grpc 1.53.1 → 1.54.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +78 -66
- data/include/grpc/event_engine/event_engine.h +30 -14
- data/include/grpc/grpc_security.h +4 -0
- data/include/grpc/support/port_platform.h +4 -4
- data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +11 -0
- data/src/core/ext/filters/client_channel/backend_metric.cc +6 -0
- data/src/core/ext/filters/client_channel/backup_poller.cc +2 -11
- data/src/core/ext/filters/client_channel/backup_poller.h +0 -3
- data/src/core/ext/filters/client_channel/client_channel.cc +848 -813
- data/src/core/ext/filters/client_channel/client_channel.h +131 -173
- data/src/core/ext/filters/client_channel/client_channel_internal.h +114 -0
- data/src/core/ext/filters/client_channel/config_selector.h +4 -3
- data/src/core/ext/filters/client_channel/lb_policy/backend_metric_data.h +6 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +17 -18
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +134 -151
- data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +2 -16
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +14 -10
- data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/weighted_round_robin.cc +68 -30
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +11 -3
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +8 -1
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +2 -5
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +30 -38
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +4 -4
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +20 -26
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +31 -179
- data/src/core/ext/filters/client_channel/resolver/polling_resolver.cc +1 -2
- data/src/core/ext/filters/client_channel/resolver/polling_resolver.h +1 -2
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +4 -2
- data/src/core/ext/filters/client_channel/retry_filter.cc +95 -102
- data/src/core/ext/filters/client_channel/subchannel.cc +2 -4
- data/src/core/ext/filters/client_channel/subchannel_stream_client.cc +26 -27
- data/src/core/ext/filters/client_channel/subchannel_stream_client.h +8 -5
- data/src/core/ext/filters/http/client/http_client_filter.cc +3 -3
- data/src/core/ext/filters/http/http_filters_plugin.cc +1 -12
- data/src/core/ext/filters/http/message_compress/compression_filter.cc +27 -11
- data/src/core/ext/filters/message_size/message_size_filter.cc +141 -224
- data/src/core/ext/filters/message_size/message_size_filter.h +48 -3
- data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +7 -6
- data/src/core/ext/gcp/metadata_query.cc +142 -0
- data/src/core/ext/gcp/metadata_query.h +82 -0
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +70 -55
- data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +8 -12
- data/src/core/ext/transport/chttp2/transport/bin_encoder.h +1 -5
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +116 -58
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +5 -2
- data/src/core/ext/transport/chttp2/transport/flow_control.h +2 -1
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +4 -1
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +222 -118
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +113 -295
- data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc +0 -2
- data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.h +0 -2
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +277 -451
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +1 -3
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +12 -14
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +1 -9
- data/src/core/ext/transport/chttp2/transport/internal.h +16 -3
- data/src/core/ext/transport/chttp2/transport/parsing.cc +3 -2
- data/src/core/ext/transport/chttp2/transport/writing.cc +10 -5
- data/src/core/ext/transport/inproc/inproc_transport.cc +20 -14
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +22 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +22 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +23 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +94 -3
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +23 -2
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +120 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.c +6 -3
- data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.h +22 -0
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +24 -6
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +111 -12
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +9 -7
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +27 -9
- data/src/core/ext/upb-generated/envoy/config/trace/v3/opentelemetry.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +11 -7
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +56 -12
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.h +24 -0
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.h +24 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.c +13 -2
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.h +49 -0
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.c +24 -9
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.h +66 -12
- data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +191 -187
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +139 -136
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +31 -15
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +12 -9
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +15 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.c +54 -45
- data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c +135 -119
- data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +100 -97
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opentelemetry.upbdefs.c +15 -18
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +272 -264
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +117 -117
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.c +5 -5
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +5 -5
- data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +5 -5
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.c +12 -9
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.h +5 -0
- data/src/core/ext/xds/xds_channel_stack_modifier.cc +1 -2
- data/src/core/ext/xds/xds_client_stats.cc +29 -15
- data/src/core/ext/xds/xds_client_stats.h +24 -20
- data/src/core/ext/xds/xds_endpoint.cc +5 -2
- data/src/core/ext/xds/xds_endpoint.h +9 -1
- data/src/core/ext/xds/xds_http_rbac_filter.cc +1 -1
- data/src/core/ext/xds/xds_lb_policy_registry.cc +13 -0
- data/src/core/ext/xds/xds_transport_grpc.cc +1 -1
- data/src/core/lib/channel/call_finalization.h +1 -1
- data/src/core/lib/channel/call_tracer.cc +51 -0
- data/src/core/lib/channel/call_tracer.h +101 -38
- data/src/core/lib/channel/connected_channel.cc +483 -1050
- data/src/core/lib/channel/context.h +8 -1
- data/src/core/lib/channel/promise_based_filter.cc +106 -42
- data/src/core/lib/channel/promise_based_filter.h +27 -13
- data/src/core/lib/channel/server_call_tracer_filter.cc +110 -0
- data/src/core/lib/config/config_vars.cc +151 -0
- data/src/core/lib/config/config_vars.h +127 -0
- data/src/core/lib/config/config_vars_non_generated.cc +51 -0
- data/src/core/lib/config/load_config.cc +66 -0
- data/src/core/lib/config/load_config.h +49 -0
- data/src/core/lib/debug/trace.cc +5 -6
- data/src/core/lib/debug/trace.h +0 -5
- data/src/core/lib/event_engine/event_engine.cc +37 -2
- data/src/core/lib/event_engine/handle_containers.h +7 -22
- data/src/core/lib/event_engine/memory_allocator_factory.h +47 -0
- data/src/core/lib/event_engine/posix_engine/ev_poll_posix.cc +0 -4
- data/src/core/lib/event_engine/posix_engine/event_poller_posix_default.cc +3 -9
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +48 -15
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +8 -8
- data/src/core/lib/event_engine/posix_engine/posix_engine.cc +6 -5
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +6 -3
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +27 -18
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +0 -3
- data/src/core/lib/event_engine/resolved_address.cc +2 -1
- data/src/core/lib/event_engine/windows/win_socket.cc +0 -1
- data/src/core/lib/event_engine/windows/windows_endpoint.cc +129 -82
- data/src/core/lib/event_engine/windows/windows_endpoint.h +21 -5
- data/src/core/lib/event_engine/windows/windows_engine.cc +39 -18
- data/src/core/lib/event_engine/windows/windows_engine.h +2 -1
- data/src/core/lib/event_engine/windows/windows_listener.cc +370 -0
- data/src/core/lib/event_engine/windows/windows_listener.h +155 -0
- data/src/core/lib/experiments/config.cc +3 -10
- data/src/core/lib/experiments/experiments.cc +7 -0
- data/src/core/lib/experiments/experiments.h +9 -1
- data/src/core/lib/gpr/log.cc +15 -28
- data/src/core/lib/gprpp/fork.cc +8 -14
- data/src/core/lib/gprpp/orphanable.h +4 -3
- data/src/core/lib/gprpp/per_cpu.h +9 -3
- data/src/core/lib/gprpp/{thd_posix.cc → posix/thd.cc} +49 -37
- data/src/core/lib/gprpp/ref_counted.h +33 -34
- data/src/core/lib/gprpp/thd.h +16 -0
- data/src/core/lib/gprpp/time.cc +1 -0
- data/src/core/lib/gprpp/time.h +4 -4
- data/src/core/lib/gprpp/{thd_windows.cc → windows/thd.cc} +2 -2
- data/src/core/lib/iomgr/call_combiner.h +2 -2
- data/src/core/lib/iomgr/endpoint_cfstream.cc +4 -2
- data/src/core/lib/iomgr/ev_posix.cc +13 -53
- data/src/core/lib/iomgr/ev_posix.h +0 -3
- data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +103 -76
- data/src/core/lib/iomgr/iomgr.cc +4 -8
- data/src/core/lib/iomgr/iomgr_windows.cc +8 -2
- data/src/core/lib/iomgr/pollset_set_windows.cc +9 -9
- data/src/core/lib/iomgr/pollset_windows.cc +1 -1
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +16 -3
- data/src/core/lib/iomgr/tcp_client_windows.cc +2 -2
- data/src/core/lib/iomgr/tcp_posix.cc +0 -1
- data/src/core/lib/iomgr/tcp_server_posix.cc +5 -16
- data/src/core/lib/iomgr/tcp_server_windows.cc +176 -9
- data/src/core/lib/iomgr/tcp_windows.cc +12 -8
- data/src/core/lib/load_balancing/lb_policy.cc +9 -13
- data/src/core/lib/load_balancing/lb_policy.h +4 -2
- data/src/core/lib/promise/activity.cc +22 -6
- data/src/core/lib/promise/activity.h +61 -24
- data/src/core/lib/promise/cancel_callback.h +77 -0
- data/src/core/lib/promise/detail/basic_seq.h +1 -1
- data/src/core/lib/promise/detail/promise_factory.h +4 -0
- data/src/core/lib/promise/for_each.h +176 -0
- data/src/core/lib/promise/if.h +9 -0
- data/src/core/lib/promise/interceptor_list.h +23 -2
- data/src/core/lib/promise/latch.h +89 -3
- data/src/core/lib/promise/loop.h +13 -9
- data/src/core/lib/promise/map.h +7 -0
- data/src/core/lib/promise/party.cc +286 -0
- data/src/core/lib/promise/party.h +499 -0
- data/src/core/lib/promise/pipe.h +197 -57
- data/src/core/lib/promise/poll.h +48 -0
- data/src/core/lib/promise/promise.h +2 -2
- data/src/core/lib/resource_quota/arena.cc +19 -3
- data/src/core/lib/resource_quota/arena.h +119 -5
- data/src/core/lib/resource_quota/memory_quota.cc +1 -1
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +12 -35
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +1 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +0 -59
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +10 -5
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +13 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +2 -0
- data/src/core/lib/security/security_connector/load_system_roots_supported.cc +5 -9
- data/src/core/lib/security/security_connector/ssl_utils.cc +11 -25
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +12 -0
- data/src/core/lib/security/transport/secure_endpoint.cc +4 -2
- data/src/core/lib/security/transport/server_auth_filter.cc +20 -2
- data/src/core/lib/slice/slice.cc +1 -1
- data/src/core/lib/surface/builtins.cc +2 -0
- data/src/core/lib/surface/call.cc +926 -1024
- data/src/core/lib/surface/call.h +10 -0
- data/src/core/lib/surface/lame_client.cc +1 -0
- data/src/core/lib/surface/validate_metadata.cc +42 -43
- data/src/core/lib/surface/validate_metadata.h +0 -9
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/batch_builder.cc +179 -0
- data/src/core/lib/transport/batch_builder.h +468 -0
- data/src/core/lib/transport/bdp_estimator.cc +7 -7
- data/src/core/lib/transport/bdp_estimator.h +10 -6
- data/src/core/lib/transport/custom_metadata.h +30 -0
- data/src/core/lib/transport/metadata_batch.cc +5 -2
- data/src/core/lib/transport/metadata_batch.h +17 -113
- data/src/core/lib/transport/parsed_metadata.h +6 -16
- data/src/core/lib/transport/timeout_encoding.cc +6 -1
- data/src/core/lib/transport/transport.cc +30 -2
- data/src/core/lib/transport/transport.h +70 -14
- data/src/core/lib/transport/transport_impl.h +7 -0
- data/src/core/lib/transport/transport_op_string.cc +52 -42
- data/src/core/plugin_registry/grpc_plugin_registry.cc +2 -2
- data/src/core/tsi/alts/frame_protector/alts_frame_protector.cc +1 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +21 -4
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +5 -0
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +1 -1
- data/src/core/tsi/ssl_transport_security.cc +4 -2
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/abseil-cpp/absl/base/config.h +1 -1
- data/third_party/abseil-cpp/absl/flags/commandlineflag.cc +34 -0
- data/third_party/abseil-cpp/absl/flags/commandlineflag.h +200 -0
- data/third_party/abseil-cpp/absl/flags/config.h +68 -0
- data/third_party/abseil-cpp/absl/flags/declare.h +73 -0
- data/third_party/abseil-cpp/absl/flags/flag.cc +38 -0
- data/third_party/abseil-cpp/absl/flags/flag.h +310 -0
- data/{src/core/lib/gprpp/global_config_custom.h → third_party/abseil-cpp/absl/flags/internal/commandlineflag.cc} +11 -14
- data/third_party/abseil-cpp/absl/flags/internal/commandlineflag.h +68 -0
- data/third_party/abseil-cpp/absl/flags/internal/flag.cc +615 -0
- data/third_party/abseil-cpp/absl/flags/internal/flag.h +800 -0
- data/third_party/abseil-cpp/absl/flags/internal/flag_msvc.inc +116 -0
- data/third_party/abseil-cpp/absl/flags/internal/path_util.h +62 -0
- data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.cc +65 -0
- data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.h +61 -0
- data/third_party/abseil-cpp/absl/flags/internal/program_name.cc +60 -0
- data/third_party/abseil-cpp/absl/flags/internal/program_name.h +50 -0
- data/third_party/abseil-cpp/absl/flags/internal/registry.h +97 -0
- data/third_party/abseil-cpp/absl/flags/internal/sequence_lock.h +187 -0
- data/third_party/abseil-cpp/absl/flags/marshalling.cc +241 -0
- data/third_party/abseil-cpp/absl/flags/marshalling.h +356 -0
- data/third_party/abseil-cpp/absl/flags/reflection.cc +354 -0
- data/third_party/abseil-cpp/absl/flags/reflection.h +90 -0
- data/third_party/abseil-cpp/absl/flags/usage_config.cc +165 -0
- data/third_party/abseil-cpp/absl/flags/usage_config.h +135 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +12 -8
- data/third_party/boringssl-with-bazel/err_data.c +728 -712
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +177 -177
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +28 -55
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_d2i_fp.c +21 -23
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_dup.c +20 -23
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.c +66 -185
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_i2d_fp.c +18 -21
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +356 -311
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +174 -194
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +146 -210
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +6 -9
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strex.c +346 -526
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +110 -131
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +130 -116
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +93 -60
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +93 -181
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +242 -305
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_par.c +41 -18
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +30 -33
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +36 -33
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +29 -26
- data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +133 -88
- data/third_party/boringssl-with-bazel/src/crypto/asn1/posix_time.c +230 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +791 -791
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +526 -526
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +114 -135
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +201 -207
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +21 -26
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +55 -68
- data/third_party/boringssl-with-bazel/src/crypto/base64/base64.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +11 -7
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio_mem.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +15 -9
- data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +17 -10
- data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +1 -3
- data/third_party/boringssl-with-bazel/src/crypto/bio/printf.c +0 -13
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket.c +3 -6
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +9 -5
- data/third_party/boringssl-with-bazel/src/crypto/bn_extra/convert.c +10 -23
- data/third_party/boringssl-with-bazel/src/crypto/buf/buf.c +2 -6
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/asn1_compat.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +29 -28
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbb.c +161 -201
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +254 -39
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/internal.h +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/chacha/chacha.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesctrhmac.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesgcmsiv.c +37 -75
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +8 -10
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/cipher → cipher_extra}/e_des.c +100 -78
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_null.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc2.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc4.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +6 -12
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +14 -11
- data/third_party/boringssl-with-bazel/src/crypto/conf/conf.c +6 -10
- data/third_party/boringssl-with-bazel/src/crypto/conf/conf_def.h +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/conf/internal.h +12 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_apple.c +74 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_freebsd.c +62 -0
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-fuchsia.c → cpu_aarch64_fuchsia.c} +8 -7
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-linux.c → cpu_aarch64_linux.c} +6 -4
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-win.c → cpu_aarch64_win.c} +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm.c → cpu_arm.c} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_freebsd.c +55 -0
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.c → cpu_arm_linux.c} +11 -90
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.h → cpu_arm_linux.h} +0 -38
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-intel.c → cpu_intel.c} +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/crypto.c +25 -20
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +16 -27
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +17 -32
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/des.c +232 -232
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/dh_extra/dh_asn1.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/dh_extra/params.c +232 -29
- data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +0 -3
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +39 -16
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa_asn1.c +37 -7
- data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +11 -36
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +214 -99
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +21 -5
- data/third_party/boringssl-with-bazel/src/crypto/ecdsa_extra/ecdsa_asn1.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/err/err.c +83 -60
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +46 -12
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_ctx.c +25 -23
- data/third_party/boringssl-with-bazel/src/crypto/evp/internal.h +43 -9
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_dsa_asn1.c +75 -44
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec.c +19 -25
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec_asn1.c +96 -45
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519.c +7 -8
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519_asn1.c +26 -23
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_hkdf.c +233 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa_asn1.c +42 -25
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519_asn1.c +35 -47
- data/third_party/boringssl-with-bazel/src/crypto/evp/print.c +135 -244
- data/third_party/boringssl-with-bazel/src/crypto/evp/scrypt.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/evp/sign.c +15 -10
- data/third_party/boringssl-with-bazel/src/crypto/ex_data.c +29 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +13 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +3 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/key_wrap.c +13 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +9 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +35 -27
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +16 -26
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bytes.c +88 -60
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/cmp.c +4 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/ctx.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div_extra.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +99 -113
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd_extra.c +5 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/generic.c +112 -168
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +86 -31
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +11 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery_inv.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +13 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/random.c +13 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.c +19 -108
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.h +19 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/shift.c +15 -16
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/sqrt.c +22 -21
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/aead.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +79 -19
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +102 -99
- data/third_party/boringssl-with-bazel/src/crypto/{cipher_extra → fipsmodule/cipher}/e_aesccm.c +52 -46
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/internal.h +39 -0
- data/third_party/boringssl-with-bazel/src/crypto/{cmac → fipsmodule/cmac}/cmac.c +55 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/check.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/dh.c +21 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/internal.h +56 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +5 -3
- data/third_party/boringssl-with-bazel/src/crypto/{evp → fipsmodule/digestsign}/digestsign.c +51 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +25 -25
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +91 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +34 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +54 -23
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +44 -60
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64-table.h → p256-nistz-table.h} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.c → p256-nistz.c} +60 -53
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.h → p256-nistz.h} +5 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +48 -36
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +2 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +2 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +42 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +6 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hmac/hmac.c +52 -24
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +9 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cfb.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +71 -43
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +14 -16
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/ctrdrbg.c +31 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +16 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +9 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +73 -59
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +11 -45
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +22 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/padding.c +63 -52
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +107 -62
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +58 -31
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +41 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +523 -422
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/internal.h +89 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/service_indicator.c +334 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +3 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +12 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +14 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/kdf.c +19 -6
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +32 -14
- data/third_party/boringssl-with-bazel/src/crypto/hrss/hrss.c +65 -29
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +373 -18
- data/third_party/boringssl-with-bazel/src/crypto/kyber/internal.h +61 -0
- data/third_party/boringssl-with-bazel/src/crypto/kyber/keccak.c +205 -0
- data/third_party/boringssl-with-bazel/src/crypto/lhash/internal.h +13 -1
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +220 -13
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +19 -7
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +13 -1
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_all.c +81 -90
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_info.c +150 -245
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +629 -613
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_oth.c +17 -17
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +142 -149
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +99 -131
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_x509.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_xaux.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8.c +0 -3
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +36 -66
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +31 -38
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +18 -31
- data/third_party/boringssl-with-bazel/src/crypto/pool/internal.h +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +8 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +129 -5
- data/third_party/boringssl-with-bazel/src/crypto/refcount_c11.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/refcount_lock.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/siphash/siphash.c +8 -11
- data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +61 -27
- data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +10 -13
- data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +10 -13
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +66 -34
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +190 -77
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +81 -284
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +109 -42
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_digest.c +22 -24
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_sign.c +54 -55
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_verify.c +32 -34
- data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +32 -16
- data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +465 -704
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +284 -331
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +183 -178
- data/third_party/boringssl-with-bazel/src/crypto/x509/i2d_pr.c +11 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +67 -50
- data/third_party/boringssl-with-bazel/src/crypto/x509/name_print.c +153 -150
- data/third_party/boringssl-with-bazel/src/crypto/x509/policy.c +786 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +95 -102
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +72 -57
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +12 -10
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +227 -252
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509a.c +52 -47
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +230 -224
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +161 -327
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_d2.c +37 -33
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_def.c +14 -31
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +55 -85
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +534 -618
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +129 -122
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +116 -182
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +132 -132
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +181 -202
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_txt.c +64 -79
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +175 -160
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +1865 -2050
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +433 -462
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +156 -163
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +267 -263
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509rset.c +40 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.c +59 -63
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +63 -67
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +114 -144
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +25 -26
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +326 -415
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_exten.c +8 -7
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_info.c +30 -28
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +354 -370
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +37 -32
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +116 -119
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_req.c +36 -26
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_spki.c +10 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_val.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +419 -261
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +113 -105
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/ext_dat.h +11 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +78 -170
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +126 -131
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akeya.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +465 -469
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bcons.c +56 -54
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +46 -49
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +309 -346
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +341 -365
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_crld.c +429 -393
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +29 -24
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_extku.c +65 -59
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +125 -121
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +43 -42
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +122 -125
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_int.c +50 -20
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +247 -253
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ncons.c +386 -389
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ocsp.c +45 -32
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcons.c +57 -54
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pmaps.c +63 -67
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +143 -136
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +664 -707
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +83 -75
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +1062 -1146
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +8 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +28 -48
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +211 -187
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +26 -78
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +19 -14
- data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +21 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +49 -17
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +99 -29
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +49 -60
- data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +2 -15
- data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +16 -200
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +34 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ctrdrbg.h +82 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +32 -30
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +7 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +48 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h +37 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/err.h +33 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +22 -30
- data/third_party/boringssl-with-bazel/src/include/openssl/ex_data.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/hmac.h +7 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +41 -16
- data/third_party/boringssl-with-bazel/src/include/openssl/kdf.h +91 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +74 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +13 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +11 -15
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +8 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +12 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +7 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/service_indicator.h +96 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +13 -21
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +139 -75
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl3.h +1 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/stack.h +384 -286
- data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +5 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/time.h +41 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +18 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +49 -23
- data/third_party/boringssl-with-bazel/src/include/openssl/type_check.h +0 -11
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +1592 -1074
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +202 -205
- data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +6 -13
- data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +17 -18
- data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +4 -5
- data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +25 -33
- data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +34 -20
- data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +65 -34
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +198 -54
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +5 -5
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +32 -28
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +76 -44
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +130 -98
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +27 -11
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +91 -75
- data/third_party/boringssl-with-bazel/src/ssl/ssl_aead_ctx.cc +8 -10
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +39 -65
- data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +1 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +5 -9
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +30 -33
- data/third_party/boringssl-with-bazel/src/ssl/ssl_file.cc +77 -100
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +120 -107
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +164 -30
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +150 -60
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +22 -11
- data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +22 -6
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +15 -13
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +5 -43
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +7 -4
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +22 -34
- data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +16 -98
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +1241 -657
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +751 -398
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +3551 -1938
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +1272 -487
- metadata +103 -70
- data/src/core/ext/filters/client_channel/lb_call_state_internal.h +0 -39
- data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.cc +0 -30
- data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.h +0 -29
- data/src/core/lib/gprpp/global_config.h +0 -93
- data/src/core/lib/gprpp/global_config_env.cc +0 -140
- data/src/core/lib/gprpp/global_config_env.h +0 -133
- data/src/core/lib/gprpp/global_config_generic.h +0 -40
- data/src/core/lib/promise/intra_activity_waiter.h +0 -55
- data/src/core/lib/security/security_connector/ssl_utils_config.cc +0 -32
- data/src/core/lib/security/security_connector/ssl_utils_config.h +0 -29
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +0 -195
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_print.c +0 -83
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utf8.c +0 -236
- data/third_party/boringssl-with-bazel/src/crypto/asn1/charmap.h +0 -15
- data/third_party/boringssl-with-bazel/src/crypto/asn1/time_support.c +0 -206
- data/third_party/boringssl-with-bazel/src/crypto/cpu-ppc64le.c +0 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1-altivec.c +0 -361
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_cache.c +0 -287
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +0 -132
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_lib.c +0 -155
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_map.c +0 -131
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_node.c +0 -189
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_tree.c +0 -843
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pci.c +0 -289
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcia.c +0 -57
- /data/src/core/lib/gpr/{log_android.cc → android/log.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_iphone.cc → iphone/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_linux.cc → linux/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{log_linux.cc → linux/log.cc} +0 -0
- /data/src/core/lib/gpr/{tmpfile_msys.cc → msys/tmpfile.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_posix.cc → posix/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{log_posix.cc → posix/log.cc} +0 -0
- /data/src/core/lib/gpr/{string_posix.cc → posix/string.cc} +0 -0
- /data/src/core/lib/gpr/{sync_posix.cc → posix/sync.cc} +0 -0
- /data/src/core/lib/gpr/{time_posix.cc → posix/time.cc} +0 -0
- /data/src/core/lib/gpr/{tmpfile_posix.cc → posix/tmpfile.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_windows.cc → windows/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{log_windows.cc → windows/log.cc} +0 -0
- /data/src/core/lib/gpr/{string_windows.cc → windows/string.cc} +0 -0
- /data/src/core/lib/gpr/{string_util_windows.cc → windows/string_util.cc} +0 -0
- /data/src/core/lib/gpr/{sync_windows.cc → windows/sync.cc} +0 -0
- /data/src/core/lib/gpr/{time_windows.cc → windows/time.cc} +0 -0
- /data/src/core/lib/gpr/{tmpfile_windows.cc → windows/tmpfile.cc} +0 -0
- /data/src/core/lib/gprpp/{env_linux.cc → linux/env.cc} +0 -0
- /data/src/core/lib/gprpp/{env_posix.cc → posix/env.cc} +0 -0
- /data/src/core/lib/gprpp/{stat_posix.cc → posix/stat.cc} +0 -0
- /data/src/core/lib/gprpp/{env_windows.cc → windows/env.cc} +0 -0
- /data/src/core/lib/gprpp/{stat_windows.cc → windows/stat.cc} +0 -0
@@ -55,758 +55,771 @@
|
|
55
55
|
* [including the GNU Public Licence.] */
|
56
56
|
|
57
57
|
#include <openssl/asn1.h>
|
58
|
-
|
59
|
-
#include <limits.h>
|
60
|
-
#include <string.h>
|
61
|
-
|
62
58
|
#include <openssl/asn1t.h>
|
59
|
+
#include <openssl/bytestring.h>
|
63
60
|
#include <openssl/err.h>
|
64
61
|
#include <openssl/mem.h>
|
62
|
+
#include <openssl/pool.h>
|
63
|
+
|
64
|
+
#include <assert.h>
|
65
|
+
#include <limits.h>
|
66
|
+
#include <string.h>
|
65
67
|
|
68
|
+
#include "../bytestring/internal.h"
|
66
69
|
#include "../internal.h"
|
67
70
|
#include "internal.h"
|
68
71
|
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
* recursive invocations of asn1_item_embed_d2i().
|
74
|
-
*/
|
72
|
+
// Constructed types with a recursive definition (such as can be found in PKCS7)
|
73
|
+
// could eventually exceed the stack given malicious input with excessive
|
74
|
+
// recursion. Therefore we limit the stack depth. This is the maximum number of
|
75
|
+
// recursive invocations of asn1_item_embed_d2i().
|
75
76
|
#define ASN1_MAX_CONSTRUCTED_NEST 30
|
76
77
|
|
77
|
-
static int asn1_check_eoc(const unsigned char **in, long len);
|
78
|
-
|
79
78
|
static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,
|
80
79
|
char *cst, const unsigned char **in, long len,
|
81
|
-
int exptag, int expclass, char opt
|
82
|
-
|
83
|
-
static int asn1_template_ex_d2i(ASN1_VALUE **pval,
|
84
|
-
const
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
const ASN1_TEMPLATE *tt, char opt,
|
90
|
-
ASN1_TLC *ctx, int depth);
|
80
|
+
int exptag, int expclass, char opt);
|
81
|
+
|
82
|
+
static int asn1_template_ex_d2i(ASN1_VALUE **pval, const unsigned char **in,
|
83
|
+
long len, const ASN1_TEMPLATE *tt, char opt,
|
84
|
+
CRYPTO_BUFFER *buf, int depth);
|
85
|
+
static int asn1_template_noexp_d2i(ASN1_VALUE **val, const unsigned char **in,
|
86
|
+
long len, const ASN1_TEMPLATE *tt, char opt,
|
87
|
+
CRYPTO_BUFFER *buf, int depth);
|
91
88
|
static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
|
92
89
|
int utype, const ASN1_ITEM *it);
|
93
|
-
static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
|
94
|
-
const
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
|
113
|
-
|
114
|
-
|
115
|
-
|
116
|
-
|
117
|
-
|
90
|
+
static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, const unsigned char **in,
|
91
|
+
long len, const ASN1_ITEM *it, int tag,
|
92
|
+
int aclass, char opt);
|
93
|
+
static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in,
|
94
|
+
long len, const ASN1_ITEM *it, int tag, int aclass,
|
95
|
+
char opt, CRYPTO_BUFFER *buf, int depth);
|
96
|
+
|
97
|
+
// Table to convert tags to bit values, used for MSTRING type
|
98
|
+
static const unsigned long tag2bit[31] = {
|
99
|
+
0, // (reserved)
|
100
|
+
0, // BOOLEAN
|
101
|
+
0, // INTEGER
|
102
|
+
B_ASN1_BIT_STRING,
|
103
|
+
B_ASN1_OCTET_STRING,
|
104
|
+
0, // NULL
|
105
|
+
0, // OBJECT IDENTIFIER
|
106
|
+
B_ASN1_UNKNOWN, // ObjectDescriptor
|
107
|
+
B_ASN1_UNKNOWN, // EXTERNAL
|
108
|
+
B_ASN1_UNKNOWN, // REAL
|
109
|
+
B_ASN1_UNKNOWN, // ENUMERATED
|
110
|
+
B_ASN1_UNKNOWN, // EMBEDDED PDV
|
111
|
+
B_ASN1_UTF8STRING,
|
112
|
+
B_ASN1_UNKNOWN, // RELATIVE-OID
|
113
|
+
B_ASN1_UNKNOWN, // TIME
|
114
|
+
B_ASN1_UNKNOWN, // (reserved)
|
115
|
+
B_ASN1_SEQUENCE,
|
116
|
+
0, // SET
|
117
|
+
B_ASN1_NUMERICSTRING,
|
118
|
+
B_ASN1_PRINTABLESTRING,
|
119
|
+
B_ASN1_T61STRING,
|
120
|
+
B_ASN1_VIDEOTEXSTRING,
|
121
|
+
B_ASN1_IA5STRING,
|
122
|
+
B_ASN1_UTCTIME,
|
123
|
+
B_ASN1_GENERALIZEDTIME,
|
124
|
+
B_ASN1_GRAPHICSTRING,
|
125
|
+
B_ASN1_ISO64STRING,
|
126
|
+
B_ASN1_GENERALSTRING,
|
127
|
+
B_ASN1_UNIVERSALSTRING,
|
128
|
+
B_ASN1_UNKNOWN, // CHARACTER STRING
|
129
|
+
B_ASN1_BMPSTRING,
|
118
130
|
};
|
119
131
|
|
120
|
-
unsigned long ASN1_tag2bit(int tag)
|
121
|
-
{
|
122
|
-
|
123
|
-
|
124
|
-
|
132
|
+
unsigned long ASN1_tag2bit(int tag) {
|
133
|
+
if (tag < 0 || tag > 30) {
|
134
|
+
return 0;
|
135
|
+
}
|
136
|
+
return tag2bit[tag];
|
125
137
|
}
|
126
138
|
|
127
|
-
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
|
135
|
-
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
|
140
|
-
|
141
|
-
|
142
|
-
const ASN1_ITEM *it)
|
143
|
-
{
|
144
|
-
ASN1_TLC c;
|
145
|
-
ASN1_VALUE *ptmpval = NULL;
|
146
|
-
if (!pval)
|
147
|
-
pval = &ptmpval;
|
148
|
-
asn1_tlc_clear_nc(&c);
|
149
|
-
if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0)
|
150
|
-
return *pval;
|
151
|
-
return NULL;
|
139
|
+
static int is_supported_universal_type(int tag, int aclass) {
|
140
|
+
if (aclass != V_ASN1_UNIVERSAL) {
|
141
|
+
return 0;
|
142
|
+
}
|
143
|
+
return tag == V_ASN1_OBJECT || tag == V_ASN1_NULL || tag == V_ASN1_BOOLEAN ||
|
144
|
+
tag == V_ASN1_BIT_STRING || tag == V_ASN1_INTEGER ||
|
145
|
+
tag == V_ASN1_ENUMERATED || tag == V_ASN1_OCTET_STRING ||
|
146
|
+
tag == V_ASN1_NUMERICSTRING || tag == V_ASN1_PRINTABLESTRING ||
|
147
|
+
tag == V_ASN1_T61STRING || tag == V_ASN1_VIDEOTEXSTRING ||
|
148
|
+
tag == V_ASN1_IA5STRING || tag == V_ASN1_UTCTIME ||
|
149
|
+
tag == V_ASN1_GENERALIZEDTIME || tag == V_ASN1_GRAPHICSTRING ||
|
150
|
+
tag == V_ASN1_VISIBLESTRING || tag == V_ASN1_GENERALSTRING ||
|
151
|
+
tag == V_ASN1_UNIVERSALSTRING || tag == V_ASN1_BMPSTRING ||
|
152
|
+
tag == V_ASN1_UTF8STRING || tag == V_ASN1_SET ||
|
153
|
+
tag == V_ASN1_SEQUENCE;
|
152
154
|
}
|
153
155
|
|
154
|
-
|
155
|
-
|
156
|
-
|
157
|
-
|
156
|
+
// Macro to initialize and invalidate the cache
|
157
|
+
|
158
|
+
// Decode an ASN1 item, this currently behaves just like a standard 'd2i'
|
159
|
+
// function. 'in' points to a buffer to read the data from, in future we
|
160
|
+
// will have more advanced versions that can input data a piece at a time and
|
161
|
+
// this will simply be a special case.
|
162
|
+
|
163
|
+
ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
|
164
|
+
const ASN1_ITEM *it) {
|
165
|
+
ASN1_VALUE *ret = NULL;
|
166
|
+
if (asn1_item_ex_d2i(&ret, in, len, it, /*tag=*/-1, /*aclass=*/0, /*opt=*/0,
|
167
|
+
/*buf=*/NULL, /*depth=*/0) <= 0) {
|
168
|
+
// Clean up, in case the caller left a partial object.
|
169
|
+
//
|
170
|
+
// TODO(davidben): I don't think it can leave one, but the codepaths below
|
171
|
+
// are a bit inconsistent. Revisit this when rewriting this function.
|
172
|
+
ASN1_item_ex_free(&ret, it);
|
173
|
+
}
|
174
|
+
|
175
|
+
// If the caller supplied an output pointer, free the old one and replace it
|
176
|
+
// with |ret|. This differs from OpenSSL slightly in that we don't support
|
177
|
+
// object reuse. We run this on both success and failure. On failure, even
|
178
|
+
// with object reuse, OpenSSL destroys the previous object.
|
179
|
+
if (pval != NULL) {
|
180
|
+
ASN1_item_ex_free(pval, it);
|
181
|
+
*pval = ret;
|
182
|
+
}
|
183
|
+
return ret;
|
184
|
+
}
|
185
|
+
|
186
|
+
// Decode an item, taking care of IMPLICIT tagging, if any. If 'opt' set and
|
187
|
+
// tag mismatch return -1 to handle OPTIONAL
|
188
|
+
//
|
189
|
+
// TODO(davidben): Historically, all functions in this file had to account for
|
190
|
+
// |*pval| containing an arbitrary existing value. This is no longer the case
|
191
|
+
// because |ASN1_item_d2i| now always starts from NULL. As part of rewriting
|
192
|
+
// this function, take the simplified assumptions into account. Though we must
|
193
|
+
// still account for the internal calls to |ASN1_item_ex_new|.
|
158
194
|
|
159
195
|
static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in,
|
160
196
|
long len, const ASN1_ITEM *it, int tag, int aclass,
|
161
|
-
char opt,
|
162
|
-
|
163
|
-
|
164
|
-
|
165
|
-
|
166
|
-
|
167
|
-
|
168
|
-
|
169
|
-
|
170
|
-
|
171
|
-
|
172
|
-
|
173
|
-
aclass &= ~ASN1_TFLG_COMBINE;
|
174
|
-
if (!pval)
|
175
|
-
return 0;
|
176
|
-
|
177
|
-
/*
|
178
|
-
* Bound |len| to comfortably fit in an int. Lengths in this module often
|
179
|
-
* switch between int and long without overflow checks.
|
180
|
-
*/
|
181
|
-
if (len > INT_MAX/2) {
|
182
|
-
len = INT_MAX/2;
|
183
|
-
}
|
197
|
+
char opt, CRYPTO_BUFFER *buf, int depth) {
|
198
|
+
const ASN1_TEMPLATE *tt, *errtt = NULL;
|
199
|
+
const unsigned char *p = NULL, *q;
|
200
|
+
unsigned char oclass;
|
201
|
+
char cst, isopt;
|
202
|
+
int i;
|
203
|
+
int otag;
|
204
|
+
int ret = 0;
|
205
|
+
ASN1_VALUE **pchptr;
|
206
|
+
if (!pval) {
|
207
|
+
return 0;
|
208
|
+
}
|
184
209
|
|
185
|
-
|
186
|
-
|
187
|
-
|
188
|
-
|
210
|
+
if (buf != NULL) {
|
211
|
+
assert(CRYPTO_BUFFER_data(buf) <= *in &&
|
212
|
+
*in + len <= CRYPTO_BUFFER_data(buf) + CRYPTO_BUFFER_len(buf));
|
213
|
+
}
|
189
214
|
|
190
|
-
|
215
|
+
// Bound |len| to comfortably fit in an int. Lengths in this module often
|
216
|
+
// switch between int and long without overflow checks.
|
217
|
+
if (len > INT_MAX / 2) {
|
218
|
+
len = INT_MAX / 2;
|
219
|
+
}
|
220
|
+
|
221
|
+
if (++depth > ASN1_MAX_CONSTRUCTED_NEST) {
|
222
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_TOO_DEEP);
|
223
|
+
goto err;
|
224
|
+
}
|
225
|
+
|
226
|
+
switch (it->itype) {
|
191
227
|
case ASN1_ITYPE_PRIMITIVE:
|
192
|
-
|
193
|
-
|
194
|
-
|
195
|
-
|
196
|
-
|
197
|
-
|
198
|
-
|
199
|
-
|
200
|
-
|
201
|
-
|
202
|
-
|
203
|
-
|
204
|
-
|
205
|
-
|
206
|
-
}
|
207
|
-
return asn1_d2i_ex_primitive(pval, in, len, it,
|
208
|
-
tag, aclass, opt, ctx);
|
209
|
-
break;
|
228
|
+
if (it->templates) {
|
229
|
+
// tagging or OPTIONAL is currently illegal on an item template
|
230
|
+
// because the flags can't get passed down. In practice this
|
231
|
+
// isn't a problem: we include the relevant flags from the item
|
232
|
+
// template in the template itself.
|
233
|
+
if ((tag != -1) || opt) {
|
234
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE);
|
235
|
+
goto err;
|
236
|
+
}
|
237
|
+
return asn1_template_ex_d2i(pval, in, len, it->templates, opt, buf,
|
238
|
+
depth);
|
239
|
+
}
|
240
|
+
return asn1_d2i_ex_primitive(pval, in, len, it, tag, aclass, opt);
|
241
|
+
break;
|
210
242
|
|
211
243
|
case ASN1_ITYPE_MSTRING:
|
212
|
-
|
213
|
-
|
214
|
-
|
215
|
-
|
216
|
-
|
217
|
-
|
218
|
-
goto err;
|
219
|
-
}
|
244
|
+
// It never makes sense for multi-strings to have implicit tagging, so
|
245
|
+
// if tag != -1, then this looks like an error in the template.
|
246
|
+
if (tag != -1) {
|
247
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_BAD_TEMPLATE);
|
248
|
+
goto err;
|
249
|
+
}
|
220
250
|
|
221
|
-
|
222
|
-
|
223
|
-
|
224
|
-
|
225
|
-
|
226
|
-
|
227
|
-
|
228
|
-
}
|
251
|
+
p = *in;
|
252
|
+
// Just read in tag and class
|
253
|
+
ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, &p, len, -1, 0, 1);
|
254
|
+
if (!ret) {
|
255
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
|
256
|
+
goto err;
|
257
|
+
}
|
229
258
|
|
230
|
-
|
231
|
-
|
232
|
-
|
233
|
-
|
234
|
-
|
235
|
-
OPENSSL_PUT_ERROR(ASN1, ASN1_R_MSTRING_NOT_UNIVERSAL);
|
236
|
-
goto err;
|
259
|
+
// Must be UNIVERSAL class
|
260
|
+
if (oclass != V_ASN1_UNIVERSAL) {
|
261
|
+
// If OPTIONAL, assume this is OK
|
262
|
+
if (opt) {
|
263
|
+
return -1;
|
237
264
|
}
|
238
|
-
|
239
|
-
|
240
|
-
|
241
|
-
|
242
|
-
|
243
|
-
|
244
|
-
|
265
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_MSTRING_NOT_UNIVERSAL);
|
266
|
+
goto err;
|
267
|
+
}
|
268
|
+
// Check tag matches bit map
|
269
|
+
if (!(ASN1_tag2bit(otag) & it->utype)) {
|
270
|
+
// If OPTIONAL, assume this is OK
|
271
|
+
if (opt) {
|
272
|
+
return -1;
|
245
273
|
}
|
246
|
-
|
274
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_MSTRING_WRONG_TAG);
|
275
|
+
goto err;
|
276
|
+
}
|
277
|
+
return asn1_d2i_ex_primitive(pval, in, len, it, otag, 0, 0);
|
247
278
|
|
248
|
-
case ASN1_ITYPE_EXTERN:
|
249
|
-
|
250
|
-
|
251
|
-
|
279
|
+
case ASN1_ITYPE_EXTERN: {
|
280
|
+
// We don't support implicit tagging with external types.
|
281
|
+
if (tag != -1) {
|
282
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_BAD_TEMPLATE);
|
283
|
+
goto err;
|
284
|
+
}
|
285
|
+
const ASN1_EXTERN_FUNCS *ef = it->funcs;
|
286
|
+
return ef->asn1_ex_d2i(pval, in, len, it, opt, NULL);
|
287
|
+
}
|
252
288
|
|
253
289
|
case ASN1_ITYPE_CHOICE: {
|
254
|
-
|
255
|
-
|
256
|
-
|
257
|
-
|
258
|
-
|
259
|
-
|
260
|
-
|
261
|
-
|
262
|
-
|
263
|
-
|
264
|
-
|
265
|
-
|
266
|
-
|
267
|
-
|
268
|
-
if
|
269
|
-
|
270
|
-
|
271
|
-
|
272
|
-
|
273
|
-
|
274
|
-
|
275
|
-
|
276
|
-
|
277
|
-
|
278
|
-
|
279
|
-
|
280
|
-
|
281
|
-
|
282
|
-
|
283
|
-
|
284
|
-
|
285
|
-
|
286
|
-
|
287
|
-
|
288
|
-
|
289
|
-
|
290
|
-
|
291
|
-
|
292
|
-
|
293
|
-
|
294
|
-
|
295
|
-
|
296
|
-
|
297
|
-
|
298
|
-
|
299
|
-
}
|
290
|
+
// It never makes sense for CHOICE types to have implicit tagging, so if
|
291
|
+
// tag != -1, then this looks like an error in the template.
|
292
|
+
if (tag != -1) {
|
293
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_BAD_TEMPLATE);
|
294
|
+
goto err;
|
295
|
+
}
|
296
|
+
|
297
|
+
const ASN1_AUX *aux = it->funcs;
|
298
|
+
ASN1_aux_cb *asn1_cb = aux != NULL ? aux->asn1_cb : NULL;
|
299
|
+
if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) {
|
300
|
+
goto auxerr;
|
301
|
+
}
|
302
|
+
|
303
|
+
if (*pval) {
|
304
|
+
// Free up and zero CHOICE value if initialised
|
305
|
+
i = asn1_get_choice_selector(pval, it);
|
306
|
+
if ((i >= 0) && (i < it->tcount)) {
|
307
|
+
tt = it->templates + i;
|
308
|
+
pchptr = asn1_get_field_ptr(pval, tt);
|
309
|
+
ASN1_template_free(pchptr, tt);
|
310
|
+
asn1_set_choice_selector(pval, -1, it);
|
311
|
+
}
|
312
|
+
} else if (!ASN1_item_ex_new(pval, it)) {
|
313
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
|
314
|
+
goto err;
|
315
|
+
}
|
316
|
+
// CHOICE type, try each possibility in turn
|
317
|
+
p = *in;
|
318
|
+
for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
|
319
|
+
pchptr = asn1_get_field_ptr(pval, tt);
|
320
|
+
// We mark field as OPTIONAL so its absence can be recognised.
|
321
|
+
ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, buf, depth);
|
322
|
+
// If field not present, try the next one
|
323
|
+
if (ret == -1) {
|
324
|
+
continue;
|
325
|
+
}
|
326
|
+
// If positive return, read OK, break loop
|
327
|
+
if (ret > 0) {
|
328
|
+
break;
|
329
|
+
}
|
330
|
+
// Otherwise must be an ASN1 parsing error
|
331
|
+
errtt = tt;
|
332
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
|
333
|
+
goto err;
|
334
|
+
}
|
300
335
|
|
301
|
-
|
302
|
-
|
303
|
-
|
304
|
-
|
305
|
-
|
306
|
-
|
307
|
-
|
308
|
-
}
|
309
|
-
OPENSSL_PUT_ERROR(ASN1, ASN1_R_NO_MATCHING_CHOICE_TYPE);
|
310
|
-
goto err;
|
336
|
+
// Did we fall off the end without reading anything?
|
337
|
+
if (i == it->tcount) {
|
338
|
+
// If OPTIONAL, this is OK
|
339
|
+
if (opt) {
|
340
|
+
// Free and zero it
|
341
|
+
ASN1_item_ex_free(pval, it);
|
342
|
+
return -1;
|
311
343
|
}
|
312
|
-
|
313
|
-
|
314
|
-
|
315
|
-
|
316
|
-
|
317
|
-
|
344
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_NO_MATCHING_CHOICE_TYPE);
|
345
|
+
goto err;
|
346
|
+
}
|
347
|
+
|
348
|
+
asn1_set_choice_selector(pval, i, it);
|
349
|
+
if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL)) {
|
350
|
+
goto auxerr;
|
351
|
+
}
|
352
|
+
*in = p;
|
353
|
+
return 1;
|
318
354
|
}
|
319
355
|
|
320
356
|
case ASN1_ITYPE_SEQUENCE: {
|
321
|
-
|
357
|
+
p = *in;
|
322
358
|
|
323
|
-
|
324
|
-
|
325
|
-
|
326
|
-
|
327
|
-
|
328
|
-
|
329
|
-
|
330
|
-
|
331
|
-
|
332
|
-
|
333
|
-
|
334
|
-
|
335
|
-
|
336
|
-
|
337
|
-
|
338
|
-
|
339
|
-
|
340
|
-
|
341
|
-
if (!*pval && !ASN1_item_ex_new(pval, it)) {
|
342
|
-
OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
|
343
|
-
goto err;
|
344
|
-
}
|
359
|
+
// If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL
|
360
|
+
if (tag == -1) {
|
361
|
+
tag = V_ASN1_SEQUENCE;
|
362
|
+
aclass = V_ASN1_UNIVERSAL;
|
363
|
+
}
|
364
|
+
// Get SEQUENCE length and update len, p
|
365
|
+
ret = asn1_check_tlen(&len, NULL, NULL, &cst, &p, len, tag, aclass, opt);
|
366
|
+
if (!ret) {
|
367
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
|
368
|
+
goto err;
|
369
|
+
} else if (ret == -1) {
|
370
|
+
return -1;
|
371
|
+
}
|
372
|
+
if (!cst) {
|
373
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_SEQUENCE_NOT_CONSTRUCTED);
|
374
|
+
goto err;
|
375
|
+
}
|
345
376
|
|
346
|
-
|
347
|
-
|
348
|
-
|
349
|
-
|
350
|
-
|
351
|
-
|
352
|
-
|
353
|
-
|
354
|
-
|
355
|
-
|
356
|
-
|
357
|
-
|
358
|
-
|
359
|
-
|
360
|
-
|
361
|
-
|
377
|
+
if (!*pval && !ASN1_item_ex_new(pval, it)) {
|
378
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
|
379
|
+
goto err;
|
380
|
+
}
|
381
|
+
|
382
|
+
const ASN1_AUX *aux = it->funcs;
|
383
|
+
ASN1_aux_cb *asn1_cb = aux != NULL ? aux->asn1_cb : NULL;
|
384
|
+
if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) {
|
385
|
+
goto auxerr;
|
386
|
+
}
|
387
|
+
|
388
|
+
// Free up and zero any ADB found
|
389
|
+
for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
|
390
|
+
if (tt->flags & ASN1_TFLG_ADB_MASK) {
|
391
|
+
const ASN1_TEMPLATE *seqtt;
|
392
|
+
ASN1_VALUE **pseqval;
|
393
|
+
seqtt = asn1_do_adb(pval, tt, 0);
|
394
|
+
if (seqtt == NULL) {
|
395
|
+
continue;
|
396
|
+
}
|
397
|
+
pseqval = asn1_get_field_ptr(pval, seqtt);
|
398
|
+
ASN1_template_free(pseqval, seqtt);
|
399
|
+
}
|
400
|
+
}
|
401
|
+
|
402
|
+
// Get each field entry
|
403
|
+
for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
|
404
|
+
const ASN1_TEMPLATE *seqtt;
|
405
|
+
ASN1_VALUE **pseqval;
|
406
|
+
seqtt = asn1_do_adb(pval, tt, 1);
|
407
|
+
if (seqtt == NULL) {
|
408
|
+
goto err;
|
409
|
+
}
|
410
|
+
pseqval = asn1_get_field_ptr(pval, seqtt);
|
411
|
+
// Have we ran out of data?
|
412
|
+
if (!len) {
|
413
|
+
break;
|
362
414
|
}
|
363
|
-
|
364
|
-
|
365
|
-
|
366
|
-
|
367
|
-
|
368
|
-
|
369
|
-
|
370
|
-
|
371
|
-
|
372
|
-
/* Have we ran out of data? */
|
373
|
-
if (!len)
|
374
|
-
break;
|
375
|
-
q = p;
|
376
|
-
/* TODO(https://crbug.com/boringssl/455): Although we've removed
|
377
|
-
* indefinite-length support, this check is not quite a no-op.
|
378
|
-
* Reject [UNIVERSAL 0] in the tag parsers themselves. */
|
379
|
-
if (asn1_check_eoc(&p, len)) {
|
380
|
-
OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNEXPECTED_EOC);
|
381
|
-
goto err;
|
382
|
-
}
|
383
|
-
/*
|
384
|
-
* This determines the OPTIONAL flag value. The field cannot be
|
385
|
-
* omitted if it is the last of a SEQUENCE and there is still
|
386
|
-
* data to be read. This isn't strictly necessary but it
|
387
|
-
* increases efficiency in some cases.
|
388
|
-
*/
|
389
|
-
if (i == (it->tcount - 1))
|
390
|
-
isopt = 0;
|
391
|
-
else
|
392
|
-
isopt = (char)(seqtt->flags & ASN1_TFLG_OPTIONAL);
|
393
|
-
/*
|
394
|
-
* attempt to read in field, allowing each to be OPTIONAL
|
395
|
-
*/
|
396
|
-
|
397
|
-
ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx,
|
398
|
-
depth);
|
399
|
-
if (!ret) {
|
400
|
-
errtt = seqtt;
|
401
|
-
goto err;
|
402
|
-
} else if (ret == -1) {
|
403
|
-
/*
|
404
|
-
* OPTIONAL component absent. Free and zero the field.
|
405
|
-
*/
|
406
|
-
ASN1_template_free(pseqval, seqtt);
|
407
|
-
continue;
|
408
|
-
}
|
409
|
-
/* Update length */
|
410
|
-
len -= p - q;
|
415
|
+
q = p;
|
416
|
+
// This determines the OPTIONAL flag value. The field cannot be
|
417
|
+
// omitted if it is the last of a SEQUENCE and there is still
|
418
|
+
// data to be read. This isn't strictly necessary but it
|
419
|
+
// increases efficiency in some cases.
|
420
|
+
if (i == (it->tcount - 1)) {
|
421
|
+
isopt = 0;
|
422
|
+
} else {
|
423
|
+
isopt = (seqtt->flags & ASN1_TFLG_OPTIONAL) != 0;
|
411
424
|
}
|
425
|
+
// attempt to read in field, allowing each to be OPTIONAL
|
412
426
|
|
413
|
-
|
414
|
-
if (
|
415
|
-
|
416
|
-
|
417
|
-
}
|
427
|
+
ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, buf, depth);
|
428
|
+
if (!ret) {
|
429
|
+
errtt = seqtt;
|
430
|
+
goto err;
|
431
|
+
} else if (ret == -1) {
|
432
|
+
// OPTIONAL component absent. Free and zero the field.
|
433
|
+
ASN1_template_free(pseqval, seqtt);
|
434
|
+
continue;
|
435
|
+
}
|
436
|
+
// Update length
|
437
|
+
len -= p - q;
|
438
|
+
}
|
418
439
|
|
419
|
-
|
420
|
-
|
421
|
-
|
422
|
-
|
423
|
-
|
424
|
-
|
425
|
-
|
426
|
-
|
427
|
-
|
428
|
-
|
429
|
-
|
430
|
-
|
431
|
-
|
432
|
-
|
433
|
-
|
434
|
-
|
435
|
-
|
436
|
-
|
437
|
-
|
438
|
-
}
|
439
|
-
|
440
|
-
|
441
|
-
|
442
|
-
|
443
|
-
|
444
|
-
|
445
|
-
|
440
|
+
// Check all data read
|
441
|
+
if (len) {
|
442
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_SEQUENCE_LENGTH_MISMATCH);
|
443
|
+
goto err;
|
444
|
+
}
|
445
|
+
|
446
|
+
// If we get here we've got no more data in the SEQUENCE, however we
|
447
|
+
// may not have read all fields so check all remaining are OPTIONAL
|
448
|
+
// and clear any that are.
|
449
|
+
for (; i < it->tcount; tt++, i++) {
|
450
|
+
const ASN1_TEMPLATE *seqtt;
|
451
|
+
seqtt = asn1_do_adb(pval, tt, 1);
|
452
|
+
if (seqtt == NULL) {
|
453
|
+
goto err;
|
454
|
+
}
|
455
|
+
if (seqtt->flags & ASN1_TFLG_OPTIONAL) {
|
456
|
+
ASN1_VALUE **pseqval;
|
457
|
+
pseqval = asn1_get_field_ptr(pval, seqtt);
|
458
|
+
ASN1_template_free(pseqval, seqtt);
|
459
|
+
} else {
|
460
|
+
errtt = seqtt;
|
461
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_FIELD_MISSING);
|
462
|
+
goto err;
|
463
|
+
}
|
464
|
+
}
|
465
|
+
// Save encoding
|
466
|
+
if (!asn1_enc_save(pval, *in, p - *in, it, buf)) {
|
467
|
+
goto auxerr;
|
468
|
+
}
|
469
|
+
if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL)) {
|
470
|
+
goto auxerr;
|
471
|
+
}
|
472
|
+
*in = p;
|
473
|
+
return 1;
|
446
474
|
}
|
447
475
|
|
448
476
|
default:
|
449
|
-
|
450
|
-
|
451
|
-
|
452
|
-
|
453
|
-
|
454
|
-
|
455
|
-
|
456
|
-
|
457
|
-
|
458
|
-
|
459
|
-
|
460
|
-
|
461
|
-
return 0;
|
477
|
+
return 0;
|
478
|
+
}
|
479
|
+
auxerr:
|
480
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_AUX_ERROR);
|
481
|
+
err:
|
482
|
+
ASN1_item_ex_free(pval, it);
|
483
|
+
if (errtt) {
|
484
|
+
ERR_add_error_data(4, "Field=", errtt->field_name, ", Type=", it->sname);
|
485
|
+
} else {
|
486
|
+
ERR_add_error_data(2, "Type=", it->sname);
|
487
|
+
}
|
488
|
+
return 0;
|
462
489
|
}
|
463
490
|
|
464
491
|
int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
|
465
|
-
const ASN1_ITEM *it,
|
466
|
-
|
467
|
-
|
468
|
-
|
492
|
+
const ASN1_ITEM *it, int tag, int aclass, char opt,
|
493
|
+
CRYPTO_BUFFER *buf) {
|
494
|
+
return asn1_item_ex_d2i(pval, in, len, it, tag, aclass, opt, buf,
|
495
|
+
/*depth=*/0);
|
469
496
|
}
|
470
497
|
|
471
|
-
|
472
|
-
|
473
|
-
|
474
|
-
|
475
|
-
|
476
|
-
|
477
|
-
|
478
|
-
|
479
|
-
|
480
|
-
|
481
|
-
|
482
|
-
|
483
|
-
|
484
|
-
|
485
|
-
|
486
|
-
return 0;
|
487
|
-
flags = tt->flags;
|
488
|
-
aclass = flags & ASN1_TFLG_TAG_CLASS;
|
498
|
+
// Templates are handled with two separate functions. One handles any
|
499
|
+
// EXPLICIT tag and the other handles the rest.
|
500
|
+
|
501
|
+
static int asn1_template_ex_d2i(ASN1_VALUE **val, const unsigned char **in,
|
502
|
+
long inlen, const ASN1_TEMPLATE *tt, char opt,
|
503
|
+
CRYPTO_BUFFER *buf, int depth) {
|
504
|
+
int aclass;
|
505
|
+
int ret;
|
506
|
+
long len;
|
507
|
+
const unsigned char *p, *q;
|
508
|
+
if (!val) {
|
509
|
+
return 0;
|
510
|
+
}
|
511
|
+
uint32_t flags = tt->flags;
|
512
|
+
aclass = flags & ASN1_TFLG_TAG_CLASS;
|
489
513
|
|
490
|
-
|
514
|
+
p = *in;
|
491
515
|
|
492
|
-
|
493
|
-
|
494
|
-
|
495
|
-
|
496
|
-
|
497
|
-
|
498
|
-
|
499
|
-
|
500
|
-
|
501
|
-
|
502
|
-
|
503
|
-
|
504
|
-
|
505
|
-
|
506
|
-
|
507
|
-
|
508
|
-
|
509
|
-
|
510
|
-
|
511
|
-
|
512
|
-
|
513
|
-
|
514
|
-
|
515
|
-
|
516
|
-
|
517
|
-
|
518
|
-
|
519
|
-
|
520
|
-
|
521
|
-
|
522
|
-
|
523
|
-
|
524
|
-
|
525
|
-
|
516
|
+
// Check if EXPLICIT tag expected
|
517
|
+
if (flags & ASN1_TFLG_EXPTAG) {
|
518
|
+
char cst;
|
519
|
+
// Need to work out amount of data available to the inner content and
|
520
|
+
// where it starts: so read in EXPLICIT header to get the info.
|
521
|
+
ret = asn1_check_tlen(&len, NULL, NULL, &cst, &p, inlen, tt->tag, aclass,
|
522
|
+
opt);
|
523
|
+
q = p;
|
524
|
+
if (!ret) {
|
525
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
|
526
|
+
return 0;
|
527
|
+
} else if (ret == -1) {
|
528
|
+
return -1;
|
529
|
+
}
|
530
|
+
if (!cst) {
|
531
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED);
|
532
|
+
return 0;
|
533
|
+
}
|
534
|
+
// We've found the field so it can't be OPTIONAL now
|
535
|
+
ret = asn1_template_noexp_d2i(val, &p, len, tt, /*opt=*/0, buf, depth);
|
536
|
+
if (!ret) {
|
537
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
|
538
|
+
return 0;
|
539
|
+
}
|
540
|
+
// We read the field in OK so update length
|
541
|
+
len -= p - q;
|
542
|
+
// Check for trailing data.
|
543
|
+
if (len) {
|
544
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_EXPLICIT_LENGTH_MISMATCH);
|
545
|
+
goto err;
|
546
|
+
}
|
547
|
+
} else {
|
548
|
+
return asn1_template_noexp_d2i(val, in, inlen, tt, opt, buf, depth);
|
549
|
+
}
|
526
550
|
|
527
|
-
|
528
|
-
|
551
|
+
*in = p;
|
552
|
+
return 1;
|
529
553
|
|
530
|
-
|
531
|
-
|
532
|
-
|
554
|
+
err:
|
555
|
+
ASN1_template_free(val, tt);
|
556
|
+
return 0;
|
533
557
|
}
|
534
558
|
|
535
|
-
static int asn1_template_noexp_d2i(ASN1_VALUE **val,
|
536
|
-
const
|
537
|
-
|
538
|
-
|
539
|
-
|
540
|
-
|
541
|
-
|
542
|
-
|
543
|
-
|
544
|
-
|
545
|
-
|
546
|
-
|
547
|
-
|
548
|
-
|
549
|
-
|
550
|
-
|
551
|
-
|
552
|
-
|
553
|
-
|
554
|
-
|
555
|
-
|
556
|
-
|
557
|
-
|
558
|
-
|
559
|
-
|
560
|
-
|
561
|
-
|
562
|
-
|
563
|
-
|
564
|
-
|
565
|
-
|
566
|
-
|
567
|
-
|
568
|
-
|
569
|
-
|
570
|
-
|
571
|
-
|
572
|
-
|
573
|
-
|
574
|
-
|
575
|
-
|
576
|
-
|
577
|
-
|
578
|
-
|
579
|
-
|
580
|
-
|
581
|
-
|
582
|
-
|
583
|
-
|
584
|
-
}
|
559
|
+
static int asn1_template_noexp_d2i(ASN1_VALUE **val, const unsigned char **in,
|
560
|
+
long len, const ASN1_TEMPLATE *tt, char opt,
|
561
|
+
CRYPTO_BUFFER *buf, int depth) {
|
562
|
+
int aclass;
|
563
|
+
int ret;
|
564
|
+
const unsigned char *p;
|
565
|
+
if (!val) {
|
566
|
+
return 0;
|
567
|
+
}
|
568
|
+
uint32_t flags = tt->flags;
|
569
|
+
aclass = flags & ASN1_TFLG_TAG_CLASS;
|
570
|
+
|
571
|
+
p = *in;
|
572
|
+
|
573
|
+
if (flags & ASN1_TFLG_SK_MASK) {
|
574
|
+
// SET OF, SEQUENCE OF
|
575
|
+
int sktag, skaclass;
|
576
|
+
// First work out expected inner tag value
|
577
|
+
if (flags & ASN1_TFLG_IMPTAG) {
|
578
|
+
sktag = tt->tag;
|
579
|
+
skaclass = aclass;
|
580
|
+
} else {
|
581
|
+
skaclass = V_ASN1_UNIVERSAL;
|
582
|
+
if (flags & ASN1_TFLG_SET_OF) {
|
583
|
+
sktag = V_ASN1_SET;
|
584
|
+
} else {
|
585
|
+
sktag = V_ASN1_SEQUENCE;
|
586
|
+
}
|
587
|
+
}
|
588
|
+
// Get the tag
|
589
|
+
ret =
|
590
|
+
asn1_check_tlen(&len, NULL, NULL, NULL, &p, len, sktag, skaclass, opt);
|
591
|
+
if (!ret) {
|
592
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
|
593
|
+
return 0;
|
594
|
+
} else if (ret == -1) {
|
595
|
+
return -1;
|
596
|
+
}
|
597
|
+
if (!*val) {
|
598
|
+
*val = (ASN1_VALUE *)sk_ASN1_VALUE_new_null();
|
599
|
+
} else {
|
600
|
+
// We've got a valid STACK: free up any items present
|
601
|
+
STACK_OF(ASN1_VALUE) *sktmp = (STACK_OF(ASN1_VALUE) *)*val;
|
602
|
+
ASN1_VALUE *vtmp;
|
603
|
+
while (sk_ASN1_VALUE_num(sktmp) > 0) {
|
604
|
+
vtmp = sk_ASN1_VALUE_pop(sktmp);
|
605
|
+
ASN1_item_ex_free(&vtmp, ASN1_ITEM_ptr(tt->item));
|
606
|
+
}
|
607
|
+
}
|
585
608
|
|
586
|
-
|
587
|
-
|
588
|
-
|
589
|
-
}
|
609
|
+
if (!*val) {
|
610
|
+
goto err;
|
611
|
+
}
|
590
612
|
|
591
|
-
|
592
|
-
|
593
|
-
|
594
|
-
|
595
|
-
|
596
|
-
|
597
|
-
|
598
|
-
|
599
|
-
|
600
|
-
|
601
|
-
|
602
|
-
|
603
|
-
|
604
|
-
|
605
|
-
|
606
|
-
|
607
|
-
|
608
|
-
|
609
|
-
|
610
|
-
|
611
|
-
|
612
|
-
|
613
|
-
|
614
|
-
|
615
|
-
|
616
|
-
|
617
|
-
|
618
|
-
|
619
|
-
|
620
|
-
|
621
|
-
|
622
|
-
|
623
|
-
|
624
|
-
} else {
|
625
|
-
|
626
|
-
ret = asn1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
|
627
|
-
-1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx,
|
628
|
-
depth);
|
629
|
-
if (!ret) {
|
630
|
-
OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
|
631
|
-
goto err;
|
632
|
-
} else if (ret == -1)
|
633
|
-
return -1;
|
613
|
+
// Read as many items as we can
|
614
|
+
while (len > 0) {
|
615
|
+
ASN1_VALUE *skfield;
|
616
|
+
const unsigned char *q = p;
|
617
|
+
skfield = NULL;
|
618
|
+
if (!asn1_item_ex_d2i(&skfield, &p, len, ASN1_ITEM_ptr(tt->item),
|
619
|
+
/*tag=*/-1, /*aclass=*/0, /*opt=*/0, buf, depth)) {
|
620
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
|
621
|
+
goto err;
|
622
|
+
}
|
623
|
+
len -= p - q;
|
624
|
+
if (!sk_ASN1_VALUE_push((STACK_OF(ASN1_VALUE) *)*val, skfield)) {
|
625
|
+
ASN1_item_ex_free(&skfield, ASN1_ITEM_ptr(tt->item));
|
626
|
+
goto err;
|
627
|
+
}
|
628
|
+
}
|
629
|
+
} else if (flags & ASN1_TFLG_IMPTAG) {
|
630
|
+
// IMPLICIT tagging
|
631
|
+
ret = asn1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), tt->tag,
|
632
|
+
aclass, opt, buf, depth);
|
633
|
+
if (!ret) {
|
634
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
|
635
|
+
goto err;
|
636
|
+
} else if (ret == -1) {
|
637
|
+
return -1;
|
638
|
+
}
|
639
|
+
} else {
|
640
|
+
// Nothing special
|
641
|
+
ret = asn1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), /*tag=*/-1,
|
642
|
+
/*aclass=*/0, opt, buf, depth);
|
643
|
+
if (!ret) {
|
644
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
|
645
|
+
goto err;
|
646
|
+
} else if (ret == -1) {
|
647
|
+
return -1;
|
634
648
|
}
|
649
|
+
}
|
635
650
|
|
636
|
-
|
637
|
-
|
651
|
+
*in = p;
|
652
|
+
return 1;
|
638
653
|
|
639
|
-
|
640
|
-
|
641
|
-
|
654
|
+
err:
|
655
|
+
ASN1_template_free(val, tt);
|
656
|
+
return 0;
|
642
657
|
}
|
643
658
|
|
644
|
-
static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
|
645
|
-
const
|
646
|
-
|
647
|
-
|
648
|
-
|
649
|
-
|
650
|
-
|
651
|
-
|
652
|
-
|
653
|
-
|
654
|
-
|
655
|
-
|
656
|
-
|
657
|
-
|
658
|
-
|
659
|
-
|
660
|
-
|
661
|
-
|
662
|
-
|
663
|
-
|
664
|
-
|
665
|
-
|
666
|
-
|
667
|
-
|
668
|
-
|
669
|
-
|
670
|
-
|
671
|
-
return 0;
|
672
|
-
}
|
673
|
-
if (opt) {
|
674
|
-
OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_OPTIONAL_ANY);
|
675
|
-
return 0;
|
676
|
-
}
|
677
|
-
p = *in;
|
678
|
-
ret = asn1_check_tlen(NULL, &utype, &oclass, NULL,
|
679
|
-
&p, inlen, -1, 0, 0, ctx);
|
680
|
-
if (!ret) {
|
681
|
-
OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
|
682
|
-
return 0;
|
683
|
-
}
|
684
|
-
if (oclass != V_ASN1_UNIVERSAL)
|
685
|
-
utype = V_ASN1_OTHER;
|
659
|
+
static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, const unsigned char **in,
|
660
|
+
long inlen, const ASN1_ITEM *it, int tag,
|
661
|
+
int aclass, char opt) {
|
662
|
+
int ret = 0, utype;
|
663
|
+
long plen;
|
664
|
+
char cst;
|
665
|
+
const unsigned char *p;
|
666
|
+
const unsigned char *cont = NULL;
|
667
|
+
long len;
|
668
|
+
if (!pval) {
|
669
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_NULL);
|
670
|
+
return 0; // Should never happen
|
671
|
+
}
|
672
|
+
|
673
|
+
if (it->itype == ASN1_ITYPE_MSTRING) {
|
674
|
+
utype = tag;
|
675
|
+
tag = -1;
|
676
|
+
} else {
|
677
|
+
utype = it->utype;
|
678
|
+
}
|
679
|
+
|
680
|
+
if (utype == V_ASN1_ANY) {
|
681
|
+
// If type is ANY need to figure out type from tag
|
682
|
+
unsigned char oclass;
|
683
|
+
if (tag >= 0) {
|
684
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_TAGGED_ANY);
|
685
|
+
return 0;
|
686
686
|
}
|
687
|
-
if (
|
688
|
-
|
689
|
-
|
687
|
+
if (opt) {
|
688
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_OPTIONAL_ANY);
|
689
|
+
return 0;
|
690
690
|
}
|
691
691
|
p = *in;
|
692
|
-
|
693
|
-
ret = asn1_check_tlen(&plen, NULL, NULL, &cst,
|
694
|
-
&p, inlen, tag, aclass, opt, ctx);
|
692
|
+
ret = asn1_check_tlen(NULL, &utype, &oclass, NULL, &p, inlen, -1, 0, 0);
|
695
693
|
if (!ret) {
|
696
|
-
|
697
|
-
|
698
|
-
}
|
699
|
-
|
700
|
-
|
701
|
-
|
702
|
-
|
703
|
-
|
704
|
-
|
705
|
-
|
706
|
-
|
707
|
-
|
708
|
-
|
709
|
-
|
710
|
-
|
711
|
-
|
712
|
-
|
713
|
-
|
714
|
-
|
715
|
-
|
716
|
-
|
717
|
-
|
718
|
-
|
719
|
-
|
720
|
-
|
721
|
-
|
722
|
-
|
723
|
-
|
724
|
-
OPENSSL_PUT_ERROR(ASN1, ASN1_R_TYPE_NOT_PRIMITIVE);
|
725
|
-
return 0;
|
726
|
-
} else {
|
727
|
-
cont = p;
|
728
|
-
len = plen;
|
729
|
-
p += plen;
|
694
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
|
695
|
+
return 0;
|
696
|
+
}
|
697
|
+
if (!is_supported_universal_type(utype, oclass)) {
|
698
|
+
utype = V_ASN1_OTHER;
|
699
|
+
}
|
700
|
+
}
|
701
|
+
if (tag == -1) {
|
702
|
+
tag = utype;
|
703
|
+
aclass = V_ASN1_UNIVERSAL;
|
704
|
+
}
|
705
|
+
p = *in;
|
706
|
+
// Check header
|
707
|
+
ret = asn1_check_tlen(&plen, NULL, NULL, &cst, &p, inlen, tag, aclass, opt);
|
708
|
+
if (!ret) {
|
709
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
|
710
|
+
return 0;
|
711
|
+
} else if (ret == -1) {
|
712
|
+
return -1;
|
713
|
+
}
|
714
|
+
ret = 0;
|
715
|
+
// SEQUENCE, SET and "OTHER" are left in encoded form
|
716
|
+
if ((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) ||
|
717
|
+
(utype == V_ASN1_OTHER)) {
|
718
|
+
// SEQUENCE and SET must be constructed
|
719
|
+
if (utype != V_ASN1_OTHER && !cst) {
|
720
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_TYPE_NOT_CONSTRUCTED);
|
721
|
+
return 0;
|
730
722
|
}
|
731
723
|
|
732
|
-
|
733
|
-
|
734
|
-
|
735
|
-
|
736
|
-
|
737
|
-
|
738
|
-
|
739
|
-
|
724
|
+
cont = *in;
|
725
|
+
len = p - cont + plen;
|
726
|
+
p += plen;
|
727
|
+
} else if (cst) {
|
728
|
+
// This parser historically supported BER constructed strings. We no
|
729
|
+
// longer do and will gradually tighten this parser into a DER
|
730
|
+
// parser. BER types should use |CBS_asn1_ber_to_der|.
|
731
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_TYPE_NOT_PRIMITIVE);
|
732
|
+
return 0;
|
733
|
+
} else {
|
734
|
+
cont = p;
|
735
|
+
len = plen;
|
736
|
+
p += plen;
|
737
|
+
}
|
738
|
+
|
739
|
+
// We now have content length and type: translate into a structure
|
740
|
+
if (!asn1_ex_c2i(pval, cont, len, utype, it)) {
|
741
|
+
goto err;
|
742
|
+
}
|
743
|
+
|
744
|
+
*in = p;
|
745
|
+
ret = 1;
|
746
|
+
err:
|
747
|
+
return ret;
|
740
748
|
}
|
741
749
|
|
742
|
-
|
750
|
+
// Translate ASN1 content octets into a structure
|
743
751
|
|
744
752
|
static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
|
745
|
-
int utype, const ASN1_ITEM *it)
|
746
|
-
|
747
|
-
|
748
|
-
|
749
|
-
|
750
|
-
|
751
|
-
|
752
|
-
|
753
|
-
|
754
|
-
|
755
|
-
|
756
|
-
|
757
|
-
|
758
|
-
if (
|
759
|
-
|
760
|
-
|
761
|
-
|
762
|
-
|
763
|
-
|
764
|
-
|
765
|
-
|
766
|
-
|
767
|
-
if (utype != typ->type)
|
768
|
-
ASN1_TYPE_set(typ, utype, NULL);
|
769
|
-
opval = pval;
|
770
|
-
pval = &typ->value.asn1_value;
|
753
|
+
int utype, const ASN1_ITEM *it) {
|
754
|
+
ASN1_VALUE **opval = NULL;
|
755
|
+
ASN1_STRING *stmp;
|
756
|
+
ASN1_TYPE *typ = NULL;
|
757
|
+
int ret = 0;
|
758
|
+
ASN1_INTEGER **tint;
|
759
|
+
|
760
|
+
// Historically, |it->funcs| for primitive types contained an
|
761
|
+
// |ASN1_PRIMITIVE_FUNCS| table of callbacks.
|
762
|
+
assert(it->funcs == NULL);
|
763
|
+
|
764
|
+
// If ANY type clear type and set pointer to internal value
|
765
|
+
if (it->utype == V_ASN1_ANY) {
|
766
|
+
if (!*pval) {
|
767
|
+
typ = ASN1_TYPE_new();
|
768
|
+
if (typ == NULL) {
|
769
|
+
goto err;
|
770
|
+
}
|
771
|
+
*pval = (ASN1_VALUE *)typ;
|
772
|
+
} else {
|
773
|
+
typ = (ASN1_TYPE *)*pval;
|
771
774
|
}
|
772
|
-
|
775
|
+
|
776
|
+
if (utype != typ->type) {
|
777
|
+
ASN1_TYPE_set(typ, utype, NULL);
|
778
|
+
}
|
779
|
+
opval = pval;
|
780
|
+
pval = &typ->value.asn1_value;
|
781
|
+
}
|
782
|
+
switch (utype) {
|
773
783
|
case V_ASN1_OBJECT:
|
774
|
-
|
775
|
-
|
776
|
-
|
784
|
+
if (!c2i_ASN1_OBJECT((ASN1_OBJECT **)pval, &cont, len)) {
|
785
|
+
goto err;
|
786
|
+
}
|
787
|
+
break;
|
777
788
|
|
778
789
|
case V_ASN1_NULL:
|
779
|
-
|
780
|
-
|
781
|
-
|
782
|
-
|
783
|
-
|
784
|
-
|
790
|
+
if (len) {
|
791
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_NULL_IS_WRONG_LENGTH);
|
792
|
+
goto err;
|
793
|
+
}
|
794
|
+
*pval = (ASN1_VALUE *)1;
|
795
|
+
break;
|
785
796
|
|
786
797
|
case V_ASN1_BOOLEAN:
|
787
|
-
|
788
|
-
|
789
|
-
|
790
|
-
|
791
|
-
|
792
|
-
|
793
|
-
|
794
|
-
|
795
|
-
|
798
|
+
if (len != 1) {
|
799
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_BOOLEAN_IS_WRONG_LENGTH);
|
800
|
+
goto err;
|
801
|
+
} else {
|
802
|
+
ASN1_BOOLEAN *tbool;
|
803
|
+
tbool = (ASN1_BOOLEAN *)pval;
|
804
|
+
*tbool = *cont;
|
805
|
+
}
|
806
|
+
break;
|
796
807
|
|
797
808
|
case V_ASN1_BIT_STRING:
|
798
|
-
|
799
|
-
|
800
|
-
|
809
|
+
if (!c2i_ASN1_BIT_STRING((ASN1_BIT_STRING **)pval, &cont, len)) {
|
810
|
+
goto err;
|
811
|
+
}
|
812
|
+
break;
|
801
813
|
|
802
814
|
case V_ASN1_INTEGER:
|
803
815
|
case V_ASN1_ENUMERATED:
|
804
|
-
|
805
|
-
|
806
|
-
|
807
|
-
|
808
|
-
|
809
|
-
|
816
|
+
tint = (ASN1_INTEGER **)pval;
|
817
|
+
if (!c2i_ASN1_INTEGER(tint, &cont, len)) {
|
818
|
+
goto err;
|
819
|
+
}
|
820
|
+
// Fixup type to match the expected form
|
821
|
+
(*tint)->type = utype | ((*tint)->type & V_ASN1_NEG);
|
822
|
+
break;
|
810
823
|
|
811
824
|
case V_ASN1_OCTET_STRING:
|
812
825
|
case V_ASN1_NUMERICSTRING:
|
@@ -824,146 +837,133 @@ static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
|
|
824
837
|
case V_ASN1_UTF8STRING:
|
825
838
|
case V_ASN1_OTHER:
|
826
839
|
case V_ASN1_SET:
|
827
|
-
case V_ASN1_SEQUENCE:
|
828
|
-
|
829
|
-
|
830
|
-
|
840
|
+
case V_ASN1_SEQUENCE: {
|
841
|
+
CBS cbs;
|
842
|
+
CBS_init(&cbs, cont, (size_t)len);
|
843
|
+
if (utype == V_ASN1_BMPSTRING) {
|
844
|
+
while (CBS_len(&cbs) != 0) {
|
845
|
+
uint32_t c;
|
846
|
+
if (!cbs_get_ucs2_be(&cbs, &c)) {
|
847
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_BMPSTRING);
|
831
848
|
goto err;
|
832
|
-
|
833
|
-
|
834
|
-
|
849
|
+
}
|
850
|
+
}
|
851
|
+
}
|
852
|
+
if (utype == V_ASN1_UNIVERSALSTRING) {
|
853
|
+
while (CBS_len(&cbs) != 0) {
|
854
|
+
uint32_t c;
|
855
|
+
if (!cbs_get_utf32_be(&cbs, &c)) {
|
856
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_UNIVERSALSTRING);
|
835
857
|
goto err;
|
836
|
-
|
837
|
-
|
838
|
-
|
839
|
-
|
840
|
-
|
841
|
-
|
842
|
-
|
843
|
-
|
844
|
-
*pval = (ASN1_VALUE *)stmp;
|
845
|
-
} else {
|
846
|
-
stmp = (ASN1_STRING *)*pval;
|
847
|
-
stmp->type = utype;
|
848
|
-
}
|
849
|
-
if (!ASN1_STRING_set(stmp, cont, len)) {
|
850
|
-
OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
|
851
|
-
ASN1_STRING_free(stmp);
|
852
|
-
*pval = NULL;
|
858
|
+
}
|
859
|
+
}
|
860
|
+
}
|
861
|
+
if (utype == V_ASN1_UTF8STRING) {
|
862
|
+
while (CBS_len(&cbs) != 0) {
|
863
|
+
uint32_t c;
|
864
|
+
if (!cbs_get_utf8(&cbs, &c)) {
|
865
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_UTF8STRING);
|
853
866
|
goto err;
|
854
|
-
|
855
|
-
|
856
|
-
|
857
|
-
|
858
|
-
|
859
|
-
|
860
|
-
|
861
|
-
|
862
|
-
|
863
|
-
|
864
|
-
|
865
|
-
|
866
|
-
|
867
|
+
}
|
868
|
+
}
|
869
|
+
}
|
870
|
+
if (utype == V_ASN1_UTCTIME) {
|
871
|
+
if (!CBS_parse_utc_time(&cbs, NULL, /*allow_timezone_offset=*/1)) {
|
872
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_TIME_FORMAT);
|
873
|
+
goto err;
|
874
|
+
}
|
875
|
+
}
|
876
|
+
if (utype == V_ASN1_GENERALIZEDTIME) {
|
877
|
+
if (!CBS_parse_generalized_time(&cbs, NULL,
|
878
|
+
/*allow_timezone_offset=*/0)) {
|
879
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_TIME_FORMAT);
|
880
|
+
goto err;
|
881
|
+
}
|
882
|
+
}
|
883
|
+
// TODO(https://crbug.com/boringssl/427): Check other string types.
|
884
|
+
|
885
|
+
// All based on ASN1_STRING and handled the same
|
886
|
+
if (!*pval) {
|
887
|
+
stmp = ASN1_STRING_type_new(utype);
|
888
|
+
if (!stmp) {
|
889
|
+
goto err;
|
890
|
+
}
|
891
|
+
*pval = (ASN1_VALUE *)stmp;
|
892
|
+
} else {
|
893
|
+
stmp = (ASN1_STRING *)*pval;
|
894
|
+
stmp->type = utype;
|
895
|
+
}
|
896
|
+
if (!ASN1_STRING_set(stmp, cont, len)) {
|
897
|
+
ASN1_STRING_free(stmp);
|
898
|
+
*pval = NULL;
|
899
|
+
goto err;
|
900
|
+
}
|
901
|
+
break;
|
867
902
|
}
|
868
|
-
|
869
|
-
|
870
|
-
|
871
|
-
|
872
|
-
|
873
|
-
|
874
|
-
|
875
|
-
|
876
|
-
|
877
|
-
|
878
|
-
|
879
|
-
|
880
|
-
|
881
|
-
|
903
|
+
default:
|
904
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_BAD_TEMPLATE);
|
905
|
+
goto err;
|
906
|
+
}
|
907
|
+
// If ASN1_ANY and NULL type fix up value
|
908
|
+
if (typ && (utype == V_ASN1_NULL)) {
|
909
|
+
typ->value.ptr = NULL;
|
910
|
+
}
|
911
|
+
|
912
|
+
ret = 1;
|
913
|
+
err:
|
914
|
+
if (!ret) {
|
915
|
+
ASN1_TYPE_free(typ);
|
916
|
+
if (opval) {
|
917
|
+
*opval = NULL;
|
882
918
|
}
|
883
|
-
|
919
|
+
}
|
920
|
+
return ret;
|
884
921
|
}
|
885
922
|
|
886
|
-
|
887
|
-
|
888
|
-
* the ASN1_TLC cache and checks the expected tag.
|
889
|
-
*/
|
923
|
+
// Check an ASN1 tag and length: a bit like ASN1_get_object but it
|
924
|
+
// checks the expected tag.
|
890
925
|
|
891
926
|
static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,
|
892
927
|
char *cst, const unsigned char **in, long len,
|
893
|
-
int exptag, int expclass, char opt
|
894
|
-
|
895
|
-
|
896
|
-
|
897
|
-
|
898
|
-
|
899
|
-
|
900
|
-
|
901
|
-
|
902
|
-
|
903
|
-
|
904
|
-
|
905
|
-
|
906
|
-
|
907
|
-
|
908
|
-
|
909
|
-
|
910
|
-
|
911
|
-
|
912
|
-
|
913
|
-
ctx->pclass = pclass;
|
914
|
-
ctx->ptag = ptag;
|
915
|
-
ctx->hdrlen = p - q;
|
916
|
-
ctx->valid = 1;
|
917
|
-
/*
|
918
|
-
* If no error, length + header can't exceed total amount of data
|
919
|
-
* available.
|
920
|
-
*
|
921
|
-
* TODO(davidben): Is this check necessary? |ASN1_get_object|
|
922
|
-
* should already guarantee this.
|
923
|
-
*/
|
924
|
-
if (!(i & 0x80) && ((plen + ctx->hdrlen) > len)) {
|
925
|
-
OPENSSL_PUT_ERROR(ASN1, ASN1_R_TOO_LONG);
|
926
|
-
asn1_tlc_clear(ctx);
|
927
|
-
return 0;
|
928
|
-
}
|
929
|
-
}
|
930
|
-
}
|
931
|
-
|
932
|
-
if (i & 0x80) {
|
933
|
-
OPENSSL_PUT_ERROR(ASN1, ASN1_R_BAD_OBJECT_HEADER);
|
934
|
-
asn1_tlc_clear(ctx);
|
935
|
-
return 0;
|
936
|
-
}
|
937
|
-
if (exptag >= 0) {
|
938
|
-
if ((exptag != ptag) || (expclass != pclass)) {
|
939
|
-
/*
|
940
|
-
* If type is OPTIONAL, not an error: indicate missing type.
|
941
|
-
*/
|
942
|
-
if (opt)
|
943
|
-
return -1;
|
944
|
-
asn1_tlc_clear(ctx);
|
945
|
-
OPENSSL_PUT_ERROR(ASN1, ASN1_R_WRONG_TAG);
|
946
|
-
return 0;
|
947
|
-
}
|
948
|
-
/*
|
949
|
-
* We have a tag and class match: assume we are going to do something
|
950
|
-
* with it
|
951
|
-
*/
|
952
|
-
asn1_tlc_clear(ctx);
|
928
|
+
int exptag, int expclass, char opt) {
|
929
|
+
int i;
|
930
|
+
int ptag, pclass;
|
931
|
+
long plen;
|
932
|
+
const unsigned char *p;
|
933
|
+
p = *in;
|
934
|
+
|
935
|
+
i = ASN1_get_object(&p, &plen, &ptag, &pclass, len);
|
936
|
+
if (i & 0x80) {
|
937
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_BAD_OBJECT_HEADER);
|
938
|
+
return 0;
|
939
|
+
}
|
940
|
+
if (exptag >= 0) {
|
941
|
+
if ((exptag != ptag) || (expclass != pclass)) {
|
942
|
+
// If type is OPTIONAL, not an error: indicate missing type.
|
943
|
+
if (opt) {
|
944
|
+
return -1;
|
945
|
+
}
|
946
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_WRONG_TAG);
|
947
|
+
return 0;
|
953
948
|
}
|
949
|
+
}
|
954
950
|
|
955
|
-
|
956
|
-
|
951
|
+
if (cst) {
|
952
|
+
*cst = i & V_ASN1_CONSTRUCTED;
|
953
|
+
}
|
957
954
|
|
958
|
-
|
959
|
-
|
955
|
+
if (olen) {
|
956
|
+
*olen = plen;
|
957
|
+
}
|
960
958
|
|
961
|
-
|
962
|
-
|
959
|
+
if (oclass) {
|
960
|
+
*oclass = pclass;
|
961
|
+
}
|
963
962
|
|
964
|
-
|
965
|
-
|
963
|
+
if (otag) {
|
964
|
+
*otag = ptag;
|
965
|
+
}
|
966
966
|
|
967
|
-
|
968
|
-
|
967
|
+
*in = p;
|
968
|
+
return 1;
|
969
969
|
}
|