+
// subjectPublicKeyInfo field with |md| and writes the result to |out|.
|
1315
|
+
// |EVP_MD_CTX_size| bytes are written, which is at most |EVP_MAX_MD_SIZE|. If
|
1316
|
+
// |out_len| is not NULL, |*out_len| is set to the number of bytes written. This
|
1317
|
+
// function returns one on success and zero on error.
|
1318
|
+
//
|
1319
|
+
// This hash omits the BIT STRING tag, length, and number of unused bits. It
|
1320
|
+
// also omits the AlgorithmIdentifier which describes the key type. It
|
1321
|
+
// corresponds to the OCSP KeyHash definition and is not suitable for other
|
1322
|
+
// purposes.
|
1323
|
+
OPENSSL_EXPORT int X509_pubkey_digest(const X509 *x509, const EVP_MD *md,
|
1324
|
+
uint8_t *out, unsigned *out_len);
|
1325
|
+
|
1326
|
+
// X509_digest hashes |x509|'s DER encoding with |md| and writes the result to
|
1327
|
+
// |out|. |EVP_MD_CTX_size| bytes are written, which is at most
|
1328
|
+
// |EVP_MAX_MD_SIZE|. If |out_len| is not NULL, |*out_len| is set to the number
|
1329
|
+
// of bytes written. This function returns one on success and zero on error.
|
1330
|
+
// Note this digest covers the entire certificate, not just the signed portion.
|
1331
|
+
OPENSSL_EXPORT int X509_digest(const X509 *x509, const EVP_MD *md, uint8_t *out,
|
1332
|
+
unsigned *out_len);
|
1333
|
+
|
1334
|
+
// X509_CRL_digest hashes |crl|'s DER encoding with |md| and writes the result
|
1335
|
+
// to |out|. |EVP_MD_CTX_size| bytes are written, which is at most
|
1336
|
+
// |EVP_MAX_MD_SIZE|. If |out_len| is not NULL, |*out_len| is set to the number
|
1337
|
+
// of bytes written. This function returns one on success and zero on error.
|
1338
|
+
// Note this digest covers the entire CRL, not just the signed portion.
|
1339
|
+
OPENSSL_EXPORT int X509_CRL_digest(const X509_CRL *crl, const EVP_MD *md,
|
1340
|
+
uint8_t *out, unsigned *out_len);
|
1341
|
+
|
1342
|
+
// X509_REQ_digest hashes |req|'s DER encoding with |md| and writes the result
|
1343
|
+
// to |out|. |EVP_MD_CTX_size| bytes are written, which is at most
|
1344
|
+
// |EVP_MAX_MD_SIZE|. If |out_len| is not NULL, |*out_len| is set to the number
|
1345
|
+
// of bytes written. This function returns one on success and zero on error.
|
1346
|
+
// Note this digest covers the entire certificate request, not just the signed
|
1347
|
+
// portion.
|
1348
|
+
OPENSSL_EXPORT int X509_REQ_digest(const X509_REQ *req, const EVP_MD *md,
|
1349
|
+
uint8_t *out, unsigned *out_len);
|
1350
|
+
|
1351
|
+
// X509_NAME_digest hashes |name|'s DER encoding with |md| and writes the result
|
1352
|
+
// to |out|. |EVP_MD_CTX_size| bytes are written, which is at most
|
1353
|
+
// |EVP_MAX_MD_SIZE|. If |out_len| is not NULL, |*out_len| is set to the number
|
1354
|
+
// of bytes written. This function returns one on success and zero on error.
|
1355
|
+
OPENSSL_EXPORT int X509_NAME_digest(const X509_NAME *name, const EVP_MD *md,
|
1356
|
+
uint8_t *out, unsigned *out_len);
|
1357
|
+
|
1358
|
+
// The following functions behave like the corresponding unsuffixed |d2i_*|
|
1359
|
+
// functions, but read the result from |bp| instead. Callers using these
|
1360
|
+
// functions with memory |BIO|s to parse structures already in memory should use
|
1361
|
+
// |d2i_*| instead.
|
1362
|
+
OPENSSL_EXPORT X509 *d2i_X509_bio(BIO *bp, X509 **x509);
|
1363
|
+
OPENSSL_EXPORT X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl);
|
1364
|
+
OPENSSL_EXPORT X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req);
|
1365
|
+
OPENSSL_EXPORT RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa);
|
1366
|
+
OPENSSL_EXPORT RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa);
|
1367
|
+
OPENSSL_EXPORT RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa);
|
1368
|
+
OPENSSL_EXPORT DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa);
|
1369
|
+
OPENSSL_EXPORT DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa);
|
1370
|
+
OPENSSL_EXPORT EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey);
|
1371
|
+
OPENSSL_EXPORT EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey);
|
1372
|
+
OPENSSL_EXPORT X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8);
|
1373
|
+
OPENSSL_EXPORT PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(
|
1374
|
+
BIO *bp, PKCS8_PRIV_KEY_INFO **p8inf);
|
1375
|
+
OPENSSL_EXPORT EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
|
1376
|
+
OPENSSL_EXPORT DH *d2i_DHparams_bio(BIO *bp, DH **dh);
|
1377
|
+
|
1378
|
+
// d2i_PrivateKey_bio behaves like |d2i_AutoPrivateKey|, but reads from |bp|
|
1379
|
+
// instead.
|
1380
|
+
OPENSSL_EXPORT EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
|
1381
|
+
|
1382
|
+
// The following functions behave like the corresponding unsuffixed |i2d_*|
|
1383
|
+
// functions, but write the result to |bp|. They return one on success and zero
|
1384
|
+
// on error. Callers using them with memory |BIO|s to encode structures to
|
1385
|
+
// memory should use |i2d_*| directly instead.
|
1386
|
+
OPENSSL_EXPORT int i2d_X509_bio(BIO *bp, X509 *x509);
|
1387
|
+
OPENSSL_EXPORT int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl);
|
1388
|
+
OPENSSL_EXPORT int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req);
|
1389
|
+
OPENSSL_EXPORT int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa);
|
1390
|
+
OPENSSL_EXPORT int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa);
|
1391
|
+
OPENSSL_EXPORT int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa);
|
1392
|
+
OPENSSL_EXPORT int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa);
|
1393
|
+
OPENSSL_EXPORT int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa);
|
1394
|
+
OPENSSL_EXPORT int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *eckey);
|
1395
|
+
OPENSSL_EXPORT int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey);
|
1396
|
+
OPENSSL_EXPORT int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8);
|
1397
|
+
OPENSSL_EXPORT int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
|
1398
|
+
PKCS8_PRIV_KEY_INFO *p8inf);
|
1399
|
+
OPENSSL_EXPORT int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey);
|
1400
|
+
OPENSSL_EXPORT int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey);
|
1401
|
+
OPENSSL_EXPORT int i2d_DHparams_bio(BIO *bp, const DH *dh);
|
1402
|
+
|
1403
|
+
// i2d_PKCS8PrivateKeyInfo_bio encodes |key| as a PKCS#8 PrivateKeyInfo
|
1404
|
+
// structure (see |EVP_marshal_private_key|) and writes the result to |bp|. It
|
1405
|
+
// returns one on success and zero on error.
|
1406
|
+
OPENSSL_EXPORT int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key);
|
1407
|
+
|
1408
|
+
// The following functions behave like the corresponding |d2i_*_bio| functions,
|
1409
|
+
// but read from |fp| instead.
|
1410
|
+
OPENSSL_EXPORT X509 *d2i_X509_fp(FILE *fp, X509 **x509);
|
1411
|
+
OPENSSL_EXPORT X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl);
|
1412
|
+
OPENSSL_EXPORT X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req);
|
1413
|
+
OPENSSL_EXPORT RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa);
|
1414
|
+
OPENSSL_EXPORT RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa);
|
1415
|
+
OPENSSL_EXPORT RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa);
|
1416
|
+
OPENSSL_EXPORT DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa);
|
1417
|
+
OPENSSL_EXPORT DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa);
|
1418
|
+
OPENSSL_EXPORT EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey);
|
1419
|
+
OPENSSL_EXPORT EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey);
|
1420
|
+
OPENSSL_EXPORT X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8);
|
1421
|
+
OPENSSL_EXPORT PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(
|
1422
|
+
FILE *fp, PKCS8_PRIV_KEY_INFO **p8inf);
|
1423
|
+
OPENSSL_EXPORT EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
|
1424
|
+
OPENSSL_EXPORT EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
|
1425
|
+
|
1426
|
+
// The following functions behave like the corresponding |i2d_*_bio| functions,
|
1427
|
+
// but write to |fp| instead.
|
1428
|
+
OPENSSL_EXPORT int i2d_X509_fp(FILE *fp, X509 *x509);
|
1429
|
+
OPENSSL_EXPORT int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl);
|
1430
|
+
OPENSSL_EXPORT int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req);
|
1431
|
+
OPENSSL_EXPORT int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa);
|
1432
|
+
OPENSSL_EXPORT int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa);
|
1433
|
+
OPENSSL_EXPORT int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa);
|
1434
|
+
OPENSSL_EXPORT int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa);
|
1435
|
+
OPENSSL_EXPORT int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa);
|
1436
|
+
OPENSSL_EXPORT int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey);
|
1437
|
+
OPENSSL_EXPORT int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey);
|
1438
|
+
OPENSSL_EXPORT int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8);
|
1439
|
+
OPENSSL_EXPORT int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
|
1440
|
+
PKCS8_PRIV_KEY_INFO *p8inf);
|
1441
|
+
OPENSSL_EXPORT int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key);
|
1442
|
+
OPENSSL_EXPORT int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey);
|
1443
|
+
OPENSSL_EXPORT int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey);
|
1444
|
+
|
1445
|
+
// X509_find_by_issuer_and_serial returns the first |X509| in |sk| whose issuer
|
1446
|
+
// and serial are |name| and |serial|, respectively. If no match is found, it
|
1447
|
+
// returns NULL.
|
1448
|
+
OPENSSL_EXPORT X509 *X509_find_by_issuer_and_serial(const STACK_OF(X509) *sk,
|
1449
|
+
X509_NAME *name,
|
1450
|
+
const ASN1_INTEGER *serial);
|
1451
|
+
|
1452
|
+
// X509_find_by_subject returns the first |X509| in |sk| whose subject is
|
1453
|
+
// |name|. If no match is found, it returns NULL.
|
1454
|
+
OPENSSL_EXPORT X509 *X509_find_by_subject(const STACK_OF(X509) *sk,
|
1455
|
+
X509_NAME *name);
|
1456
|
+
|
1457
|
+
|
1458
|
+
// ex_data functions.
|
1459
|
+
//
|
1460
|
+
// See |ex_data.h| for details.
|
1461
|
+
|
1462
|
+
OPENSSL_EXPORT int X509_get_ex_new_index(long argl, void *argp,
|
1463
|
+
CRYPTO_EX_unused *unused,
|
1464
|
+
CRYPTO_EX_dup *dup_unused,
|
1465
|
+
CRYPTO_EX_free *free_func);
|
1466
|
+
OPENSSL_EXPORT int X509_set_ex_data(X509 *r, int idx, void *arg);
|
1467
|
+
OPENSSL_EXPORT void *X509_get_ex_data(X509 *r, int idx);
|
1468
|
+
|
1469
|
+
OPENSSL_EXPORT int X509_STORE_CTX_get_ex_new_index(long argl, void *argp,
|
1470
|
+
CRYPTO_EX_unused *unused,
|
1471
|
+
CRYPTO_EX_dup *dup_unused,
|
1472
|
+
CRYPTO_EX_free *free_func);
|
1473
|
+
OPENSSL_EXPORT int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx,
|
1474
|
+
void *data);
|
1475
|
+
OPENSSL_EXPORT void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx);
|
1476
|
+
|
1477
|
+
|
1478
|
+
// Deprecated functions.
|
1479
|
+
|
1480
|
+
// X509_get_notBefore returns |x509|'s notBefore time. Note this function is not
|
1481
|
+
// const-correct for legacy reasons. Use |X509_get0_notBefore| or
|
1482
|
+
// |X509_getm_notBefore| instead.
|
1483
|
+
OPENSSL_EXPORT ASN1_TIME *X509_get_notBefore(const X509 *x509);
|
1484
|
+
|
1485
|
+
// X509_get_notAfter returns |x509|'s notAfter time. Note this function is not
|
1486
|
+
// const-correct for legacy reasons. Use |X509_get0_notAfter| or
|
1487
|
+
// |X509_getm_notAfter| instead.
|
1488
|
+
OPENSSL_EXPORT ASN1_TIME *X509_get_notAfter(const X509 *x509);
|
1489
|
+
|
1490
|
+
// X509_set_notBefore calls |X509_set1_notBefore|. Use |X509_set1_notBefore|
|
1491
|
+
// instead.
|
1492
|
+
OPENSSL_EXPORT int X509_set_notBefore(X509 *x509, const ASN1_TIME *tm);
|
1493
|
+
|
1494
|
+
// X509_set_notAfter calls |X509_set1_notAfter|. Use |X509_set1_notAfter|
|
1495
|
+
// instead.
|
1496
|
+
OPENSSL_EXPORT int X509_set_notAfter(X509 *x509, const ASN1_TIME *tm);
|
1497
|
+
|
1498
|
+
// X509_CRL_get_lastUpdate returns a mutable pointer to |crl|'s thisUpdate time.
|
1499
|
+
// The OpenSSL API refers to this field as lastUpdate.
|
1500
|
+
//
|
1501
|
+
// Use |X509_CRL_get0_lastUpdate| or |X509_CRL_set1_lastUpdate| instead.
|
1502
|
+
OPENSSL_EXPORT ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl);
|
1503
|
+
|
1504
|
+
// X509_CRL_get_nextUpdate returns a mutable pointer to |crl|'s nextUpdate time,
|
1505
|
+
// or NULL if |crl| has none. Use |X509_CRL_get0_nextUpdate| or
|
1506
|
+
// |X509_CRL_set1_nextUpdate| instead.
|
1507
|
+
OPENSSL_EXPORT ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl);
|
1508
|
+
|
1509
|
+
// X509_extract_key is a legacy alias to |X509_get_pubkey|. Use
|
1510
|
+
// |X509_get_pubkey| instead.
|
1511
|
+
#define X509_extract_key(x) X509_get_pubkey(x)
|
1512
|
+
|
1513
|
+
// X509_REQ_extract_key is a legacy alias for |X509_REQ_get_pubkey|.
|
1514
|
+
#define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a)
|
1515
|
+
|
1516
|
+
// X509_name_cmp is a legacy alias for |X509_NAME_cmp|.
|
1517
|
+
#define X509_name_cmp(a, b) X509_NAME_cmp((a), (b))
|
1518
|
+
|
1519
|
+
// The following symbols are deprecated aliases to |X509_CRL_set1_*|.
|
1520
|
+
#define X509_CRL_set_lastUpdate X509_CRL_set1_lastUpdate
|
1521
|
+
#define X509_CRL_set_nextUpdate X509_CRL_set1_nextUpdate
|
1522
|
+
|
1523
|
+
// X509_get_serialNumber returns a mutable pointer to |x509|'s serial number.
|
1524
|
+
// Prefer |X509_get0_serialNumber|.
|
1525
|
+
OPENSSL_EXPORT ASN1_INTEGER *X509_get_serialNumber(X509 *x509);
|
1526
|
+
|
1527
|
+
// X509_NAME_get_text_by_OBJ finds the first attribute with type |obj| in
|
1528
|
+
// |name|. If found, it ignores the value's ASN.1 type, writes the raw
|
1529
|
+
// |ASN1_STRING| representation to |buf|, followed by a NUL byte, and
|
1530
|
+
// returns the number of bytes in output, excluding the NUL byte.
|
1531
|
+
//
|
1532
|
+
// This function writes at most |len| bytes, including the NUL byte. If |len| is
|
1533
|
+
// not large enough, it silently truncates the output to fit. If |buf| is NULL,
|
1534
|
+
// it instead writes enough and returns the number of bytes in the output,
|
1535
|
+
// excluding the NUL byte.
|
1536
|
+
//
|
1537
|
+
// WARNING: Do not use this function. It does not return enough information for
|
1538
|
+
// the caller to correctly interpret its output. The attribute value may be of
|
1539
|
+
// any type, including one of several ASN.1 string encodings, but this function
|
1540
|
+
// only outputs the raw |ASN1_STRING| representation. See
|
1541
|
+
// https://crbug.com/boringssl/436.
|
1542
|
+
OPENSSL_EXPORT int X509_NAME_get_text_by_OBJ(const X509_NAME *name,
|
1543
|
+
const ASN1_OBJECT *obj, char *buf,
|
1544
|
+
int len);
|
1545
|
+
|
1546
|
+
// X509_NAME_get_text_by_NID behaves like |X509_NAME_get_text_by_OBJ| except it
|
1547
|
+
// finds an attribute of type |nid|, which should be one of the |NID_*|
|
1548
|
+
// constants.
|
1549
|
+
OPENSSL_EXPORT int X509_NAME_get_text_by_NID(const X509_NAME *name, int nid,
|
1550
|
+
char *buf, int len);
|
1551
|
+
|
1552
|
+
|
1553
|
+
// Private structures.
|
1554
|
+
|
1555
|
+
struct X509_algor_st {
|
1556
|
+
ASN1_OBJECT *algorithm;
|
1557
|
+
ASN1_TYPE *parameter;
|
1558
|
+
} /* X509_ALGOR */;
|
1559
|
+
|
1560
|
+
|
1561
|
+
// Functions below this point have not yet been organized into sections.
|
1562
|
+
|
1563
|
+
#define X509_FILETYPE_PEM 1
|
1564
|
+
#define X509_FILETYPE_ASN1 2
|
1565
|
+
#define X509_FILETYPE_DEFAULT 3
|
1566
|
+
|
1567
|
+
#define X509v3_KU_DIGITAL_SIGNATURE 0x0080
|
1568
|
+
#define X509v3_KU_NON_REPUDIATION 0x0040
|
1569
|
+
#define X509v3_KU_KEY_ENCIPHERMENT 0x0020
|
1570
|
+
#define X509v3_KU_DATA_ENCIPHERMENT 0x0010
|
1571
|
+
#define X509v3_KU_KEY_AGREEMENT 0x0008
|
1572
|
+
#define X509v3_KU_KEY_CERT_SIGN 0x0004
|
1573
|
+
#define X509v3_KU_CRL_SIGN 0x0002
|
1574
|
+
#define X509v3_KU_ENCIPHER_ONLY 0x0001
|
1575
|
+
#define X509v3_KU_DECIPHER_ONLY 0x8000
|
1576
|
+
#define X509v3_KU_UNDEF 0xffff
|
1577
|
+
|
1578
|
+
DEFINE_STACK_OF(X509_ATTRIBUTE)
|
1579
|
+
|
1580
|
+
// This stuff is certificate "auxiliary info"
|
1581
|
+
// it contains details which are useful in certificate
|
1582
|
+
// stores and databases. When used this is tagged onto
|
1583
|
+
// the end of the certificate itself
|
1584
|
+
|
1585
|
+
DECLARE_STACK_OF(DIST_POINT)
|
1586
|
+
DECLARE_STACK_OF(GENERAL_NAME)
|
1587
|
+
|
1588
|
+
// This is used for a table of trust checking functions
|
1589
|
+
|
1590
|
+
struct x509_trust_st {
|
1591
|
+
int trust;
|
1592
|
+
int flags;
|
1593
|
+
int (*check_trust)(struct x509_trust_st *, X509 *, int);
|
1594
|
+
char *name;
|
1595
|
+
int arg1;
|
1596
|
+
void *arg2;
|
1597
|
+
} /* X509_TRUST */;
|
1598
|
+
|
1599
|
+
DEFINE_STACK_OF(X509_TRUST)
|
1600
|
+
|
1601
|
+
// standard trust ids
|
1602
|
+
|
1603
|
+
#define X509_TRUST_DEFAULT (-1) // Only valid in purpose settings
|
1604
|
+
|
1605
|
+
#define X509_TRUST_COMPAT 1
|
1606
|
+
#define X509_TRUST_SSL_CLIENT 2
|
1607
|
+
#define X509_TRUST_SSL_SERVER 3
|
1608
|
+
#define X509_TRUST_EMAIL 4
|
1609
|
+
#define X509_TRUST_OBJECT_SIGN 5
|
1610
|
+
#define X509_TRUST_OCSP_SIGN 6
|
1611
|
+
#define X509_TRUST_OCSP_REQUEST 7
|
1612
|
+
#define X509_TRUST_TSA 8
|
1613
|
+
|
1614
|
+
// Keep these up to date!
|
1615
|
+
#define X509_TRUST_MIN 1
|
1616
|
+
#define X509_TRUST_MAX 8
|
1617
|
+
|
1618
|
+
|
1619
|
+
// trust_flags values
|
1620
|
+
#define X509_TRUST_DYNAMIC 1
|
1621
|
+
#define X509_TRUST_DYNAMIC_NAME 2
|
1622
|
+
|
1623
|
+
// check_trust return codes
|
1624
|
+
|
1625
|
+
#define X509_TRUST_TRUSTED 1
|
1626
|
+
#define X509_TRUST_REJECTED 2
|
1627
|
+
#define X509_TRUST_UNTRUSTED 3
|
1628
|
+
|
1629
|
+
// Flags for X509_print_ex()
|
1630
|
+
|
1631
|
+
#define X509_FLAG_COMPAT 0
|
1632
|
+
#define X509_FLAG_NO_HEADER 1L
|
1633
|
+
#define X509_FLAG_NO_VERSION (1L << 1)
|
1634
|
+
#define X509_FLAG_NO_SERIAL (1L << 2)
|
1635
|
+
#define X509_FLAG_NO_SIGNAME (1L << 3)
|
1636
|
+
#define X509_FLAG_NO_ISSUER (1L << 4)
|
1637
|
+
#define X509_FLAG_NO_VALIDITY (1L << 5)
|
1638
|
+
#define X509_FLAG_NO_SUBJECT (1L << 6)
|
1639
|
+
#define X509_FLAG_NO_PUBKEY (1L << 7)
|
1640
|
+
#define X509_FLAG_NO_EXTENSIONS (1L << 8)
|
1641
|
+
#define X509_FLAG_NO_SIGDUMP (1L << 9)
|
1642
|
+
#define X509_FLAG_NO_AUX (1L << 10)
|
1643
|
+
#define X509_FLAG_NO_ATTRIBUTES (1L << 11)
|
1644
|
+
#define X509_FLAG_NO_IDS (1L << 12)
|
1645
|
+
|
1646
|
+
// Flags specific to X509_NAME_print_ex(). These flags must not collide with
|
1647
|
+
// |ASN1_STRFLGS_*|.
|
1648
|
+
|
1649
|
+
// The field separator information
|
1650
|
+
|
1651
|
+
#define XN_FLAG_SEP_MASK (0xf << 16)
|
1652
|
+
|
1653
|
+
#define XN_FLAG_COMPAT 0 // Traditional SSLeay: use old X509_NAME_print
|
1654
|
+
#define XN_FLAG_SEP_COMMA_PLUS (1 << 16) // RFC 2253 ,+
|
1655
|
+
#define XN_FLAG_SEP_CPLUS_SPC (2 << 16) // ,+ spaced: more readable
|
1656
|
+
#define XN_FLAG_SEP_SPLUS_SPC (3 << 16) // ;+ spaced
|
1657
|
+
#define XN_FLAG_SEP_MULTILINE (4 << 16) // One line per field
|
1658
|
+
|
1659
|
+
#define XN_FLAG_DN_REV (1 << 20) // Reverse DN order
|
1660
|
+
|
1661
|
+
// How the field name is shown
|
1662
|
+
|
1663
|
+
#define XN_FLAG_FN_MASK (0x3 << 21)
|
1664
|
+
|
1665
|
+
#define XN_FLAG_FN_SN 0 // Object short name
|
1666
|
+
#define XN_FLAG_FN_LN (1 << 21) // Object long name
|
1667
|
+
#define XN_FLAG_FN_OID (2 << 21) // Always use OIDs
|
1668
|
+
#define XN_FLAG_FN_NONE (3 << 21) // No field names
|
1669
|
+
|
1670
|
+
#define XN_FLAG_SPC_EQ (1 << 23) // Put spaces round '='
|
1671
|
+
|
1672
|
+
// This determines if we dump fields we don't recognise:
|
1673
|
+
// RFC 2253 requires this.
|
1674
|
+
|
1675
|
+
#define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24)
|
1676
|
+
|
1677
|
+
#define XN_FLAG_FN_ALIGN (1 << 25) // Align field names to 20 characters
|
1678
|
+
|
1679
|
+
// Complete set of RFC 2253 flags
|
1680
|
+
|
1681
|
+
#define XN_FLAG_RFC2253 \
|
1682
|
+
(ASN1_STRFLGS_RFC2253 | XN_FLAG_SEP_COMMA_PLUS | XN_FLAG_DN_REV | \
|
1683
|
+
XN_FLAG_FN_SN | XN_FLAG_DUMP_UNKNOWN_FIELDS)
|
1684
|
+
|
1685
|
+
// readable oneline form
|
1686
|
+
|
1687
|
+
#define XN_FLAG_ONELINE \
|
1688
|
+
(ASN1_STRFLGS_RFC2253 | ASN1_STRFLGS_ESC_QUOTE | XN_FLAG_SEP_CPLUS_SPC | \
|
1689
|
+
XN_FLAG_SPC_EQ | XN_FLAG_FN_SN)
|
1690
|
+
|
1691
|
+
// readable multiline form
|
1692
|
+
|
1693
|
+
#define XN_FLAG_MULTILINE \
|
1694
|
+
(ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB | XN_FLAG_SEP_MULTILINE | \
|
1695
|
+
XN_FLAG_SPC_EQ | XN_FLAG_FN_LN | XN_FLAG_FN_ALIGN)
|
1696
|
+
|
1697
|
+
DEFINE_STACK_OF(X509_REVOKED)
|
1698
|
+
|
1699
|
+
DECLARE_STACK_OF(GENERAL_NAMES)
|
1700
|
+
|
1701
|
+
struct private_key_st {
|
1702
|
+
int version;
|
1703
|
+
// The PKCS#8 data types
|
1704
|
+
X509_ALGOR *enc_algor;
|
1705
|
+
ASN1_OCTET_STRING *enc_pkey; // encrypted pub key
|
1706
|
+
|
1707
|
+
// When decrypted, the following will not be NULL
|
1708
|
+
EVP_PKEY *dec_pkey;
|
1709
|
+
|
1710
|
+
// used to encrypt and decrypt
|
1711
|
+
int key_length;
|
1712
|
+
char *key_data;
|
1713
|
+
int key_free; // true if we should auto free key_data
|
1714
|
+
|
1715
|
+
// expanded version of 'enc_algor'
|
1716
|
+
EVP_CIPHER_INFO cipher;
|
1717
|
+
} /* X509_PKEY */;
|
1718
|
+
|
1719
|
+
struct X509_info_st {
|
1720
|
+
X509 *x509;
|
1721
|
+
X509_CRL *crl;
|
1722
|
+
X509_PKEY *x_pkey;
|
1723
|
+
|
1724
|
+
EVP_CIPHER_INFO enc_cipher;
|
1725
|
+
int enc_len;
|
1726
|
+
char *enc_data;
|
1727
|
+
|
1728
|
+
} /* X509_INFO */;
|
1729
|
+
|
1730
|
+
DEFINE_STACK_OF(X509_INFO)
|
1731
|
+
|
1732
|
+
// The next 2 structures and their 8 routines were sent to me by
|
1733
|
+
// Pat Richard <patr@x509.com> and are used to manipulate
|
1734
|
+
// Netscapes spki structures - useful if you are writing a CA web page
|
1735
|
+
struct Netscape_spkac_st {
|
1736
|
+
X509_PUBKEY *pubkey;
|
1737
|
+
ASN1_IA5STRING *challenge; // challenge sent in atlas >= PR2
|
1738
|
+
} /* NETSCAPE_SPKAC */;
|
1739
|
+
|
1740
|
+
struct Netscape_spki_st {
|
1741
|
+
NETSCAPE_SPKAC *spkac; // signed public key and challenge
|
1742
|
+
X509_ALGOR *sig_algor;
|
1743
|
+
ASN1_BIT_STRING *signature;
|
1744
|
+
} /* NETSCAPE_SPKI */;
|
1745
|
+
|
1746
|
+
// X509_get_pathlen returns path length constraint from the basic constraints
|
1747
|
+
// extension in |x509|. (See RFC 5280, section 4.2.1.9.) It returns -1 if the
|
1748
|
+
// constraint is not present, or if some extension in |x509| was invalid.
|
1749
|
+
//
|
1750
|
+
// Note that decoding an |X509| object will not check for invalid extensions. To
|
1751
|
+
// detect the error case, call |X509_get_extensions_flags| and check the
|
1752
|
+
// |EXFLAG_INVALID| bit.
|
1753
|
+
OPENSSL_EXPORT long X509_get_pathlen(X509 *x509);
|
1754
|
+
|
1755
|
+
// X509_SIG_get0 sets |*out_alg| and |*out_digest| to non-owning pointers to
|
1756
|
+
// |sig|'s algorithm and digest fields, respectively. Either |out_alg| and
|
1757
|
+
// |out_digest| may be NULL to skip those fields.
|
1758
|
+
OPENSSL_EXPORT void X509_SIG_get0(const X509_SIG *sig,
|
1759
|
+
const X509_ALGOR **out_alg,
|
1760
|
+
const ASN1_OCTET_STRING **out_digest);
|
1761
|
+
|
1762
|
+
// X509_SIG_getm behaves like |X509_SIG_get0| but returns mutable pointers.
|
1763
|
+
OPENSSL_EXPORT void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **out_alg,
|
1764
|
+
ASN1_OCTET_STRING **out_digest);
|
1765
|
+
|
1766
|
+
// X509_verify_cert_error_string returns |err| as a human-readable string, where
|
1767
|
+
// |err| should be one of the |X509_V_*| values. If |err| is unknown, it returns
|
1768
|
+
// a default description.
|
1769
|
+
OPENSSL_EXPORT const char *X509_verify_cert_error_string(long err);
|
1770
|
+
|
1771
|
+
// X509_verify checks that |x509| has a valid signature by |pkey|. It returns
|
1772
|
+
// one if the signature is valid and zero otherwise. Note this function only
|
1773
|
+
// checks the signature itself and does not perform a full certificate
|
1774
|
+
// validation.
|
1775
|
+
OPENSSL_EXPORT int X509_verify(X509 *x509, EVP_PKEY *pkey);
|
1776
|
+
|
1777
|
+
// X509_REQ_verify checks that |req| has a valid signature by |pkey|. It returns
|
1778
|
+
// one if the signature is valid and zero otherwise.
|
1779
|
+
OPENSSL_EXPORT int X509_REQ_verify(X509_REQ *req, EVP_PKEY *pkey);
|
1780
|
+
|
1781
|
+
// X509_CRL_verify checks that |crl| has a valid signature by |pkey|. It returns
|
1782
|
+
// one if the signature is valid and zero otherwise.
|
1783
|
+
OPENSSL_EXPORT int X509_CRL_verify(X509_CRL *crl, EVP_PKEY *pkey);
|
1784
|
+
|
1785
|
+
// NETSCAPE_SPKI_verify checks that |spki| has a valid signature by |pkey|. It
|
1786
|
+
// returns one if the signature is valid and zero otherwise.
|
1787
|
+
OPENSSL_EXPORT int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *spki, EVP_PKEY *pkey);
|
1788
|
+
|
1789
|
+
// NETSCAPE_SPKI_b64_decode decodes |len| bytes from |str| as a base64-encoded
|
1790
|
+
// Netscape signed public key and challenge (SPKAC) structure. It returns a
|
1791
|
+
// newly-allocated |NETSCAPE_SPKI| structure with the result, or NULL on error.
|
1792
|
+
// If |len| is 0 or negative, the length is calculated with |strlen| and |str|
|
1793
|
+
// must be a NUL-terminated C string.
|
1794
|
+
OPENSSL_EXPORT NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str,
|
1795
|
+
int len);
|
1796
|
+
|
1797
|
+
// NETSCAPE_SPKI_b64_encode encodes |spki| as a base64-encoded Netscape signed
|
1798
|
+
// public key and challenge (SPKAC) structure. It returns a newly-allocated
|
1799
|
+
// NUL-terminated C string with the result, or NULL on error. The caller must
|
1800
|
+
// release the memory with |OPENSSL_free| when done.
|
1801
|
+
OPENSSL_EXPORT char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki);
|
785
1802
|
|
786
|
-
//
|
787
|
-
//
|
788
|
-
//
|
789
|
-
OPENSSL_EXPORT
|
1803
|
+
// NETSCAPE_SPKI_get_pubkey decodes and returns the public key in |spki| as an
|
1804
|
+
// |EVP_PKEY|, or NULL on error. The caller takes ownership of the resulting
|
1805
|
+
// pointer and must call |EVP_PKEY_free| when done.
|
1806
|
+
OPENSSL_EXPORT EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *spki);
|
1807
|
+
|
1808
|
+
// NETSCAPE_SPKI_set_pubkey sets |spki|'s public key to |pkey|. It returns one
|
1809
|
+
// on success or zero on error. This function does not take ownership of |pkey|,
|
1810
|
+
// so the caller may continue to manage its lifetime independently of |spki|.
|
1811
|
+
OPENSSL_EXPORT int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *spki,
|
1812
|
+
EVP_PKEY *pkey);
|
1813
|
+
|
1814
|
+
// NETSCAPE_SPKI_sign signs |spki| with |pkey| and replaces the signature
|
1815
|
+
// algorithm and signature fields. It returns one on success and zero on error.
|
1816
|
+
// This function uses digest algorithm |md|, or |pkey|'s default if NULL. Other
|
1817
|
+
// signing parameters use |pkey|'s defaults.
|
1818
|
+
OPENSSL_EXPORT int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *spki, EVP_PKEY *pkey,
|
1819
|
+
const EVP_MD *md);
|
790
1820
|
|
791
|
-
|
792
|
-
|
793
|
-
|
1821
|
+
// X509_ATTRIBUTE_dup returns a newly-allocated copy of |xa|, or NULL on error.
|
1822
|
+
// This function works by serializing the structure, so if |xa| is incomplete,
|
1823
|
+
// it may fail.
|
1824
|
+
OPENSSL_EXPORT X509_ATTRIBUTE *X509_ATTRIBUTE_dup(const X509_ATTRIBUTE *xa);
|
794
1825
|
|
795
|
-
|
796
|
-
|
1826
|
+
// X509_REVOKED_dup returns a newly-allocated copy of |rev|, or NULL on error.
|
1827
|
+
// This function works by serializing the structure, so if |rev| is incomplete,
|
1828
|
+
// it may fail.
|
1829
|
+
OPENSSL_EXPORT X509_REVOKED *X509_REVOKED_dup(const X509_REVOKED *rev);
|
797
1830
|
|
798
1831
|
// X509_cmp_time compares |s| against |*t|. On success, it returns a negative
|
799
1832
|
// number if |s| <= |*t| and a positive number if |s| > |*t|. On error, it
|
@@ -803,6 +1836,14 @@ OPENSSL_EXPORT int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder,
|
|
803
1836
|
// error, not equality.
|
804
1837
|
OPENSSL_EXPORT int X509_cmp_time(const ASN1_TIME *s, time_t *t);
|
805
1838
|
|
1839
|
+
// X509_cmp_time_posix compares |s| against |t|. On success, it returns a
|
1840
|
+
// negative number if |s| <= |t| and a positive number if |s| > |t|. On error,
|
1841
|
+
// it returns zero.
|
1842
|
+
//
|
1843
|
+
// WARNING: Unlike most comparison functions, this function returns zero on
|
1844
|
+
// error, not equality.
|
1845
|
+
OPENSSL_EXPORT int X509_cmp_time_posix(const ASN1_TIME *s, int64_t t);
|
1846
|
+
|
806
1847
|
// X509_cmp_current_time behaves like |X509_cmp_time| but compares |s| against
|
807
1848
|
// the current time.
|
808
1849
|
OPENSSL_EXPORT int X509_cmp_current_time(const ASN1_TIME *s);
|
@@ -827,12 +1868,7 @@ OPENSSL_EXPORT const char *X509_get_default_cert_dir_env(void);
|
|
827
1868
|
OPENSSL_EXPORT const char *X509_get_default_cert_file_env(void);
|
828
1869
|
OPENSSL_EXPORT const char *X509_get_default_private_dir(void);
|
829
1870
|
|
830
|
-
|
831
|
-
const EVP_MD *md);
|
832
|
-
|
833
|
-
DECLARE_ASN1_ENCODE_FUNCTIONS(X509_ALGORS, X509_ALGORS, X509_ALGORS)
|
834
|
-
|
835
|
-
DECLARE_ASN1_FUNCTIONS(X509_PUBKEY)
|
1871
|
+
DECLARE_ASN1_FUNCTIONS_const(X509_PUBKEY)
|
836
1872
|
|
837
1873
|
// X509_PUBKEY_set serializes |pkey| into a newly-allocated |X509_PUBKEY|
|
838
1874
|
// structure. On success, it frees |*x|, sets |*x| to the new object, and
|
@@ -845,10 +1881,9 @@ OPENSSL_EXPORT int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
|
|
845
1881
|
// not mutate the result.
|
846
1882
|
OPENSSL_EXPORT EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key);
|
847
1883
|
|
848
|
-
|
849
|
-
DECLARE_ASN1_FUNCTIONS(X509_REQ)
|
1884
|
+
DECLARE_ASN1_FUNCTIONS_const(X509_SIG)
|
850
1885
|
|
851
|
-
|
1886
|
+
DECLARE_ASN1_FUNCTIONS_const(X509_ATTRIBUTE)
|
852
1887
|
|
853
1888
|
// X509_ATTRIBUTE_create returns a newly-allocated |X509_ATTRIBUTE|, or NULL on
|
854
1889
|
// error. The attribute has type |nid| and contains a single value determined by
|
@@ -857,99 +1892,15 @@ DECLARE_ASN1_FUNCTIONS(X509_ATTRIBUTE)
|
|
857
1892
|
OPENSSL_EXPORT X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int attrtype,
|
858
1893
|
void *value);
|
859
1894
|
|
860
|
-
DECLARE_ASN1_FUNCTIONS(X509_EXTENSION)
|
861
|
-
DECLARE_ASN1_ENCODE_FUNCTIONS(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS)
|
862
|
-
|
863
|
-
DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY)
|
864
|
-
|
865
|
-
DECLARE_ASN1_FUNCTIONS(X509_NAME)
|
866
|
-
|
867
|
-
// X509_NAME_set makes a copy of |name|. On success, it frees |*xn|, sets |*xn|
|
868
|
-
// to the copy, and returns one. Otherwise, it returns zero.
|
869
|
-
OPENSSL_EXPORT int X509_NAME_set(X509_NAME **xn, X509_NAME *name);
|
870
|
-
|
871
|
-
DECLARE_ASN1_FUNCTIONS(X509)
|
872
|
-
DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX)
|
873
|
-
|
874
|
-
// X509_up_ref adds one to the reference count of |x509| and returns one.
|
875
|
-
OPENSSL_EXPORT int X509_up_ref(X509 *x509);
|
876
|
-
|
877
|
-
OPENSSL_EXPORT int X509_get_ex_new_index(long argl, void *argp,
|
878
|
-
CRYPTO_EX_unused *unused,
|
879
|
-
CRYPTO_EX_dup *dup_unused,
|
880
|
-
CRYPTO_EX_free *free_func);
|
881
|
-
OPENSSL_EXPORT int X509_set_ex_data(X509 *r, int idx, void *arg);
|
882
|
-
OPENSSL_EXPORT void *X509_get_ex_data(X509 *r, int idx);
|
883
|
-
OPENSSL_EXPORT int i2d_X509_AUX(X509 *a, unsigned char **pp);
|
884
|
-
OPENSSL_EXPORT X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp,
|
885
|
-
long length);
|
886
|
-
|
887
|
-
// i2d_re_X509_tbs serializes the TBSCertificate portion of |x509|, as described
|
888
|
-
// in |i2d_SAMPLE|.
|
889
|
-
//
|
890
|
-
// This function re-encodes the TBSCertificate and may not reflect |x509|'s
|
891
|
-
// original encoding. It may be used to manually generate a signature for a new
|
892
|
-
// certificate. To verify certificates, use |i2d_X509_tbs| instead.
|
893
|
-
OPENSSL_EXPORT int i2d_re_X509_tbs(X509 *x509, unsigned char **outp);
|
894
|
-
|
895
|
-
// i2d_X509_tbs serializes the TBSCertificate portion of |x509|, as described in
|
896
|
-
// |i2d_SAMPLE|.
|
897
|
-
//
|
898
|
-
// This function preserves the original encoding of the TBSCertificate and may
|
899
|
-
// not reflect modifications made to |x509|. It may be used to manually verify
|
900
|
-
// the signature of an existing certificate. To generate certificates, use
|
901
|
-
// |i2d_re_X509_tbs| instead.
|
902
|
-
OPENSSL_EXPORT int i2d_X509_tbs(X509 *x509, unsigned char **outp);
|
903
|
-
|
904
|
-
// X509_set1_signature_algo sets |x509|'s signature algorithm to |algo| and
|
905
|
-
// returns one on success or zero on error. It updates both the signature field
|
906
|
-
// of the TBSCertificate structure, and the signatureAlgorithm field of the
|
907
|
-
// Certificate.
|
908
|
-
OPENSSL_EXPORT int X509_set1_signature_algo(X509 *x509, const X509_ALGOR *algo);
|
909
|
-
|
910
|
-
// X509_set1_signature_value sets |x509|'s signature to a copy of the |sig_len|
|
911
|
-
// bytes pointed by |sig|. It returns one on success and zero on error.
|
912
|
-
//
|
913
|
-
// Due to a specification error, X.509 certificates store signatures in ASN.1
|
914
|
-
// BIT STRINGs, but signature algorithms return byte strings rather than bit
|
915
|
-
// strings. This function creates a BIT STRING containing a whole number of
|
916
|
-
// bytes, with the bit order matching the DER encoding. This matches the
|
917
|
-
// encoding used by all X.509 signature algorithms.
|
918
|
-
OPENSSL_EXPORT int X509_set1_signature_value(X509 *x509, const uint8_t *sig,
|
919
|
-
size_t sig_len);
|
920
|
-
|
921
|
-
// X509_get0_signature sets |*out_sig| and |*out_alg| to the signature and
|
922
|
-
// signature algorithm of |x509|, respectively. Either output pointer may be
|
923
|
-
// NULL to ignore the value.
|
924
|
-
//
|
925
|
-
// This function outputs the outer signature algorithm. For the one in the
|
926
|
-
// TBSCertificate, see |X509_get0_tbs_sigalg|. Certificates with mismatched
|
927
|
-
// signature algorithms will successfully parse, but they will be rejected when
|
928
|
-
// verifying.
|
929
|
-
OPENSSL_EXPORT void X509_get0_signature(const ASN1_BIT_STRING **out_sig,
|
930
|
-
const X509_ALGOR **out_alg,
|
931
|
-
const X509 *x509);
|
932
|
-
|
933
|
-
// X509_get_signature_nid returns the NID corresponding to |x509|'s signature
|
934
|
-
// algorithm, or |NID_undef| if the signature algorithm does not correspond to
|
935
|
-
// a known NID.
|
936
|
-
OPENSSL_EXPORT int X509_get_signature_nid(const X509 *x509);
|
937
|
-
|
938
|
-
OPENSSL_EXPORT int X509_alias_set1(X509 *x, const unsigned char *name, int len);
|
939
|
-
OPENSSL_EXPORT int X509_keyid_set1(X509 *x, const unsigned char *id, int len);
|
940
|
-
OPENSSL_EXPORT unsigned char *X509_alias_get0(X509 *x, int *len);
|
941
|
-
OPENSSL_EXPORT unsigned char *X509_keyid_get0(X509 *x, int *len);
|
942
|
-
OPENSSL_EXPORT int (*X509_TRUST_set_default(int (*trust)(int, X509 *,
|
943
|
-
int)))(int, X509 *,
|
944
|
-
int);
|
945
|
-
OPENSSL_EXPORT int X509_TRUST_set(int *t, int trust);
|
946
1895
|
OPENSSL_EXPORT int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj);
|
947
1896
|
OPENSSL_EXPORT int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj);
|
948
1897
|
OPENSSL_EXPORT void X509_trust_clear(X509 *x);
|
949
1898
|
OPENSSL_EXPORT void X509_reject_clear(X509 *x);
|
950
1899
|
|
951
|
-
|
952
|
-
|
1900
|
+
|
1901
|
+
OPENSSL_EXPORT int X509_TRUST_set(int *t, int trust);
|
1902
|
+
|
1903
|
+
DECLARE_ASN1_FUNCTIONS_const(X509_REVOKED)
|
953
1904
|
|
954
1905
|
OPENSSL_EXPORT int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
|
955
1906
|
OPENSSL_EXPORT int X509_CRL_get0_by_serial(X509_CRL *crl, X509_REVOKED **ret,
|
@@ -960,8 +1911,8 @@ OPENSSL_EXPORT int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret,
|
|
960
1911
|
OPENSSL_EXPORT X509_PKEY *X509_PKEY_new(void);
|
961
1912
|
OPENSSL_EXPORT void X509_PKEY_free(X509_PKEY *a);
|
962
1913
|
|
963
|
-
|
964
|
-
|
1914
|
+
DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_SPKI)
|
1915
|
+
DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_SPKAC)
|
965
1916
|
|
966
1917
|
OPENSSL_EXPORT X509_INFO *X509_INFO_new(void);
|
967
1918
|
OPENSSL_EXPORT void X509_INFO_free(X509_INFO *a);
|
@@ -988,96 +1939,6 @@ OPENSSL_EXPORT int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1,
|
|
988
1939
|
ASN1_BIT_STRING *signature, void *asn,
|
989
1940
|
EVP_MD_CTX *ctx);
|
990
1941
|
|
991
|
-
// X509_get_serialNumber returns a mutable pointer to |x509|'s serial number.
|
992
|
-
// Prefer |X509_get0_serialNumber|.
|
993
|
-
OPENSSL_EXPORT ASN1_INTEGER *X509_get_serialNumber(X509 *x509);
|
994
|
-
|
995
|
-
// X509_set_issuer_name sets |x509|'s issuer to a copy of |name|. It returns one
|
996
|
-
// on success and zero on error.
|
997
|
-
OPENSSL_EXPORT int X509_set_issuer_name(X509 *x509, X509_NAME *name);
|
998
|
-
|
999
|
-
// X509_get_issuer_name returns |x509|'s issuer.
|
1000
|
-
OPENSSL_EXPORT X509_NAME *X509_get_issuer_name(const X509 *x509);
|
1001
|
-
|
1002
|
-
// X509_set_subject_name sets |x509|'s subject to a copy of |name|. It returns
|
1003
|
-
// one on success and zero on error.
|
1004
|
-
OPENSSL_EXPORT int X509_set_subject_name(X509 *x509, X509_NAME *name);
|
1005
|
-
|
1006
|
-
// X509_get_issuer_name returns |x509|'s subject.
|
1007
|
-
OPENSSL_EXPORT X509_NAME *X509_get_subject_name(const X509 *x509);
|
1008
|
-
|
1009
|
-
// X509_set_pubkey sets |x509|'s public key to |pkey|. It returns one on success
|
1010
|
-
// and zero on error. This function does not take ownership of |pkey| and
|
1011
|
-
// internally copies and updates reference counts as needed.
|
1012
|
-
OPENSSL_EXPORT int X509_set_pubkey(X509 *x509, EVP_PKEY *pkey);
|
1013
|
-
|
1014
|
-
// X509_get_pubkey returns |x509|'s public key as an |EVP_PKEY|, or NULL if the
|
1015
|
-
// public key was unsupported or could not be decoded. This function returns a
|
1016
|
-
// reference to the |EVP_PKEY|. The caller must release the result with
|
1017
|
-
// |EVP_PKEY_free| when done.
|
1018
|
-
OPENSSL_EXPORT EVP_PKEY *X509_get_pubkey(X509 *x509);
|
1019
|
-
|
1020
|
-
// X509_get0_pubkey_bitstr returns the BIT STRING portion of |x509|'s public
|
1021
|
-
// key. Note this does not contain the AlgorithmIdentifier portion.
|
1022
|
-
//
|
1023
|
-
// WARNING: This function returns a non-const pointer for OpenSSL compatibility,
|
1024
|
-
// but the caller must not modify the resulting object. Doing so will break
|
1025
|
-
// internal invariants in |x509|.
|
1026
|
-
OPENSSL_EXPORT ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x509);
|
1027
|
-
|
1028
|
-
// X509_get0_extensions returns |x509|'s extension list, or NULL if |x509| omits
|
1029
|
-
// it.
|
1030
|
-
OPENSSL_EXPORT const STACK_OF(X509_EXTENSION) *X509_get0_extensions(
|
1031
|
-
const X509 *x509);
|
1032
|
-
|
1033
|
-
// X509_get0_tbs_sigalg returns the signature algorithm in |x509|'s
|
1034
|
-
// TBSCertificate. For the outer signature algorithm, see |X509_get0_signature|.
|
1035
|
-
//
|
1036
|
-
// Certificates with mismatched signature algorithms will successfully parse,
|
1037
|
-
// but they will be rejected when verifying.
|
1038
|
-
OPENSSL_EXPORT const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x509);
|
1039
|
-
|
1040
|
-
// X509_REQ_set_version sets |req|'s version to |version|, which should be
|
1041
|
-
// |X509_REQ_VERSION_1|. It returns one on success and zero on error.
|
1042
|
-
//
|
1043
|
-
// Note no versions other than |X509_REQ_VERSION_1| are defined for CSRs.
|
1044
|
-
OPENSSL_EXPORT int X509_REQ_set_version(X509_REQ *req, long version);
|
1045
|
-
|
1046
|
-
// X509_REQ_set_subject_name sets |req|'s subject to a copy of |name|. It
|
1047
|
-
// returns one on success and zero on error.
|
1048
|
-
OPENSSL_EXPORT int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name);
|
1049
|
-
|
1050
|
-
// X509_REQ_get0_signature sets |*out_sig| and |*out_alg| to the signature and
|
1051
|
-
// signature algorithm of |req|, respectively. Either output pointer may be NULL
|
1052
|
-
// to ignore the value.
|
1053
|
-
OPENSSL_EXPORT void X509_REQ_get0_signature(const X509_REQ *req,
|
1054
|
-
const ASN1_BIT_STRING **out_sig,
|
1055
|
-
const X509_ALGOR **out_alg);
|
1056
|
-
|
1057
|
-
// X509_REQ_get_signature_nid returns the NID corresponding to |req|'s signature
|
1058
|
-
// algorithm, or |NID_undef| if the signature algorithm does not correspond to
|
1059
|
-
// a known NID.
|
1060
|
-
OPENSSL_EXPORT int X509_REQ_get_signature_nid(const X509_REQ *req);
|
1061
|
-
|
1062
|
-
// i2d_re_X509_REQ_tbs serializes the CertificationRequestInfo (see RFC 2986)
|
1063
|
-
// portion of |req|, as described in |i2d_SAMPLE|.
|
1064
|
-
//
|
1065
|
-
// This function re-encodes the CertificationRequestInfo and may not reflect
|
1066
|
-
// |req|'s original encoding. It may be used to manually generate a signature
|
1067
|
-
// for a new certificate request.
|
1068
|
-
OPENSSL_EXPORT int i2d_re_X509_REQ_tbs(X509_REQ *req, uint8_t **outp);
|
1069
|
-
|
1070
|
-
// X509_REQ_set_pubkey sets |req|'s public key to |pkey|. It returns one on
|
1071
|
-
// success and zero on error. This function does not take ownership of |pkey|
|
1072
|
-
// and internally copies and updates reference counts as needed.
|
1073
|
-
OPENSSL_EXPORT int X509_REQ_set_pubkey(X509_REQ *req, EVP_PKEY *pkey);
|
1074
|
-
|
1075
|
-
// X509_REQ_get_pubkey returns |req|'s public key as an |EVP_PKEY|, or NULL if
|
1076
|
-
// the public key was unsupported or could not be decoded. This function returns
|
1077
|
-
// a reference to the |EVP_PKEY|. The caller must release the result with
|
1078
|
-
// |EVP_PKEY_free| when done.
|
1079
|
-
OPENSSL_EXPORT EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
|
1080
|
-
|
1081
1942
|
// X509_REQ_extension_nid returns one if |nid| is a supported CSR attribute type
|
1082
1943
|
// for carrying extensions and zero otherwise. The supported types are
|
1083
1944
|
// |NID_ext_req| (pkcs-9-at-extensionRequest from RFC 2985) and |NID_ms_ext_req|
|
@@ -1147,92 +2008,25 @@ OPENSSL_EXPORT int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr);
|
|
1147
2008
|
// error-prone. See |X509_ATTRIBUTE_set1_data| for details.
|
1148
2009
|
OPENSSL_EXPORT int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
|
1149
2010
|
const ASN1_OBJECT *obj,
|
1150
|
-
int attrtype,
|
1151
|
-
const unsigned char *data,
|
1152
|
-
int len);
|
1153
|
-
|
1154
|
-
// X509_REQ_add1_attr_by_NID behaves like |X509_REQ_add1_attr_by_OBJ| except the
|
1155
|
-
// attribute type is determined by |nid|.
|
1156
|
-
OPENSSL_EXPORT int X509_REQ_add1_attr_by_NID(X509_REQ *req, int nid,
|
1157
|
-
int attrtype,
|
1158
|
-
const unsigned char *data,
|
1159
|
-
int len);
|
1160
|
-
|
1161
|
-
// X509_REQ_add1_attr_by_txt behaves like |X509_REQ_add1_attr_by_OBJ| except the
|
1162
|
-
// attribute type is determined by calling |OBJ_txt2obj| with |attrname|.
|
1163
|
-
OPENSSL_EXPORT int X509_REQ_add1_attr_by_txt(X509_REQ *req,
|
1164
|
-
const char *attrname, int attrtype,
|
1165
|
-
const unsigned char *data,
|
1166
|
-
int len);
|
1167
|
-
|
1168
|
-
// X509_CRL_set_version sets |crl|'s version to |version|, which should be one
|
1169
|
-
// of the |X509_CRL_VERSION_*| constants. It returns one on success and zero on
|
1170
|
-
// error.
|
1171
|
-
//
|
1172
|
-
// If unsure, use |X509_CRL_VERSION_2|. Note that, unlike certificates, CRL
|
1173
|
-
// versions are only defined up to v2. Callers should not use |X509_VERSION_3|.
|
1174
|
-
OPENSSL_EXPORT int X509_CRL_set_version(X509_CRL *crl, long version);
|
1175
|
-
|
1176
|
-
// X509_CRL_set_issuer_name sets |crl|'s issuer to a copy of |name|. It returns
|
1177
|
-
// one on success and zero on error.
|
1178
|
-
OPENSSL_EXPORT int X509_CRL_set_issuer_name(X509_CRL *crl, X509_NAME *name);
|
1179
|
-
|
1180
|
-
OPENSSL_EXPORT int X509_CRL_sort(X509_CRL *crl);
|
1181
|
-
|
1182
|
-
// X509_CRL_up_ref adds one to the reference count of |crl| and returns one.
|
1183
|
-
OPENSSL_EXPORT int X509_CRL_up_ref(X509_CRL *crl);
|
1184
|
-
|
1185
|
-
// X509_CRL_get0_signature sets |*out_sig| and |*out_alg| to the signature and
|
1186
|
-
// signature algorithm of |crl|, respectively. Either output pointer may be NULL
|
1187
|
-
// to ignore the value.
|
1188
|
-
//
|
1189
|
-
// This function outputs the outer signature algorithm, not the one in the
|
1190
|
-
// TBSCertList. CRLs with mismatched signature algorithms will successfully
|
1191
|
-
// parse, but they will be rejected when verifying.
|
1192
|
-
OPENSSL_EXPORT void X509_CRL_get0_signature(const X509_CRL *crl,
|
1193
|
-
const ASN1_BIT_STRING **out_sig,
|
1194
|
-
const X509_ALGOR **out_alg);
|
1195
|
-
|
1196
|
-
// X509_CRL_get_signature_nid returns the NID corresponding to |crl|'s signature
|
1197
|
-
// algorithm, or |NID_undef| if the signature algorithm does not correspond to
|
1198
|
-
// a known NID.
|
1199
|
-
OPENSSL_EXPORT int X509_CRL_get_signature_nid(const X509_CRL *crl);
|
1200
|
-
|
1201
|
-
// i2d_re_X509_CRL_tbs serializes the TBSCertList portion of |crl|, as described
|
1202
|
-
// in |i2d_SAMPLE|.
|
1203
|
-
//
|
1204
|
-
// This function re-encodes the TBSCertList and may not reflect |crl|'s original
|
1205
|
-
// encoding. It may be used to manually generate a signature for a new CRL. To
|
1206
|
-
// verify CRLs, use |i2d_X509_CRL_tbs| instead.
|
1207
|
-
OPENSSL_EXPORT int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **outp);
|
2011
|
+
int attrtype,
|
2012
|
+
const unsigned char *data,
|
2013
|
+
int len);
|
1208
2014
|
|
1209
|
-
//
|
1210
|
-
// |
|
1211
|
-
|
1212
|
-
|
1213
|
-
|
1214
|
-
|
1215
|
-
// instead.
|
1216
|
-
OPENSSL_EXPORT int i2d_X509_CRL_tbs(X509_CRL *crl, unsigned char **outp);
|
2015
|
+
// X509_REQ_add1_attr_by_NID behaves like |X509_REQ_add1_attr_by_OBJ| except the
|
2016
|
+
// attribute type is determined by |nid|.
|
2017
|
+
OPENSSL_EXPORT int X509_REQ_add1_attr_by_NID(X509_REQ *req, int nid,
|
2018
|
+
int attrtype,
|
2019
|
+
const unsigned char *data,
|
2020
|
+
int len);
|
1217
2021
|
|
1218
|
-
//
|
1219
|
-
//
|
1220
|
-
|
1221
|
-
|
1222
|
-
|
2022
|
+
// X509_REQ_add1_attr_by_txt behaves like |X509_REQ_add1_attr_by_OBJ| except the
|
2023
|
+
// attribute type is determined by calling |OBJ_txt2obj| with |attrname|.
|
2024
|
+
OPENSSL_EXPORT int X509_REQ_add1_attr_by_txt(X509_REQ *req,
|
2025
|
+
const char *attrname, int attrtype,
|
2026
|
+
const unsigned char *data,
|
2027
|
+
int len);
|
1223
2028
|
|
1224
|
-
|
1225
|
-
// |sig_len| bytes pointed by |sig|. It returns one on success and zero on
|
1226
|
-
// error.
|
1227
|
-
//
|
1228
|
-
// Due to a specification error, X.509 CRLs store signatures in ASN.1 BIT
|
1229
|
-
// STRINGs, but signature algorithms return byte strings rather than bit
|
1230
|
-
// strings. This function creates a BIT STRING containing a whole number of
|
1231
|
-
// bytes, with the bit order matching the DER encoding. This matches the
|
1232
|
-
// encoding used by all X.509 signature algorithms.
|
1233
|
-
OPENSSL_EXPORT int X509_CRL_set1_signature_value(X509_CRL *crl,
|
1234
|
-
const uint8_t *sig,
|
1235
|
-
size_t sig_len);
|
2029
|
+
OPENSSL_EXPORT int X509_CRL_sort(X509_CRL *crl);
|
1236
2030
|
|
1237
2031
|
// X509_REVOKED_get0_serialNumber returns the serial number of the certificate
|
1238
2032
|
// revoked by |revoked|.
|
@@ -1266,19 +2060,6 @@ OPENSSL_EXPORT X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
|
|
1266
2060
|
OPENSSL_EXPORT int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey);
|
1267
2061
|
|
1268
2062
|
OPENSSL_EXPORT int X509_check_private_key(X509 *x509, const EVP_PKEY *pkey);
|
1269
|
-
OPENSSL_EXPORT int X509_chain_check_suiteb(int *perror_depth, X509 *x,
|
1270
|
-
STACK_OF(X509) *chain,
|
1271
|
-
unsigned long flags);
|
1272
|
-
OPENSSL_EXPORT int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk,
|
1273
|
-
unsigned long flags);
|
1274
|
-
|
1275
|
-
// X509_chain_up_ref returns a newly-allocated |STACK_OF(X509)| containing a
|
1276
|
-
// shallow copy of |chain|, or NULL on error. That is, the return value has the
|
1277
|
-
// same contents as |chain|, and each |X509|'s reference count is incremented by
|
1278
|
-
// one.
|
1279
|
-
OPENSSL_EXPORT STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
|
1280
|
-
|
1281
|
-
OPENSSL_EXPORT int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
|
1282
2063
|
|
1283
2064
|
OPENSSL_EXPORT int X509_issuer_name_cmp(const X509 *a, const X509 *b);
|
1284
2065
|
OPENSSL_EXPORT unsigned long X509_issuer_name_hash(X509 *a);
|
@@ -1310,149 +2091,11 @@ OPENSSL_EXPORT int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent,
|
|
1310
2091
|
OPENSSL_EXPORT int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflag,
|
1311
2092
|
unsigned long cflag);
|
1312
2093
|
OPENSSL_EXPORT int X509_print(BIO *bp, X509 *x);
|
1313
|
-
OPENSSL_EXPORT int X509_ocspid_print(BIO *bp, X509 *x);
|
1314
|
-
OPENSSL_EXPORT int X509_CERT_AUX_print(BIO *bp, X509_CERT_AUX *x, int indent);
|
1315
2094
|
OPENSSL_EXPORT int X509_CRL_print(BIO *bp, X509_CRL *x);
|
1316
2095
|
OPENSSL_EXPORT int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag,
|
1317
2096
|
unsigned long cflag);
|
1318
2097
|
OPENSSL_EXPORT int X509_REQ_print(BIO *bp, X509_REQ *req);
|
1319
2098
|
|
1320
|
-
OPENSSL_EXPORT int X509_NAME_entry_count(const X509_NAME *name);
|
1321
|
-
OPENSSL_EXPORT int X509_NAME_get_text_by_NID(const X509_NAME *name, int nid,
|
1322
|
-
char *buf, int len);
|
1323
|
-
OPENSSL_EXPORT int X509_NAME_get_text_by_OBJ(const X509_NAME *name,
|
1324
|
-
const ASN1_OBJECT *obj, char *buf,
|
1325
|
-
int len);
|
1326
|
-
|
1327
|
-
// NOTE: you should be passsing -1, not 0 as lastpos. The functions that use
|
1328
|
-
// lastpos, search after that position on.
|
1329
|
-
OPENSSL_EXPORT int X509_NAME_get_index_by_NID(const X509_NAME *name, int nid,
|
1330
|
-
int lastpos);
|
1331
|
-
OPENSSL_EXPORT int X509_NAME_get_index_by_OBJ(const X509_NAME *name,
|
1332
|
-
const ASN1_OBJECT *obj,
|
1333
|
-
int lastpos);
|
1334
|
-
OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name,
|
1335
|
-
int loc);
|
1336
|
-
OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name,
|
1337
|
-
int loc);
|
1338
|
-
OPENSSL_EXPORT int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne,
|
1339
|
-
int loc, int set);
|
1340
|
-
OPENSSL_EXPORT int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
|
1341
|
-
int type,
|
1342
|
-
const unsigned char *bytes,
|
1343
|
-
int len, int loc, int set);
|
1344
|
-
OPENSSL_EXPORT int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid,
|
1345
|
-
int type,
|
1346
|
-
const unsigned char *bytes,
|
1347
|
-
int len, int loc, int set);
|
1348
|
-
OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(
|
1349
|
-
X509_NAME_ENTRY **ne, const char *field, int type,
|
1350
|
-
const unsigned char *bytes, int len);
|
1351
|
-
OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(
|
1352
|
-
X509_NAME_ENTRY **ne, int nid, int type, const unsigned char *bytes,
|
1353
|
-
int len);
|
1354
|
-
OPENSSL_EXPORT int X509_NAME_add_entry_by_txt(X509_NAME *name,
|
1355
|
-
const char *field, int type,
|
1356
|
-
const unsigned char *bytes,
|
1357
|
-
int len, int loc, int set);
|
1358
|
-
OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(
|
1359
|
-
X509_NAME_ENTRY **ne, const ASN1_OBJECT *obj, int type,
|
1360
|
-
const unsigned char *bytes, int len);
|
1361
|
-
OPENSSL_EXPORT int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne,
|
1362
|
-
const ASN1_OBJECT *obj);
|
1363
|
-
OPENSSL_EXPORT int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
|
1364
|
-
const unsigned char *bytes,
|
1365
|
-
int len);
|
1366
|
-
OPENSSL_EXPORT ASN1_OBJECT *X509_NAME_ENTRY_get_object(
|
1367
|
-
const X509_NAME_ENTRY *ne);
|
1368
|
-
OPENSSL_EXPORT ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne);
|
1369
|
-
|
1370
|
-
// X509v3_get_ext_count returns the number of extensions in |x|.
|
1371
|
-
OPENSSL_EXPORT int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x);
|
1372
|
-
|
1373
|
-
// X509v3_get_ext_by_NID returns the index of the first extension in |x| with
|
1374
|
-
// type |nid|, or a negative number if not found. If found, callers can use
|
1375
|
-
// |X509v3_get_ext| to look up the extension by index.
|
1376
|
-
//
|
1377
|
-
// If |lastpos| is non-negative, it begins searching at |lastpos| + 1. Callers
|
1378
|
-
// can thus loop over all matching extensions by first passing -1 and then
|
1379
|
-
// passing the previously-returned value until no match is returned.
|
1380
|
-
OPENSSL_EXPORT int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x,
|
1381
|
-
int nid, int lastpos);
|
1382
|
-
|
1383
|
-
// X509v3_get_ext_by_OBJ behaves like |X509v3_get_ext_by_NID| but looks for
|
1384
|
-
// extensions matching |obj|.
|
1385
|
-
OPENSSL_EXPORT int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x,
|
1386
|
-
const ASN1_OBJECT *obj, int lastpos);
|
1387
|
-
|
1388
|
-
// X509v3_get_ext_by_critical returns the index of the first extension in |x|
|
1389
|
-
// whose critical bit matches |crit|, or a negative number if no such extension
|
1390
|
-
// was found.
|
1391
|
-
//
|
1392
|
-
// If |lastpos| is non-negative, it begins searching at |lastpos| + 1. Callers
|
1393
|
-
// can thus loop over all matching extensions by first passing -1 and then
|
1394
|
-
// passing the previously-returned value until no match is returned.
|
1395
|
-
OPENSSL_EXPORT int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x,
|
1396
|
-
int crit, int lastpos);
|
1397
|
-
|
1398
|
-
// X509v3_get_ext returns the extension in |x| at index |loc|, or NULL if |loc|
|
1399
|
-
// is out of bounds.
|
1400
|
-
OPENSSL_EXPORT X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x,
|
1401
|
-
int loc);
|
1402
|
-
|
1403
|
-
// X509v3_delete_ext removes the extension in |x| at index |loc| and returns the
|
1404
|
-
// removed extension, or NULL if |loc| was out of bounds. If an extension was
|
1405
|
-
// returned, the caller must release it with |X509_EXTENSION_free|.
|
1406
|
-
OPENSSL_EXPORT X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x,
|
1407
|
-
int loc);
|
1408
|
-
|
1409
|
-
// X509v3_add_ext adds a copy of |ex| to the extension list in |*x|. If |*x| is
|
1410
|
-
// NULL, it allocates a new |STACK_OF(X509_EXTENSION)| to hold the copy and sets
|
1411
|
-
// |*x| to the new list. It returns |*x| on success and NULL on error. The
|
1412
|
-
// caller retains ownership of |ex| and can release it independently of |*x|.
|
1413
|
-
//
|
1414
|
-
// The new extension is inserted at index |loc|, shifting extensions to the
|
1415
|
-
// right. If |loc| is -1 or out of bounds, the new extension is appended to the
|
1416
|
-
// list.
|
1417
|
-
OPENSSL_EXPORT STACK_OF(X509_EXTENSION) *X509v3_add_ext(
|
1418
|
-
STACK_OF(X509_EXTENSION) **x, X509_EXTENSION *ex, int loc);
|
1419
|
-
|
1420
|
-
// X509_get_ext_count returns the number of extensions in |x|.
|
1421
|
-
OPENSSL_EXPORT int X509_get_ext_count(const X509 *x);
|
1422
|
-
|
1423
|
-
// X509_get_ext_by_NID behaves like |X509v3_get_ext_by_NID| but searches for
|
1424
|
-
// extensions in |x|.
|
1425
|
-
OPENSSL_EXPORT int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos);
|
1426
|
-
|
1427
|
-
// X509_get_ext_by_OBJ behaves like |X509v3_get_ext_by_OBJ| but searches for
|
1428
|
-
// extensions in |x|.
|
1429
|
-
OPENSSL_EXPORT int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj,
|
1430
|
-
int lastpos);
|
1431
|
-
|
1432
|
-
// X509_get_ext_by_critical behaves like |X509v3_get_ext_by_critical| but
|
1433
|
-
// searches for extensions in |x|.
|
1434
|
-
OPENSSL_EXPORT int X509_get_ext_by_critical(const X509 *x, int crit,
|
1435
|
-
int lastpos);
|
1436
|
-
|
1437
|
-
// X509_get_ext returns the extension in |x| at index |loc|, or NULL if |loc| is
|
1438
|
-
// out of bounds.
|
1439
|
-
OPENSSL_EXPORT X509_EXTENSION *X509_get_ext(const X509 *x, int loc);
|
1440
|
-
|
1441
|
-
// X509_delete_ext removes the extension in |x| at index |loc| and returns the
|
1442
|
-
// removed extension, or NULL if |loc| was out of bounds. If non-NULL, the
|
1443
|
-
// caller must release the result with |X509_EXTENSION_free|. It is also safe,
|
1444
|
-
// but not necessary, to call |X509_EXTENSION_free| if the result is NULL.
|
1445
|
-
OPENSSL_EXPORT X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
|
1446
|
-
|
1447
|
-
// X509_add_ext adds a copy of |ex| to |x|. It returns one on success and zero
|
1448
|
-
// on failure. The caller retains ownership of |ex| and can release it
|
1449
|
-
// independently of |x|.
|
1450
|
-
//
|
1451
|
-
// The new extension is inserted at index |loc|, shifting extensions to the
|
1452
|
-
// right. If |loc| is -1 or out of bounds, the new extension is appended to the
|
1453
|
-
// list.
|
1454
|
-
OPENSSL_EXPORT int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
|
1455
|
-
|
1456
2099
|
// X509_get_ext_d2i behaves like |X509V3_get_d2i| but looks for the extension in
|
1457
2100
|
// |x509|'s extension list.
|
1458
2101
|
//
|
@@ -1470,43 +2113,6 @@ OPENSSL_EXPORT void *X509_get_ext_d2i(const X509 *x509, int nid,
|
|
1470
2113
|
OPENSSL_EXPORT int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
|
1471
2114
|
unsigned long flags);
|
1472
2115
|
|
1473
|
-
// X509_CRL_get_ext_count returns the number of extensions in |x|.
|
1474
|
-
OPENSSL_EXPORT int X509_CRL_get_ext_count(const X509_CRL *x);
|
1475
|
-
|
1476
|
-
// X509_CRL_get_ext_by_NID behaves like |X509v3_get_ext_by_NID| but searches for
|
1477
|
-
// extensions in |x|.
|
1478
|
-
OPENSSL_EXPORT int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid,
|
1479
|
-
int lastpos);
|
1480
|
-
|
1481
|
-
// X509_CRL_get_ext_by_OBJ behaves like |X509v3_get_ext_by_OBJ| but searches for
|
1482
|
-
// extensions in |x|.
|
1483
|
-
OPENSSL_EXPORT int X509_CRL_get_ext_by_OBJ(const X509_CRL *x,
|
1484
|
-
const ASN1_OBJECT *obj, int lastpos);
|
1485
|
-
|
1486
|
-
// X509_CRL_get_ext_by_critical behaves like |X509v3_get_ext_by_critical| but
|
1487
|
-
// searches for extensions in |x|.
|
1488
|
-
OPENSSL_EXPORT int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit,
|
1489
|
-
int lastpos);
|
1490
|
-
|
1491
|
-
// X509_CRL_get_ext returns the extension in |x| at index |loc|, or NULL if
|
1492
|
-
// |loc| is out of bounds.
|
1493
|
-
OPENSSL_EXPORT X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc);
|
1494
|
-
|
1495
|
-
// X509_CRL_delete_ext removes the extension in |x| at index |loc| and returns
|
1496
|
-
// the removed extension, or NULL if |loc| was out of bounds. If non-NULL, the
|
1497
|
-
// caller must release the result with |X509_EXTENSION_free|. It is also safe,
|
1498
|
-
// but not necessary, to call |X509_EXTENSION_free| if the result is NULL.
|
1499
|
-
OPENSSL_EXPORT X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
|
1500
|
-
|
1501
|
-
// X509_CRL_add_ext adds a copy of |ex| to |x|. It returns one on success and
|
1502
|
-
// zero on failure. The caller retains ownership of |ex| and can release it
|
1503
|
-
// independently of |x|.
|
1504
|
-
//
|
1505
|
-
// The new extension is inserted at index |loc|, shifting extensions to the
|
1506
|
-
// right. If |loc| is -1 or out of bounds, the new extension is appended to the
|
1507
|
-
// list.
|
1508
|
-
OPENSSL_EXPORT int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
|
1509
|
-
|
1510
2116
|
// X509_CRL_get_ext_d2i behaves like |X509V3_get_d2i| but looks for the
|
1511
2117
|
// extension in |crl|'s extension list.
|
1512
2118
|
//
|
@@ -1544,15 +2150,14 @@ OPENSSL_EXPORT int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x,
|
|
1544
2150
|
int crit, int lastpos);
|
1545
2151
|
|
1546
2152
|
// X509_REVOKED_get_ext returns the extension in |x| at index |loc|, or NULL if
|
1547
|
-
// |loc| is out of bounds.
|
2153
|
+
// |loc| is out of bounds. This function returns a non-const pointer for OpenSSL
|
2154
|
+
// compatibility, but callers should not mutate the result.
|
1548
2155
|
OPENSSL_EXPORT X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x,
|
1549
2156
|
int loc);
|
1550
2157
|
|
1551
2158
|
// X509_REVOKED_delete_ext removes the extension in |x| at index |loc| and
|
1552
2159
|
// returns the removed extension, or NULL if |loc| was out of bounds. If
|
1553
|
-
// non-NULL, the caller must release the result with |X509_EXTENSION_free|.
|
1554
|
-
// is also safe, but not necessary, to call |X509_EXTENSION_free| if the result
|
1555
|
-
// is NULL.
|
2160
|
+
// non-NULL, the caller must release the result with |X509_EXTENSION_free|.
|
1556
2161
|
OPENSSL_EXPORT X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x,
|
1557
2162
|
int loc);
|
1558
2163
|
|
@@ -1563,8 +2168,8 @@ OPENSSL_EXPORT X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x,
|
|
1563
2168
|
// The new extension is inserted at index |loc|, shifting extensions to the
|
1564
2169
|
// right. If |loc| is -1 or out of bounds, the new extension is appended to the
|
1565
2170
|
// list.
|
1566
|
-
OPENSSL_EXPORT int X509_REVOKED_add_ext(X509_REVOKED *x,
|
1567
|
-
int loc);
|
2171
|
+
OPENSSL_EXPORT int X509_REVOKED_add_ext(X509_REVOKED *x,
|
2172
|
+
const X509_EXTENSION *ex, int loc);
|
1568
2173
|
|
1569
2174
|
// X509_REVOKED_get_ext_d2i behaves like |X509V3_get_d2i| but looks for the
|
1570
2175
|
// extension in |revoked|'s extension list.
|
@@ -1585,47 +2190,6 @@ OPENSSL_EXPORT int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid,
|
|
1585
2190
|
void *value, int crit,
|
1586
2191
|
unsigned long flags);
|
1587
2192
|
|
1588
|
-
// X509_EXTENSION_create_by_NID creates a new |X509_EXTENSION| with type |nid|,
|
1589
|
-
// value |data|, and critical bit |crit|. It returns the newly-allocated
|
1590
|
-
// |X509_EXTENSION| on success, and false on error. |nid| should be a |NID_*|
|
1591
|
-
// constant.
|
1592
|
-
//
|
1593
|
-
// If |ex| and |*ex| are both non-NULL, it modifies and returns |*ex| instead of
|
1594
|
-
// creating a new object. If |ex| is non-NULL, but |*ex| is NULL, it sets |*ex|
|
1595
|
-
// to the new |X509_EXTENSION|, in addition to returning the result.
|
1596
|
-
OPENSSL_EXPORT X509_EXTENSION *X509_EXTENSION_create_by_NID(
|
1597
|
-
X509_EXTENSION **ex, int nid, int crit, const ASN1_OCTET_STRING *data);
|
1598
|
-
|
1599
|
-
// X509_EXTENSION_create_by_OBJ behaves like |X509_EXTENSION_create_by_NID|, but
|
1600
|
-
// the extension type is determined by an |ASN1_OBJECT|.
|
1601
|
-
OPENSSL_EXPORT X509_EXTENSION *X509_EXTENSION_create_by_OBJ(
|
1602
|
-
X509_EXTENSION **ex, const ASN1_OBJECT *obj, int crit,
|
1603
|
-
const ASN1_OCTET_STRING *data);
|
1604
|
-
|
1605
|
-
// X509_EXTENSION_set_object sets |ex|'s extension type to |obj|. It returns one
|
1606
|
-
// on success and zero on error.
|
1607
|
-
OPENSSL_EXPORT int X509_EXTENSION_set_object(X509_EXTENSION *ex,
|
1608
|
-
const ASN1_OBJECT *obj);
|
1609
|
-
|
1610
|
-
// X509_EXTENSION_set_critical sets |ex| to critical if |crit| is non-zero and
|
1611
|
-
// to non-critical if |crit| is zero.
|
1612
|
-
OPENSSL_EXPORT int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit);
|
1613
|
-
|
1614
|
-
// X509_EXTENSION_set_data set's |ex|'s extension value to a copy of |data|. It
|
1615
|
-
// returns one on success and zero on error.
|
1616
|
-
OPENSSL_EXPORT int X509_EXTENSION_set_data(X509_EXTENSION *ex,
|
1617
|
-
const ASN1_OCTET_STRING *data);
|
1618
|
-
|
1619
|
-
// X509_EXTENSION_get_object returns |ex|'s extension type.
|
1620
|
-
OPENSSL_EXPORT ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex);
|
1621
|
-
|
1622
|
-
// X509_EXTENSION_get_data returns |ne|'s extension value.
|
1623
|
-
OPENSSL_EXPORT ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
|
1624
|
-
|
1625
|
-
// X509_EXTENSION_get_critical returns one if |ex| is critical and zero
|
1626
|
-
// otherwise.
|
1627
|
-
OPENSSL_EXPORT int X509_EXTENSION_get_critical(const X509_EXTENSION *ex);
|
1628
|
-
|
1629
2193
|
// X509at_get_attr_count returns the number of attributes in |x|.
|
1630
2194
|
OPENSSL_EXPORT int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x);
|
1631
2195
|
|
@@ -1727,8 +2291,6 @@ OPENSSL_EXPORT int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr,
|
|
1727
2291
|
// |attr|'s type. If |len| is -1, |strlen(data)| is used instead. See
|
1728
2292
|
// |ASN1_STRING_set_by_NID| for details.
|
1729
2293
|
//
|
1730
|
-
// TODO(davidben): Document |ASN1_STRING_set_by_NID| so the reference is useful.
|
1731
|
-
//
|
1732
2294
|
// Otherwise, if |len| is not -1, the value is an ASN.1 string. |attrtype| is an
|
1733
2295
|
// |ASN1_STRING| type value and the |len| bytes from |data| are copied as the
|
1734
2296
|
// type-specific representation of |ASN1_STRING|. See |ASN1_STRING| for details.
|
@@ -1777,25 +2339,23 @@ OPENSSL_EXPORT ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr,
|
|
1777
2339
|
|
1778
2340
|
OPENSSL_EXPORT int X509_verify_cert(X509_STORE_CTX *ctx);
|
1779
2341
|
|
1780
|
-
// lookup a cert from a X509 STACK
|
1781
|
-
OPENSSL_EXPORT X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk,
|
1782
|
-
X509_NAME *name,
|
1783
|
-
ASN1_INTEGER *serial);
|
1784
|
-
OPENSSL_EXPORT X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name);
|
1785
|
-
|
1786
2342
|
// PKCS#8 utilities
|
1787
2343
|
|
1788
|
-
|
2344
|
+
DECLARE_ASN1_FUNCTIONS_const(PKCS8_PRIV_KEY_INFO)
|
1789
2345
|
|
1790
|
-
|
1791
|
-
|
2346
|
+
// EVP_PKCS82PKEY returns |p8| as a newly-allocated |EVP_PKEY|, or NULL if the
|
2347
|
+
// key was unsupported or could not be decoded. If non-NULL, the caller must
|
2348
|
+
// release the result with |EVP_PKEY_free| when done.
|
2349
|
+
//
|
2350
|
+
// Use |EVP_parse_private_key| instead.
|
2351
|
+
OPENSSL_EXPORT EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8);
|
1792
2352
|
|
1793
|
-
|
1794
|
-
|
1795
|
-
|
1796
|
-
|
1797
|
-
|
1798
|
-
|
2353
|
+
// EVP_PKEY2PKCS8 encodes |pkey| as a PKCS#8 PrivateKeyInfo (RFC 5208),
|
2354
|
+
// represented as a newly-allocated |PKCS8_PRIV_KEY_INFO|, or NULL on error. The
|
2355
|
+
// caller must release the result with |PKCS8_PRIV_KEY_INFO_free| when done.
|
2356
|
+
//
|
2357
|
+
// Use |EVP_marshal_private_key| instead.
|
2358
|
+
OPENSSL_EXPORT PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(const EVP_PKEY *pkey);
|
1799
2359
|
|
1800
2360
|
// X509_PUBKEY_set0_param sets |pub| to a key with AlgorithmIdentifier
|
1801
2361
|
// determined by |obj|, |param_type|, and |param_value|, and an encoded
|
@@ -1852,7 +2412,7 @@ struct rsa_pss_params_st {
|
|
1852
2412
|
X509_ALGOR *maskHash;
|
1853
2413
|
} /* RSA_PSS_PARAMS */;
|
1854
2414
|
|
1855
|
-
|
2415
|
+
DECLARE_ASN1_FUNCTIONS_const(RSA_PSS_PARAMS)
|
1856
2416
|
|
1857
2417
|
/*
|
1858
2418
|
SSL_CTX -> X509_STORE
|
@@ -1977,14 +2537,6 @@ OPENSSL_EXPORT void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
|
|
1977
2537
|
#define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53
|
1978
2538
|
#define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54
|
1979
2539
|
|
1980
|
-
// Suite B mode algorithm violation
|
1981
|
-
#define X509_V_ERR_SUITE_B_INVALID_VERSION 56
|
1982
|
-
#define X509_V_ERR_SUITE_B_INVALID_ALGORITHM 57
|
1983
|
-
#define X509_V_ERR_SUITE_B_INVALID_CURVE 58
|
1984
|
-
#define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM 59
|
1985
|
-
#define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED 60
|
1986
|
-
#define X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61
|
1987
|
-
|
1988
2540
|
// Host, email and IP check errors
|
1989
2541
|
#define X509_V_ERR_HOSTNAME_MISMATCH 62
|
1990
2542
|
#define X509_V_ERR_EMAIL_MISMATCH 63
|
@@ -2011,9 +2563,9 @@ OPENSSL_EXPORT void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
|
|
2011
2563
|
#define X509_V_FLAG_IGNORE_CRITICAL 0x10
|
2012
2564
|
// Does nothing as its functionality has been enabled by default.
|
2013
2565
|
#define X509_V_FLAG_X509_STRICT 0x00
|
2014
|
-
//
|
2566
|
+
// This flag does nothing as proxy certificate support has been removed.
|
2015
2567
|
#define X509_V_FLAG_ALLOW_PROXY_CERTS 0x40
|
2016
|
-
//
|
2568
|
+
// Does nothing as its functionality has been enabled by default.
|
2017
2569
|
#define X509_V_FLAG_POLICY_CHECK 0x80
|
2018
2570
|
// Policy variable require-explicit-policy
|
2019
2571
|
#define X509_V_FLAG_EXPLICIT_POLICY 0x100
|
@@ -2031,12 +2583,6 @@ OPENSSL_EXPORT void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
|
|
2031
2583
|
#define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000
|
2032
2584
|
// Use trusted store first
|
2033
2585
|
#define X509_V_FLAG_TRUSTED_FIRST 0x8000
|
2034
|
-
// Suite B 128 bit only mode: not normally used
|
2035
|
-
#define X509_V_FLAG_SUITEB_128_LOS_ONLY 0x10000
|
2036
|
-
// Suite B 192 bit only mode
|
2037
|
-
#define X509_V_FLAG_SUITEB_192_LOS 0x20000
|
2038
|
-
// Suite B 128 bit mode allowing 192 bit algorithms
|
2039
|
-
#define X509_V_FLAG_SUITEB_128_LOS 0x30000
|
2040
2586
|
|
2041
2587
|
// Allow partial chains if at least one certificate is in trusted store
|
2042
2588
|
#define X509_V_FLAG_PARTIAL_CHAIN 0x80000
|
@@ -2046,17 +2592,16 @@ OPENSSL_EXPORT void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
|
|
2046
2592
|
// will force the behaviour to match that of previous versions.
|
2047
2593
|
#define X509_V_FLAG_NO_ALT_CHAINS 0x100000
|
2048
2594
|
|
2595
|
+
// X509_V_FLAG_NO_CHECK_TIME disables all time checks in certificate
|
2596
|
+
// verification.
|
2597
|
+
#define X509_V_FLAG_NO_CHECK_TIME 0x200000
|
2598
|
+
|
2049
2599
|
#define X509_VP_FLAG_DEFAULT 0x1
|
2050
2600
|
#define X509_VP_FLAG_OVERWRITE 0x2
|
2051
2601
|
#define X509_VP_FLAG_RESET_FLAGS 0x4
|
2052
2602
|
#define X509_VP_FLAG_LOCKED 0x8
|
2053
2603
|
#define X509_VP_FLAG_ONCE 0x10
|
2054
2604
|
|
2055
|
-
// Internal use: mask of policy related options
|
2056
|
-
#define X509_V_FLAG_POLICY_MASK \
|
2057
|
-
(X509_V_FLAG_POLICY_CHECK | X509_V_FLAG_EXPLICIT_POLICY | \
|
2058
|
-
X509_V_FLAG_INHIBIT_ANY | X509_V_FLAG_INHIBIT_MAP)
|
2059
|
-
|
2060
2605
|
OPENSSL_EXPORT int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h,
|
2061
2606
|
int type, X509_NAME *name);
|
2062
2607
|
OPENSSL_EXPORT X509_OBJECT *X509_OBJECT_retrieve_by_subject(
|
@@ -2144,8 +2689,21 @@ OPENSSL_EXPORT void X509_STORE_CTX_zero(X509_STORE_CTX *ctx);
|
|
2144
2689
|
OPENSSL_EXPORT void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
|
2145
2690
|
OPENSSL_EXPORT int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
|
2146
2691
|
X509 *x509, STACK_OF(X509) *chain);
|
2692
|
+
|
2693
|
+
// X509_STORE_CTX_set0_trusted_stack configures |ctx| to trust the certificates
|
2694
|
+
// in |sk|. |sk| must remain valid for the duration of |ctx|.
|
2695
|
+
//
|
2696
|
+
// WARNING: This function differs from most |set0| functions in that it does not
|
2697
|
+
// take ownership of its input. The caller is required to ensure the lifetimes
|
2698
|
+
// are consistent.
|
2699
|
+
OPENSSL_EXPORT void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx,
|
2700
|
+
STACK_OF(X509) *sk);
|
2701
|
+
|
2702
|
+
// X509_STORE_CTX_trusted_stack is a deprecated alias for
|
2703
|
+
// |X509_STORE_CTX_set0_trusted_stack|.
|
2147
2704
|
OPENSSL_EXPORT void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx,
|
2148
2705
|
STACK_OF(X509) *sk);
|
2706
|
+
|
2149
2707
|
OPENSSL_EXPORT void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
|
2150
2708
|
|
2151
2709
|
OPENSSL_EXPORT X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx);
|
@@ -2180,15 +2738,6 @@ OPENSSL_EXPORT void X509_LOOKUP_free(X509_LOOKUP *ctx);
|
|
2180
2738
|
OPENSSL_EXPORT int X509_LOOKUP_init(X509_LOOKUP *ctx);
|
2181
2739
|
OPENSSL_EXPORT int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type,
|
2182
2740
|
X509_NAME *name, X509_OBJECT *ret);
|
2183
|
-
OPENSSL_EXPORT int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type,
|
2184
|
-
X509_NAME *name,
|
2185
|
-
ASN1_INTEGER *serial,
|
2186
|
-
X509_OBJECT *ret);
|
2187
|
-
OPENSSL_EXPORT int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
|
2188
|
-
unsigned char *bytes, int len,
|
2189
|
-
X509_OBJECT *ret);
|
2190
|
-
OPENSSL_EXPORT int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str,
|
2191
|
-
int len, X509_OBJECT *ret);
|
2192
2741
|
OPENSSL_EXPORT int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
|
2193
2742
|
|
2194
2743
|
#ifndef OPENSSL_NO_STDIO
|
@@ -2196,14 +2745,6 @@ OPENSSL_EXPORT int X509_STORE_load_locations(X509_STORE *ctx, const char *file,
|
|
2196
2745
|
const char *dir);
|
2197
2746
|
OPENSSL_EXPORT int X509_STORE_set_default_paths(X509_STORE *ctx);
|
2198
2747
|
#endif
|
2199
|
-
|
2200
|
-
OPENSSL_EXPORT int X509_STORE_CTX_get_ex_new_index(long argl, void *argp,
|
2201
|
-
CRYPTO_EX_unused *unused,
|
2202
|
-
CRYPTO_EX_dup *dup_unused,
|
2203
|
-
CRYPTO_EX_free *free_func);
|
2204
|
-
OPENSSL_EXPORT int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx,
|
2205
|
-
void *data);
|
2206
|
-
OPENSSL_EXPORT void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx);
|
2207
2748
|
OPENSSL_EXPORT int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
|
2208
2749
|
OPENSSL_EXPORT void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s);
|
2209
2750
|
OPENSSL_EXPORT int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
|
@@ -2231,13 +2772,12 @@ OPENSSL_EXPORT void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx,
|
|
2231
2772
|
unsigned long flags);
|
2232
2773
|
OPENSSL_EXPORT void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx,
|
2233
2774
|
unsigned long flags, time_t t);
|
2775
|
+
OPENSSL_EXPORT void X509_STORE_CTX_set_time_posix(X509_STORE_CTX *ctx,
|
2776
|
+
unsigned long flags,
|
2777
|
+
int64_t t);
|
2234
2778
|
OPENSSL_EXPORT void X509_STORE_CTX_set_verify_cb(
|
2235
2779
|
X509_STORE_CTX *ctx, int (*verify_cb)(int, X509_STORE_CTX *));
|
2236
2780
|
|
2237
|
-
OPENSSL_EXPORT X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(
|
2238
|
-
X509_STORE_CTX *ctx);
|
2239
|
-
OPENSSL_EXPORT int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx);
|
2240
|
-
|
2241
2781
|
OPENSSL_EXPORT X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(
|
2242
2782
|
X509_STORE_CTX *ctx);
|
2243
2783
|
OPENSSL_EXPORT void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx,
|
@@ -2269,10 +2809,12 @@ OPENSSL_EXPORT void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param,
|
|
2269
2809
|
int depth);
|
2270
2810
|
OPENSSL_EXPORT void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param,
|
2271
2811
|
time_t t);
|
2812
|
+
OPENSSL_EXPORT void X509_VERIFY_PARAM_set_time_posix(X509_VERIFY_PARAM *param,
|
2813
|
+
int64_t t);
|
2272
2814
|
OPENSSL_EXPORT int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
|
2273
2815
|
ASN1_OBJECT *policy);
|
2274
2816
|
OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_policies(
|
2275
|
-
X509_VERIFY_PARAM *param, STACK_OF(ASN1_OBJECT) *policies);
|
2817
|
+
X509_VERIFY_PARAM *param, const STACK_OF(ASN1_OBJECT) *policies);
|
2276
2818
|
|
2277
2819
|
OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
|
2278
2820
|
const char *name,
|
@@ -2296,43 +2838,8 @@ OPENSSL_EXPORT int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param);
|
|
2296
2838
|
OPENSSL_EXPORT const char *X509_VERIFY_PARAM_get0_name(
|
2297
2839
|
const X509_VERIFY_PARAM *param);
|
2298
2840
|
|
2299
|
-
OPENSSL_EXPORT int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param);
|
2300
|
-
OPENSSL_EXPORT int X509_VERIFY_PARAM_get_count(void);
|
2301
|
-
OPENSSL_EXPORT const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id);
|
2302
2841
|
OPENSSL_EXPORT const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(
|
2303
2842
|
const char *name);
|
2304
|
-
OPENSSL_EXPORT void X509_VERIFY_PARAM_table_cleanup(void);
|
2305
|
-
|
2306
|
-
OPENSSL_EXPORT int X509_policy_check(X509_POLICY_TREE **ptree,
|
2307
|
-
int *pexplicit_policy,
|
2308
|
-
STACK_OF(X509) *certs,
|
2309
|
-
STACK_OF(ASN1_OBJECT) *policy_oids,
|
2310
|
-
unsigned int flags);
|
2311
|
-
|
2312
|
-
OPENSSL_EXPORT void X509_policy_tree_free(X509_POLICY_TREE *tree);
|
2313
|
-
|
2314
|
-
OPENSSL_EXPORT int X509_policy_tree_level_count(const X509_POLICY_TREE *tree);
|
2315
|
-
OPENSSL_EXPORT X509_POLICY_LEVEL *X509_policy_tree_get0_level(
|
2316
|
-
const X509_POLICY_TREE *tree, int i);
|
2317
|
-
|
2318
|
-
OPENSSL_EXPORT STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_policies(
|
2319
|
-
const X509_POLICY_TREE *tree);
|
2320
|
-
|
2321
|
-
OPENSSL_EXPORT STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_user_policies(
|
2322
|
-
const X509_POLICY_TREE *tree);
|
2323
|
-
|
2324
|
-
OPENSSL_EXPORT int X509_policy_level_node_count(X509_POLICY_LEVEL *level);
|
2325
|
-
|
2326
|
-
OPENSSL_EXPORT X509_POLICY_NODE *X509_policy_level_get0_node(
|
2327
|
-
X509_POLICY_LEVEL *level, int i);
|
2328
|
-
|
2329
|
-
OPENSSL_EXPORT const ASN1_OBJECT *X509_policy_node_get0_policy(
|
2330
|
-
const X509_POLICY_NODE *node);
|
2331
|
-
|
2332
|
-
OPENSSL_EXPORT STACK_OF(POLICYQUALINFO) *X509_policy_node_get0_qualifiers(
|
2333
|
-
const X509_POLICY_NODE *node);
|
2334
|
-
OPENSSL_EXPORT const X509_POLICY_NODE *X509_policy_node_get0_parent(
|
2335
|
-
const X509_POLICY_NODE *node);
|
2336
2843
|
|
2337
2844
|
|
2338
2845
|
#if defined(__cplusplus)
|
@@ -2352,14 +2859,12 @@ BORINGSSL_MAKE_DELETER(X509_ALGOR, X509_ALGOR_free)
|
|
2352
2859
|
BORINGSSL_MAKE_DELETER(X509_ATTRIBUTE, X509_ATTRIBUTE_free)
|
2353
2860
|
BORINGSSL_MAKE_DELETER(X509_CRL, X509_CRL_free)
|
2354
2861
|
BORINGSSL_MAKE_UP_REF(X509_CRL, X509_CRL_up_ref)
|
2355
|
-
BORINGSSL_MAKE_DELETER(X509_CRL_METHOD, X509_CRL_METHOD_free)
|
2356
2862
|
BORINGSSL_MAKE_DELETER(X509_EXTENSION, X509_EXTENSION_free)
|
2357
2863
|
BORINGSSL_MAKE_DELETER(X509_INFO, X509_INFO_free)
|
2358
2864
|
BORINGSSL_MAKE_DELETER(X509_LOOKUP, X509_LOOKUP_free)
|
2359
2865
|
BORINGSSL_MAKE_DELETER(X509_NAME, X509_NAME_free)
|
2360
2866
|
BORINGSSL_MAKE_DELETER(X509_NAME_ENTRY, X509_NAME_ENTRY_free)
|
2361
2867
|
BORINGSSL_MAKE_DELETER(X509_PKEY, X509_PKEY_free)
|
2362
|
-
BORINGSSL_MAKE_DELETER(X509_POLICY_TREE, X509_policy_tree_free)
|
2363
2868
|
BORINGSSL_MAKE_DELETER(X509_PUBKEY, X509_PUBKEY_free)
|
2364
2869
|
BORINGSSL_MAKE_DELETER(X509_REQ, X509_REQ_free)
|
2365
2870
|
BORINGSSL_MAKE_DELETER(X509_REVOKED, X509_REVOKED_free)
|
@@ -2415,5 +2920,9 @@ BSSL_NAMESPACE_END
|
|
2415
2920
|
#define X509_R_DELTA_CRL_WITHOUT_CRL_NUMBER 138
|
2416
2921
|
#define X509_R_INVALID_FIELD_FOR_VERSION 139
|
2417
2922
|
#define X509_R_INVALID_VERSION 140
|
2923
|
+
#define X509_R_NO_CERTIFICATE_FOUND 141
|
2924
|
+
#define X509_R_NO_CERTIFICATE_OR_CRL_FOUND 142
|
2925
|
+
#define X509_R_NO_CRL_FOUND 143
|
2926
|
+
#define X509_R_INVALID_POLICY_EXTENSION 144
|
2418
2927
|
|
2419
|
-
#endif
|
2928
|
+
#endif // OPENSSL_HEADER_X509_H
|