grpc 1.53.2 → 1.54.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +78 -66
- data/include/grpc/event_engine/event_engine.h +30 -14
- data/include/grpc/grpc_security.h +4 -0
- data/include/grpc/support/port_platform.h +4 -4
- data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +11 -0
- data/src/core/ext/filters/client_channel/backend_metric.cc +6 -0
- data/src/core/ext/filters/client_channel/backup_poller.cc +2 -11
- data/src/core/ext/filters/client_channel/backup_poller.h +0 -3
- data/src/core/ext/filters/client_channel/client_channel.cc +848 -813
- data/src/core/ext/filters/client_channel/client_channel.h +131 -173
- data/src/core/ext/filters/client_channel/client_channel_internal.h +114 -0
- data/src/core/ext/filters/client_channel/config_selector.h +4 -3
- data/src/core/ext/filters/client_channel/lb_policy/backend_metric_data.h +6 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +17 -18
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +134 -151
- data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +2 -16
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +14 -10
- data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/weighted_round_robin.cc +68 -30
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +11 -3
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +8 -1
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +2 -5
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +30 -38
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +4 -4
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +20 -26
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +31 -179
- data/src/core/ext/filters/client_channel/resolver/polling_resolver.cc +1 -2
- data/src/core/ext/filters/client_channel/resolver/polling_resolver.h +1 -2
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +4 -2
- data/src/core/ext/filters/client_channel/retry_filter.cc +95 -102
- data/src/core/ext/filters/client_channel/subchannel.cc +2 -4
- data/src/core/ext/filters/client_channel/subchannel_stream_client.cc +26 -27
- data/src/core/ext/filters/client_channel/subchannel_stream_client.h +8 -5
- data/src/core/ext/filters/http/client/http_client_filter.cc +3 -3
- data/src/core/ext/filters/http/http_filters_plugin.cc +1 -12
- data/src/core/ext/filters/http/message_compress/compression_filter.cc +27 -11
- data/src/core/ext/filters/message_size/message_size_filter.cc +141 -224
- data/src/core/ext/filters/message_size/message_size_filter.h +48 -3
- data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +7 -6
- data/src/core/ext/gcp/metadata_query.cc +142 -0
- data/src/core/ext/gcp/metadata_query.h +82 -0
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +70 -55
- data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +8 -12
- data/src/core/ext/transport/chttp2/transport/bin_encoder.h +1 -5
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +116 -58
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +5 -2
- data/src/core/ext/transport/chttp2/transport/flow_control.h +2 -1
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +4 -1
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +222 -118
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +113 -295
- data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc +0 -2
- data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.h +0 -2
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +277 -451
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +1 -3
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +12 -14
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +1 -9
- data/src/core/ext/transport/chttp2/transport/internal.h +16 -3
- data/src/core/ext/transport/chttp2/transport/parsing.cc +3 -2
- data/src/core/ext/transport/chttp2/transport/writing.cc +10 -5
- data/src/core/ext/transport/inproc/inproc_transport.cc +20 -14
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +22 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +22 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +23 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +94 -3
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +23 -2
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +120 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.c +6 -3
- data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.h +22 -0
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +24 -6
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +111 -12
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +9 -7
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +27 -9
- data/src/core/ext/upb-generated/envoy/config/trace/v3/opentelemetry.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +11 -7
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +56 -12
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.h +24 -0
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.h +24 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.c +13 -2
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.h +49 -0
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.c +24 -9
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.h +66 -12
- data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +191 -187
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +139 -136
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +31 -15
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +12 -9
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +15 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.c +54 -45
- data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c +135 -119
- data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +100 -97
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opentelemetry.upbdefs.c +15 -18
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +272 -264
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +117 -117
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.c +5 -5
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +5 -5
- data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +5 -5
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.c +12 -9
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.h +5 -0
- data/src/core/ext/xds/xds_channel_stack_modifier.cc +1 -2
- data/src/core/ext/xds/xds_client_stats.cc +29 -15
- data/src/core/ext/xds/xds_client_stats.h +24 -20
- data/src/core/ext/xds/xds_endpoint.cc +5 -2
- data/src/core/ext/xds/xds_endpoint.h +9 -1
- data/src/core/ext/xds/xds_http_rbac_filter.cc +1 -1
- data/src/core/ext/xds/xds_lb_policy_registry.cc +13 -0
- data/src/core/ext/xds/xds_transport_grpc.cc +1 -1
- data/src/core/lib/channel/call_finalization.h +1 -1
- data/src/core/lib/channel/call_tracer.cc +51 -0
- data/src/core/lib/channel/call_tracer.h +101 -38
- data/src/core/lib/channel/connected_channel.cc +483 -1050
- data/src/core/lib/channel/context.h +8 -1
- data/src/core/lib/channel/promise_based_filter.cc +106 -42
- data/src/core/lib/channel/promise_based_filter.h +27 -13
- data/src/core/lib/channel/server_call_tracer_filter.cc +110 -0
- data/src/core/lib/config/config_vars.cc +151 -0
- data/src/core/lib/config/config_vars.h +127 -0
- data/src/core/lib/config/config_vars_non_generated.cc +51 -0
- data/src/core/lib/config/load_config.cc +66 -0
- data/src/core/lib/config/load_config.h +49 -0
- data/src/core/lib/debug/trace.cc +5 -6
- data/src/core/lib/debug/trace.h +0 -5
- data/src/core/lib/event_engine/event_engine.cc +37 -2
- data/src/core/lib/event_engine/handle_containers.h +7 -22
- data/src/core/lib/event_engine/memory_allocator_factory.h +47 -0
- data/src/core/lib/event_engine/posix_engine/ev_poll_posix.cc +0 -4
- data/src/core/lib/event_engine/posix_engine/event_poller_posix_default.cc +3 -9
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +48 -15
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +8 -8
- data/src/core/lib/event_engine/posix_engine/posix_engine.cc +6 -5
- data/src/core/lib/event_engine/posix_engine/posix_engine.h +0 -1
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +6 -32
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener.h +0 -3
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +27 -18
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +0 -3
- data/src/core/lib/event_engine/resolved_address.cc +2 -1
- data/src/core/lib/event_engine/windows/win_socket.cc +0 -1
- data/src/core/lib/event_engine/windows/windows_endpoint.cc +129 -82
- data/src/core/lib/event_engine/windows/windows_endpoint.h +21 -5
- data/src/core/lib/event_engine/windows/windows_engine.cc +39 -18
- data/src/core/lib/event_engine/windows/windows_engine.h +2 -1
- data/src/core/lib/event_engine/windows/windows_listener.cc +370 -0
- data/src/core/lib/event_engine/windows/windows_listener.h +155 -0
- data/src/core/lib/experiments/config.cc +3 -10
- data/src/core/lib/experiments/experiments.cc +7 -0
- data/src/core/lib/experiments/experiments.h +9 -1
- data/src/core/lib/gpr/log.cc +15 -28
- data/src/core/lib/gprpp/fork.cc +8 -14
- data/src/core/lib/gprpp/orphanable.h +4 -3
- data/src/core/lib/gprpp/per_cpu.h +9 -3
- data/src/core/lib/gprpp/{thd_posix.cc → posix/thd.cc} +49 -37
- data/src/core/lib/gprpp/ref_counted.h +33 -34
- data/src/core/lib/gprpp/thd.h +16 -0
- data/src/core/lib/gprpp/time.cc +1 -0
- data/src/core/lib/gprpp/time.h +4 -4
- data/src/core/lib/gprpp/{thd_windows.cc → windows/thd.cc} +2 -2
- data/src/core/lib/iomgr/call_combiner.h +2 -2
- data/src/core/lib/iomgr/endpoint_cfstream.cc +4 -2
- data/src/core/lib/iomgr/ev_posix.cc +13 -53
- data/src/core/lib/iomgr/ev_posix.h +0 -3
- data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +103 -76
- data/src/core/lib/iomgr/iomgr.cc +4 -8
- data/src/core/lib/iomgr/iomgr_windows.cc +8 -2
- data/src/core/lib/iomgr/pollset_set_windows.cc +9 -9
- data/src/core/lib/iomgr/pollset_windows.cc +1 -1
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +16 -3
- data/src/core/lib/iomgr/tcp_client_windows.cc +2 -2
- data/src/core/lib/iomgr/tcp_posix.cc +0 -1
- data/src/core/lib/iomgr/tcp_server_posix.cc +19 -55
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +0 -12
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +0 -21
- data/src/core/lib/iomgr/tcp_server_windows.cc +176 -9
- data/src/core/lib/iomgr/tcp_windows.cc +12 -8
- data/src/core/lib/load_balancing/lb_policy.cc +9 -13
- data/src/core/lib/load_balancing/lb_policy.h +4 -2
- data/src/core/lib/promise/activity.cc +22 -6
- data/src/core/lib/promise/activity.h +61 -24
- data/src/core/lib/promise/cancel_callback.h +77 -0
- data/src/core/lib/promise/detail/basic_seq.h +1 -1
- data/src/core/lib/promise/detail/promise_factory.h +4 -0
- data/src/core/lib/promise/for_each.h +176 -0
- data/src/core/lib/promise/if.h +9 -0
- data/src/core/lib/promise/interceptor_list.h +23 -2
- data/src/core/lib/promise/latch.h +89 -3
- data/src/core/lib/promise/loop.h +13 -9
- data/src/core/lib/promise/map.h +7 -0
- data/src/core/lib/promise/party.cc +286 -0
- data/src/core/lib/promise/party.h +499 -0
- data/src/core/lib/promise/pipe.h +197 -57
- data/src/core/lib/promise/poll.h +48 -0
- data/src/core/lib/promise/promise.h +2 -2
- data/src/core/lib/resource_quota/arena.cc +19 -3
- data/src/core/lib/resource_quota/arena.h +119 -5
- data/src/core/lib/resource_quota/memory_quota.cc +1 -1
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +12 -35
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +1 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +0 -59
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +10 -5
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +13 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +2 -0
- data/src/core/lib/security/security_connector/load_system_roots_supported.cc +5 -9
- data/src/core/lib/security/security_connector/ssl_utils.cc +11 -25
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +12 -0
- data/src/core/lib/security/transport/secure_endpoint.cc +4 -2
- data/src/core/lib/security/transport/server_auth_filter.cc +20 -2
- data/src/core/lib/slice/slice.cc +1 -1
- data/src/core/lib/surface/builtins.cc +2 -0
- data/src/core/lib/surface/call.cc +926 -1024
- data/src/core/lib/surface/call.h +10 -0
- data/src/core/lib/surface/lame_client.cc +1 -0
- data/src/core/lib/surface/validate_metadata.cc +42 -43
- data/src/core/lib/surface/validate_metadata.h +0 -9
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/batch_builder.cc +179 -0
- data/src/core/lib/transport/batch_builder.h +468 -0
- data/src/core/lib/transport/bdp_estimator.cc +7 -7
- data/src/core/lib/transport/bdp_estimator.h +10 -6
- data/src/core/lib/transport/custom_metadata.h +30 -0
- data/src/core/lib/transport/metadata_batch.cc +5 -2
- data/src/core/lib/transport/metadata_batch.h +17 -113
- data/src/core/lib/transport/parsed_metadata.h +6 -16
- data/src/core/lib/transport/timeout_encoding.cc +6 -1
- data/src/core/lib/transport/transport.cc +30 -2
- data/src/core/lib/transport/transport.h +70 -14
- data/src/core/lib/transport/transport_impl.h +7 -0
- data/src/core/lib/transport/transport_op_string.cc +52 -42
- data/src/core/plugin_registry/grpc_plugin_registry.cc +2 -2
- data/src/core/tsi/alts/frame_protector/alts_frame_protector.cc +1 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +21 -4
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +5 -0
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +1 -1
- data/src/core/tsi/ssl_transport_security.cc +4 -2
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/abseil-cpp/absl/base/config.h +1 -1
- data/third_party/abseil-cpp/absl/flags/commandlineflag.cc +34 -0
- data/third_party/abseil-cpp/absl/flags/commandlineflag.h +200 -0
- data/third_party/abseil-cpp/absl/flags/config.h +68 -0
- data/third_party/abseil-cpp/absl/flags/declare.h +73 -0
- data/third_party/abseil-cpp/absl/flags/flag.cc +38 -0
- data/third_party/abseil-cpp/absl/flags/flag.h +310 -0
- data/{src/core/lib/gprpp/global_config_custom.h → third_party/abseil-cpp/absl/flags/internal/commandlineflag.cc} +11 -14
- data/third_party/abseil-cpp/absl/flags/internal/commandlineflag.h +68 -0
- data/third_party/abseil-cpp/absl/flags/internal/flag.cc +615 -0
- data/third_party/abseil-cpp/absl/flags/internal/flag.h +800 -0
- data/third_party/abseil-cpp/absl/flags/internal/flag_msvc.inc +116 -0
- data/third_party/abseil-cpp/absl/flags/internal/path_util.h +62 -0
- data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.cc +65 -0
- data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.h +61 -0
- data/third_party/abseil-cpp/absl/flags/internal/program_name.cc +60 -0
- data/third_party/abseil-cpp/absl/flags/internal/program_name.h +50 -0
- data/third_party/abseil-cpp/absl/flags/internal/registry.h +97 -0
- data/third_party/abseil-cpp/absl/flags/internal/sequence_lock.h +187 -0
- data/third_party/abseil-cpp/absl/flags/marshalling.cc +241 -0
- data/third_party/abseil-cpp/absl/flags/marshalling.h +356 -0
- data/third_party/abseil-cpp/absl/flags/reflection.cc +354 -0
- data/third_party/abseil-cpp/absl/flags/reflection.h +90 -0
- data/third_party/abseil-cpp/absl/flags/usage_config.cc +165 -0
- data/third_party/abseil-cpp/absl/flags/usage_config.h +135 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +12 -8
- data/third_party/boringssl-with-bazel/err_data.c +728 -712
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +177 -177
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +28 -55
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_d2i_fp.c +21 -23
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_dup.c +20 -23
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.c +66 -185
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_i2d_fp.c +18 -21
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +356 -311
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +174 -194
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +146 -210
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +6 -9
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strex.c +346 -526
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +110 -131
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +130 -116
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +93 -60
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +93 -181
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +242 -305
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_par.c +41 -18
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +30 -33
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +36 -33
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +29 -26
- data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +133 -88
- data/third_party/boringssl-with-bazel/src/crypto/asn1/posix_time.c +230 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +791 -791
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +526 -526
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +114 -135
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +201 -207
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +21 -26
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +55 -68
- data/third_party/boringssl-with-bazel/src/crypto/base64/base64.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +11 -7
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio_mem.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +15 -9
- data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +17 -10
- data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +1 -3
- data/third_party/boringssl-with-bazel/src/crypto/bio/printf.c +0 -13
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket.c +3 -6
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +9 -5
- data/third_party/boringssl-with-bazel/src/crypto/bn_extra/convert.c +10 -23
- data/third_party/boringssl-with-bazel/src/crypto/buf/buf.c +2 -6
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/asn1_compat.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +29 -28
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbb.c +161 -201
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +254 -39
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/internal.h +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/chacha/chacha.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesctrhmac.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesgcmsiv.c +37 -75
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +8 -10
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/cipher → cipher_extra}/e_des.c +100 -78
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_null.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc2.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc4.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +6 -12
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +14 -11
- data/third_party/boringssl-with-bazel/src/crypto/conf/conf.c +6 -10
- data/third_party/boringssl-with-bazel/src/crypto/conf/conf_def.h +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/conf/internal.h +12 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_apple.c +74 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_freebsd.c +62 -0
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-fuchsia.c → cpu_aarch64_fuchsia.c} +8 -7
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-linux.c → cpu_aarch64_linux.c} +6 -4
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-win.c → cpu_aarch64_win.c} +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm.c → cpu_arm.c} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_freebsd.c +55 -0
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.c → cpu_arm_linux.c} +11 -90
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.h → cpu_arm_linux.h} +0 -38
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-intel.c → cpu_intel.c} +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/crypto.c +25 -20
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +16 -27
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +17 -32
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/des.c +232 -232
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/dh_extra/dh_asn1.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/dh_extra/params.c +232 -29
- data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +0 -3
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +39 -16
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa_asn1.c +37 -7
- data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +11 -36
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +214 -99
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +21 -5
- data/third_party/boringssl-with-bazel/src/crypto/ecdsa_extra/ecdsa_asn1.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/err/err.c +83 -60
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +46 -12
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_ctx.c +25 -23
- data/third_party/boringssl-with-bazel/src/crypto/evp/internal.h +43 -9
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_dsa_asn1.c +75 -44
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec.c +19 -25
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec_asn1.c +96 -45
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519.c +7 -8
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519_asn1.c +26 -23
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_hkdf.c +233 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa_asn1.c +42 -25
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519_asn1.c +35 -47
- data/third_party/boringssl-with-bazel/src/crypto/evp/print.c +135 -244
- data/third_party/boringssl-with-bazel/src/crypto/evp/scrypt.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/evp/sign.c +15 -10
- data/third_party/boringssl-with-bazel/src/crypto/ex_data.c +29 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +13 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +3 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/key_wrap.c +13 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +9 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +35 -27
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +16 -26
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bytes.c +88 -60
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/cmp.c +4 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/ctx.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div_extra.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +99 -113
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd_extra.c +5 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/generic.c +112 -168
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +86 -31
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +11 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery_inv.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +13 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/random.c +13 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.c +19 -108
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.h +19 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/shift.c +15 -16
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/sqrt.c +22 -21
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/aead.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +79 -19
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +102 -99
- data/third_party/boringssl-with-bazel/src/crypto/{cipher_extra → fipsmodule/cipher}/e_aesccm.c +52 -46
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/internal.h +39 -0
- data/third_party/boringssl-with-bazel/src/crypto/{cmac → fipsmodule/cmac}/cmac.c +55 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/check.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/dh.c +21 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/internal.h +56 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +5 -3
- data/third_party/boringssl-with-bazel/src/crypto/{evp → fipsmodule/digestsign}/digestsign.c +51 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +25 -25
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +91 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +34 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +54 -23
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +44 -60
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64-table.h → p256-nistz-table.h} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.c → p256-nistz.c} +60 -53
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.h → p256-nistz.h} +5 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +48 -36
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +2 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +2 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +42 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +6 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hmac/hmac.c +52 -24
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +9 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cfb.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +71 -43
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +14 -16
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/ctrdrbg.c +31 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +16 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +9 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +73 -59
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +11 -45
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +22 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/padding.c +63 -52
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +107 -62
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +58 -31
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +41 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +523 -422
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/internal.h +89 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/service_indicator.c +334 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +3 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +12 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +14 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/kdf.c +19 -6
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +32 -14
- data/third_party/boringssl-with-bazel/src/crypto/hrss/hrss.c +65 -29
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +373 -18
- data/third_party/boringssl-with-bazel/src/crypto/kyber/internal.h +61 -0
- data/third_party/boringssl-with-bazel/src/crypto/kyber/keccak.c +205 -0
- data/third_party/boringssl-with-bazel/src/crypto/lhash/internal.h +13 -1
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +220 -13
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +19 -7
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +13 -1
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_all.c +81 -90
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_info.c +150 -245
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +629 -613
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_oth.c +17 -17
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +142 -149
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +99 -131
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_x509.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_xaux.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8.c +0 -3
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +36 -66
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +31 -38
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +18 -31
- data/third_party/boringssl-with-bazel/src/crypto/pool/internal.h +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +8 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +129 -5
- data/third_party/boringssl-with-bazel/src/crypto/refcount_c11.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/refcount_lock.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/siphash/siphash.c +8 -11
- data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +61 -27
- data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +10 -13
- data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +10 -13
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +66 -34
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +190 -77
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +81 -284
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +109 -42
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_digest.c +22 -24
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_sign.c +54 -55
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_verify.c +32 -34
- data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +32 -16
- data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +465 -704
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +284 -331
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +183 -178
- data/third_party/boringssl-with-bazel/src/crypto/x509/i2d_pr.c +11 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +67 -50
- data/third_party/boringssl-with-bazel/src/crypto/x509/name_print.c +153 -150
- data/third_party/boringssl-with-bazel/src/crypto/x509/policy.c +786 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +95 -102
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +72 -57
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +12 -10
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +227 -252
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509a.c +52 -47
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +230 -224
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +161 -327
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_d2.c +37 -33
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_def.c +14 -31
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +55 -85
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +534 -618
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +129 -122
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +116 -182
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +132 -132
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +181 -202
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_txt.c +64 -79
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +175 -160
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +1865 -2050
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +433 -462
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +156 -163
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +267 -263
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509rset.c +40 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.c +59 -63
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +63 -67
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +114 -144
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +25 -26
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +326 -415
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_exten.c +8 -7
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_info.c +30 -28
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +354 -370
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +37 -32
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +116 -119
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_req.c +36 -26
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_spki.c +10 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_val.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +419 -261
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +113 -105
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/ext_dat.h +11 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +78 -170
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +126 -131
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akeya.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +465 -469
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bcons.c +56 -54
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +46 -49
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +309 -346
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +341 -365
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_crld.c +429 -393
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +29 -24
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_extku.c +65 -59
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +125 -121
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +43 -42
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +122 -125
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_int.c +50 -20
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +247 -253
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ncons.c +386 -389
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ocsp.c +45 -32
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcons.c +57 -54
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pmaps.c +63 -67
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +143 -136
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +664 -707
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +83 -75
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +1062 -1146
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +8 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +28 -48
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +211 -187
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +26 -78
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +19 -14
- data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +21 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +49 -17
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +99 -29
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +49 -60
- data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +2 -15
- data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +16 -200
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +34 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ctrdrbg.h +82 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +32 -30
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +7 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +48 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h +37 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/err.h +33 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +22 -30
- data/third_party/boringssl-with-bazel/src/include/openssl/ex_data.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/hmac.h +7 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +41 -16
- data/third_party/boringssl-with-bazel/src/include/openssl/kdf.h +91 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +74 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +13 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +11 -15
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +8 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +12 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +7 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/service_indicator.h +96 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +13 -21
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +139 -75
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl3.h +1 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/stack.h +384 -286
- data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +5 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/time.h +41 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +18 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +49 -23
- data/third_party/boringssl-with-bazel/src/include/openssl/type_check.h +0 -11
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +1592 -1074
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +202 -205
- data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +6 -13
- data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +17 -18
- data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +4 -5
- data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +25 -33
- data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +34 -20
- data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +65 -34
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +198 -54
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +5 -5
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +32 -28
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +76 -44
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +130 -98
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +27 -11
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +91 -75
- data/third_party/boringssl-with-bazel/src/ssl/ssl_aead_ctx.cc +8 -10
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +39 -65
- data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +1 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +5 -9
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +30 -33
- data/third_party/boringssl-with-bazel/src/ssl/ssl_file.cc +77 -100
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +120 -107
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +164 -30
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +150 -60
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +22 -11
- data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +22 -6
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +15 -13
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +5 -43
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +7 -4
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +22 -34
- data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +16 -98
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +1241 -657
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +751 -398
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +3551 -1938
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +1272 -487
- metadata +103 -70
- data/src/core/ext/filters/client_channel/lb_call_state_internal.h +0 -39
- data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.cc +0 -30
- data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.h +0 -29
- data/src/core/lib/gprpp/global_config.h +0 -93
- data/src/core/lib/gprpp/global_config_env.cc +0 -140
- data/src/core/lib/gprpp/global_config_env.h +0 -133
- data/src/core/lib/gprpp/global_config_generic.h +0 -40
- data/src/core/lib/promise/intra_activity_waiter.h +0 -55
- data/src/core/lib/security/security_connector/ssl_utils_config.cc +0 -32
- data/src/core/lib/security/security_connector/ssl_utils_config.h +0 -29
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +0 -195
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_print.c +0 -83
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utf8.c +0 -236
- data/third_party/boringssl-with-bazel/src/crypto/asn1/charmap.h +0 -15
- data/third_party/boringssl-with-bazel/src/crypto/asn1/time_support.c +0 -206
- data/third_party/boringssl-with-bazel/src/crypto/cpu-ppc64le.c +0 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1-altivec.c +0 -361
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_cache.c +0 -287
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +0 -132
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_lib.c +0 -155
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_map.c +0 -131
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_node.c +0 -189
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_tree.c +0 -843
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pci.c +0 -289
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcia.c +0 -57
- /data/src/core/lib/gpr/{log_android.cc → android/log.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_iphone.cc → iphone/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_linux.cc → linux/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{log_linux.cc → linux/log.cc} +0 -0
- /data/src/core/lib/gpr/{tmpfile_msys.cc → msys/tmpfile.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_posix.cc → posix/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{log_posix.cc → posix/log.cc} +0 -0
- /data/src/core/lib/gpr/{string_posix.cc → posix/string.cc} +0 -0
- /data/src/core/lib/gpr/{sync_posix.cc → posix/sync.cc} +0 -0
- /data/src/core/lib/gpr/{time_posix.cc → posix/time.cc} +0 -0
- /data/src/core/lib/gpr/{tmpfile_posix.cc → posix/tmpfile.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_windows.cc → windows/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{log_windows.cc → windows/log.cc} +0 -0
- /data/src/core/lib/gpr/{string_windows.cc → windows/string.cc} +0 -0
- /data/src/core/lib/gpr/{string_util_windows.cc → windows/string_util.cc} +0 -0
- /data/src/core/lib/gpr/{sync_windows.cc → windows/sync.cc} +0 -0
- /data/src/core/lib/gpr/{time_windows.cc → windows/time.cc} +0 -0
- /data/src/core/lib/gpr/{tmpfile_windows.cc → windows/tmpfile.cc} +0 -0
- /data/src/core/lib/gprpp/{env_linux.cc → linux/env.cc} +0 -0
- /data/src/core/lib/gprpp/{env_posix.cc → posix/env.cc} +0 -0
- /data/src/core/lib/gprpp/{stat_posix.cc → posix/stat.cc} +0 -0
- /data/src/core/lib/gprpp/{env_windows.cc → windows/env.cc} +0 -0
- /data/src/core/lib/gprpp/{stat_windows.cc → windows/stat.cc} +0 -0
|
@@ -52,8 +52,8 @@
|
|
|
52
52
|
* (eay@cryptsoft.com). This product includes software written by Tim
|
|
53
53
|
* Hudson (tjh@cryptsoft.com). */
|
|
54
54
|
|
|
55
|
-
#ifndef
|
|
56
|
-
#define
|
|
55
|
+
#ifndef OPENSSL_HEADER_X509V3_H
|
|
56
|
+
#define OPENSSL_HEADER_X509V3_H
|
|
57
57
|
|
|
58
58
|
#include <openssl/bio.h>
|
|
59
59
|
#include <openssl/conf.h>
|
|
@@ -79,23 +79,25 @@ struct v3_ext_ctx;
|
|
|
79
79
|
|
|
80
80
|
// Useful typedefs
|
|
81
81
|
|
|
82
|
+
typedef struct v3_ext_method X509V3_EXT_METHOD;
|
|
83
|
+
|
|
82
84
|
typedef void *(*X509V3_EXT_NEW)(void);
|
|
83
85
|
typedef void (*X509V3_EXT_FREE)(void *);
|
|
84
86
|
typedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long);
|
|
85
87
|
typedef int (*X509V3_EXT_I2D)(void *, unsigned char **);
|
|
86
|
-
typedef STACK_OF(CONF_VALUE) *(*X509V3_EXT_I2V)(
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
typedef void *(*X509V3_EXT_V2I)(const
|
|
90
|
-
|
|
91
|
-
STACK_OF(CONF_VALUE) *values);
|
|
92
|
-
typedef char *(*X509V3_EXT_I2S)(const
|
|
93
|
-
typedef void *(*X509V3_EXT_S2I)(const
|
|
94
|
-
|
|
95
|
-
typedef int (*X509V3_EXT_I2R)(const
|
|
88
|
+
typedef STACK_OF(CONF_VALUE) *(*X509V3_EXT_I2V)(const X509V3_EXT_METHOD *method,
|
|
89
|
+
void *ext,
|
|
90
|
+
STACK_OF(CONF_VALUE) *extlist);
|
|
91
|
+
typedef void *(*X509V3_EXT_V2I)(const X509V3_EXT_METHOD *method,
|
|
92
|
+
const X509V3_CTX *ctx,
|
|
93
|
+
const STACK_OF(CONF_VALUE) *values);
|
|
94
|
+
typedef char *(*X509V3_EXT_I2S)(const X509V3_EXT_METHOD *method, void *ext);
|
|
95
|
+
typedef void *(*X509V3_EXT_S2I)(const X509V3_EXT_METHOD *method,
|
|
96
|
+
const X509V3_CTX *ctx, const char *str);
|
|
97
|
+
typedef int (*X509V3_EXT_I2R)(const X509V3_EXT_METHOD *method, void *ext,
|
|
96
98
|
BIO *out, int indent);
|
|
97
|
-
typedef void *(*X509V3_EXT_R2I)(const
|
|
98
|
-
|
|
99
|
+
typedef void *(*X509V3_EXT_R2I)(const X509V3_EXT_METHOD *method,
|
|
100
|
+
const X509V3_CTX *ctx, const char *str);
|
|
99
101
|
|
|
100
102
|
// V3 extension structure
|
|
101
103
|
|
|
@@ -125,28 +127,6 @@ struct v3_ext_method {
|
|
|
125
127
|
void *usr_data; // Any extension specific data
|
|
126
128
|
};
|
|
127
129
|
|
|
128
|
-
typedef struct X509V3_CONF_METHOD_st {
|
|
129
|
-
char *(*get_string)(void *db, const char *section, const char *value);
|
|
130
|
-
STACK_OF(CONF_VALUE) *(*get_section)(void *db, const char *section);
|
|
131
|
-
void (*free_string)(void *db, char *string);
|
|
132
|
-
void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section);
|
|
133
|
-
} X509V3_CONF_METHOD;
|
|
134
|
-
|
|
135
|
-
// Context specific info
|
|
136
|
-
struct v3_ext_ctx {
|
|
137
|
-
#define CTX_TEST 0x1
|
|
138
|
-
int flags;
|
|
139
|
-
X509 *issuer_cert;
|
|
140
|
-
X509 *subject_cert;
|
|
141
|
-
X509_REQ *subject_req;
|
|
142
|
-
X509_CRL *crl;
|
|
143
|
-
const X509V3_CONF_METHOD *db_meth;
|
|
144
|
-
void *db;
|
|
145
|
-
// Maybe more here
|
|
146
|
-
};
|
|
147
|
-
|
|
148
|
-
typedef struct v3_ext_method X509V3_EXT_METHOD;
|
|
149
|
-
|
|
150
130
|
DEFINE_STACK_OF(X509V3_EXT_METHOD)
|
|
151
131
|
|
|
152
132
|
// ext_flags values
|
|
@@ -317,20 +297,6 @@ typedef struct POLICY_CONSTRAINTS_st {
|
|
|
317
297
|
ASN1_INTEGER *inhibitPolicyMapping;
|
|
318
298
|
} POLICY_CONSTRAINTS;
|
|
319
299
|
|
|
320
|
-
// Proxy certificate structures, see RFC 3820
|
|
321
|
-
typedef struct PROXY_POLICY_st {
|
|
322
|
-
ASN1_OBJECT *policyLanguage;
|
|
323
|
-
ASN1_OCTET_STRING *policy;
|
|
324
|
-
} PROXY_POLICY;
|
|
325
|
-
|
|
326
|
-
typedef struct PROXY_CERT_INFO_EXTENSION_st {
|
|
327
|
-
ASN1_INTEGER *pcPathLengthConstraint;
|
|
328
|
-
PROXY_POLICY *proxyPolicy;
|
|
329
|
-
} PROXY_CERT_INFO_EXTENSION;
|
|
330
|
-
|
|
331
|
-
DECLARE_ASN1_FUNCTIONS(PROXY_POLICY)
|
|
332
|
-
DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)
|
|
333
|
-
|
|
334
300
|
struct ISSUING_DIST_POINT_st {
|
|
335
301
|
DIST_POINT_NAME *distpoint;
|
|
336
302
|
int onlyuser;
|
|
@@ -356,30 +322,6 @@ struct ISSUING_DIST_POINT_st {
|
|
|
356
322
|
// onlysomereasons present
|
|
357
323
|
#define IDP_REASONS 0x40
|
|
358
324
|
|
|
359
|
-
#define X509V3_conf_err(val) \
|
|
360
|
-
ERR_add_error_data(6, "section:", (val)->section, ",name:", (val)->name, \
|
|
361
|
-
",value:", (val)->value);
|
|
362
|
-
|
|
363
|
-
#define X509V3_set_ctx_test(ctx) \
|
|
364
|
-
X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)
|
|
365
|
-
#define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL;
|
|
366
|
-
|
|
367
|
-
#define EXT_BITSTRING(nid, table) \
|
|
368
|
-
{ \
|
|
369
|
-
nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), 0, 0, 0, 0, 0, 0, \
|
|
370
|
-
(X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \
|
|
371
|
-
(X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, NULL, NULL, (void *)(table) \
|
|
372
|
-
}
|
|
373
|
-
|
|
374
|
-
#define EXT_IA5STRING(nid) \
|
|
375
|
-
{ \
|
|
376
|
-
nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), 0, 0, 0, 0, \
|
|
377
|
-
(X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \
|
|
378
|
-
(X509V3_EXT_S2I)s2i_ASN1_IA5STRING, 0, 0, 0, 0, NULL \
|
|
379
|
-
}
|
|
380
|
-
|
|
381
|
-
#define EXT_END \
|
|
382
|
-
{ -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }
|
|
383
325
|
|
|
384
326
|
|
|
385
327
|
// X509_PURPOSE stuff
|
|
@@ -396,9 +338,7 @@ struct ISSUING_DIST_POINT_st {
|
|
|
396
338
|
#define EXFLAG_INVALID 0x80
|
|
397
339
|
#define EXFLAG_SET 0x100
|
|
398
340
|
#define EXFLAG_CRITICAL 0x200
|
|
399
|
-
#define EXFLAG_PROXY 0x400
|
|
400
341
|
|
|
401
|
-
#define EXFLAG_INVALID_POLICY 0x800
|
|
402
342
|
#define EXFLAG_FRESHEST 0x1000
|
|
403
343
|
// Self signed
|
|
404
344
|
#define EXFLAG_SS 0x2000
|
|
@@ -460,28 +400,17 @@ typedef struct x509_purpose_st {
|
|
|
460
400
|
|
|
461
401
|
DEFINE_STACK_OF(X509_PURPOSE)
|
|
462
402
|
|
|
463
|
-
|
|
403
|
+
DECLARE_ASN1_FUNCTIONS_const(BASIC_CONSTRAINTS)
|
|
464
404
|
|
|
405
|
+
// TODO(https://crbug.com/boringssl/407): This is not const because it contains
|
|
406
|
+
// an |X509_NAME|.
|
|
465
407
|
DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID)
|
|
466
408
|
|
|
409
|
+
// TODO(https://crbug.com/boringssl/407): This is not const because it contains
|
|
410
|
+
// an |X509_NAME|.
|
|
467
411
|
DECLARE_ASN1_FUNCTIONS(GENERAL_NAME)
|
|
468
412
|
OPENSSL_EXPORT GENERAL_NAME *GENERAL_NAME_dup(GENERAL_NAME *a);
|
|
469
413
|
|
|
470
|
-
// GENERAL_NAME_cmp returns zero if |a| and |b| are equal and a non-zero
|
|
471
|
-
// value otherwise. Note this function does not provide a comparison suitable
|
|
472
|
-
// for sorting.
|
|
473
|
-
OPENSSL_EXPORT int GENERAL_NAME_cmp(const GENERAL_NAME *a,
|
|
474
|
-
const GENERAL_NAME *b);
|
|
475
|
-
|
|
476
|
-
|
|
477
|
-
|
|
478
|
-
OPENSSL_EXPORT ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
|
|
479
|
-
X509V3_CTX *ctx,
|
|
480
|
-
STACK_OF(CONF_VALUE) *nval);
|
|
481
|
-
OPENSSL_EXPORT STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(
|
|
482
|
-
X509V3_EXT_METHOD *method, ASN1_BIT_STRING *bits,
|
|
483
|
-
STACK_OF(CONF_VALUE) *extlist);
|
|
484
|
-
|
|
485
414
|
// i2v_GENERAL_NAME serializes |gen| as a |CONF_VALUE|. If |ret| is non-NULL, it
|
|
486
415
|
// appends the value to |ret| and returns |ret| on success or NULL on error. If
|
|
487
416
|
// it returns NULL, the caller is still responsible for freeing |ret|. If |ret|
|
|
@@ -492,9 +421,18 @@ OPENSSL_EXPORT STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(
|
|
|
492
421
|
// human-readable print functions. If extracting a SAN list from a certificate,
|
|
493
422
|
// look at |gen| directly.
|
|
494
423
|
OPENSSL_EXPORT STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(
|
|
495
|
-
X509V3_EXT_METHOD *method, GENERAL_NAME *gen,
|
|
496
|
-
|
|
424
|
+
const X509V3_EXT_METHOD *method, const GENERAL_NAME *gen,
|
|
425
|
+
STACK_OF(CONF_VALUE) *ret);
|
|
497
426
|
|
|
427
|
+
// GENERAL_NAME_print prints a human-readable representation of |gen| to |out|.
|
|
428
|
+
// It returns one on success and zero on error.
|
|
429
|
+
//
|
|
430
|
+
// TODO(davidben): Actually, it just returns one and doesn't check for I/O or
|
|
431
|
+
// allocation errors. But it should return zero on error.
|
|
432
|
+
OPENSSL_EXPORT int GENERAL_NAME_print(BIO *out, const GENERAL_NAME *gen);
|
|
433
|
+
|
|
434
|
+
// TODO(https://crbug.com/boringssl/407): This is not const because it contains
|
|
435
|
+
// an |X509_NAME|.
|
|
498
436
|
DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES)
|
|
499
437
|
|
|
500
438
|
// i2v_GENERAL_NAMES serializes |gen| as a list of |CONF_VALUE|s. If |ret| is
|
|
@@ -507,15 +445,14 @@ DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES)
|
|
|
507
445
|
// human-readable print functions. If extracting a SAN list from a certificate,
|
|
508
446
|
// look at |gen| directly.
|
|
509
447
|
OPENSSL_EXPORT STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(
|
|
510
|
-
X509V3_EXT_METHOD *method, GENERAL_NAMES *gen,
|
|
448
|
+
const X509V3_EXT_METHOD *method, const GENERAL_NAMES *gen,
|
|
511
449
|
STACK_OF(CONF_VALUE) *extlist);
|
|
512
|
-
OPENSSL_EXPORT GENERAL_NAMES *v2i_GENERAL_NAMES(
|
|
513
|
-
|
|
514
|
-
|
|
450
|
+
OPENSSL_EXPORT GENERAL_NAMES *v2i_GENERAL_NAMES(
|
|
451
|
+
const X509V3_EXT_METHOD *method, const X509V3_CTX *ctx,
|
|
452
|
+
const STACK_OF(CONF_VALUE) *nval);
|
|
515
453
|
|
|
516
|
-
|
|
517
|
-
|
|
518
|
-
OPENSSL_EXPORT int OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b);
|
|
454
|
+
DECLARE_ASN1_FUNCTIONS_const(OTHERNAME)
|
|
455
|
+
DECLARE_ASN1_FUNCTIONS_const(EDIPARTYNAME)
|
|
519
456
|
OPENSSL_EXPORT void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type,
|
|
520
457
|
void *value);
|
|
521
458
|
OPENSSL_EXPORT void *GENERAL_NAME_get0_value(const GENERAL_NAME *a, int *ptype);
|
|
@@ -526,23 +463,35 @@ OPENSSL_EXPORT int GENERAL_NAME_get0_otherName(const GENERAL_NAME *gen,
|
|
|
526
463
|
ASN1_OBJECT **poid,
|
|
527
464
|
ASN1_TYPE **pvalue);
|
|
528
465
|
|
|
529
|
-
|
|
530
|
-
|
|
466
|
+
// i2s_ASN1_OCTET_STRING returns a human-readable representation of |oct| as a
|
|
467
|
+
// newly-allocated, NUL-terminated string, or NULL on error. |method| is
|
|
468
|
+
// ignored. The caller must release the result with |OPENSSL_free| when done.
|
|
469
|
+
OPENSSL_EXPORT char *i2s_ASN1_OCTET_STRING(const X509V3_EXT_METHOD *method,
|
|
470
|
+
const ASN1_OCTET_STRING *oct);
|
|
471
|
+
|
|
531
472
|
OPENSSL_EXPORT ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(
|
|
532
|
-
X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str);
|
|
473
|
+
const X509V3_EXT_METHOD *method, const X509V3_CTX *ctx, const char *str);
|
|
533
474
|
|
|
534
|
-
|
|
475
|
+
DECLARE_ASN1_FUNCTIONS_const(EXTENDED_KEY_USAGE)
|
|
535
476
|
OPENSSL_EXPORT int i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION *a);
|
|
536
477
|
|
|
537
|
-
|
|
538
|
-
|
|
539
|
-
|
|
540
|
-
|
|
541
|
-
|
|
478
|
+
DECLARE_ASN1_FUNCTIONS_const(CERTIFICATEPOLICIES)
|
|
479
|
+
DECLARE_ASN1_FUNCTIONS_const(POLICYINFO)
|
|
480
|
+
DECLARE_ASN1_FUNCTIONS_const(POLICYQUALINFO)
|
|
481
|
+
DECLARE_ASN1_FUNCTIONS_const(USERNOTICE)
|
|
482
|
+
DECLARE_ASN1_FUNCTIONS_const(NOTICEREF)
|
|
542
483
|
|
|
484
|
+
// TODO(https://crbug.com/boringssl/407): This is not const because it contains
|
|
485
|
+
// an |X509_NAME|.
|
|
543
486
|
DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS)
|
|
487
|
+
// TODO(https://crbug.com/boringssl/407): This is not const because it contains
|
|
488
|
+
// an |X509_NAME|.
|
|
544
489
|
DECLARE_ASN1_FUNCTIONS(DIST_POINT)
|
|
490
|
+
// TODO(https://crbug.com/boringssl/407): This is not const because it contains
|
|
491
|
+
// an |X509_NAME|.
|
|
545
492
|
DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME)
|
|
493
|
+
// TODO(https://crbug.com/boringssl/407): This is not const because it contains
|
|
494
|
+
// an |X509_NAME|.
|
|
546
495
|
DECLARE_ASN1_FUNCTIONS(ISSUING_DIST_POINT)
|
|
547
496
|
|
|
548
497
|
OPENSSL_EXPORT int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn,
|
|
@@ -550,7 +499,11 @@ OPENSSL_EXPORT int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn,
|
|
|
550
499
|
|
|
551
500
|
OPENSSL_EXPORT int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc);
|
|
552
501
|
|
|
502
|
+
// TODO(https://crbug.com/boringssl/407): This is not const because it contains
|
|
503
|
+
// an |X509_NAME|.
|
|
553
504
|
DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
|
|
505
|
+
// TODO(https://crbug.com/boringssl/407): This is not const because it contains
|
|
506
|
+
// an |X509_NAME|.
|
|
554
507
|
DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
|
|
555
508
|
|
|
556
509
|
DECLARE_ASN1_ITEM(POLICY_MAPPING)
|
|
@@ -568,94 +521,148 @@ DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS)
|
|
|
568
521
|
|
|
569
522
|
OPENSSL_EXPORT GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
|
|
570
523
|
const X509V3_EXT_METHOD *method,
|
|
571
|
-
X509V3_CTX *ctx, int gen_type,
|
|
524
|
+
const X509V3_CTX *ctx, int gen_type,
|
|
572
525
|
const char *value, int is_nc);
|
|
573
526
|
|
|
574
527
|
OPENSSL_EXPORT GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method,
|
|
575
|
-
X509V3_CTX *ctx,
|
|
528
|
+
const X509V3_CTX *ctx,
|
|
529
|
+
const CONF_VALUE *cnf);
|
|
576
530
|
OPENSSL_EXPORT GENERAL_NAME *v2i_GENERAL_NAME_ex(
|
|
577
|
-
GENERAL_NAME *out, const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
|
|
578
|
-
CONF_VALUE *cnf, int is_nc);
|
|
531
|
+
GENERAL_NAME *out, const X509V3_EXT_METHOD *method, const X509V3_CTX *ctx,
|
|
532
|
+
const CONF_VALUE *cnf, int is_nc);
|
|
579
533
|
OPENSSL_EXPORT void X509V3_conf_free(CONF_VALUE *val);
|
|
580
534
|
|
|
581
|
-
// X509V3_EXT_conf_nid contains the only exposed instance of an LHASH in our
|
|
582
|
-
// public headers. The |conf| pointer must be NULL but cryptography.io wraps
|
|
583
|
-
// this function so we cannot, yet, replace the type with a dummy struct.
|
|
584
|
-
OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf,
|
|
585
|
-
X509V3_CTX *ctx, int ext_nid,
|
|
586
|
-
const char *value);
|
|
587
535
|
|
|
588
|
-
|
|
589
|
-
|
|
590
|
-
|
|
591
|
-
|
|
536
|
+
// Deprecated config-based extension creation.
|
|
537
|
+
//
|
|
538
|
+
// The following functions allow specifying X.509 extensions using OpenSSL's
|
|
539
|
+
// config file syntax, from the OpenSSL command-line tool. They are retained,
|
|
540
|
+
// for now, for compatibility with legacy software but may be removed in the
|
|
541
|
+
// future. Construct the extensions using the typed C APIs instead.
|
|
542
|
+
//
|
|
543
|
+
// Callers should especially avoid these functions if passing in non-constant
|
|
544
|
+
// values. They use ad-hoc, string-based formats which are prone to injection
|
|
545
|
+
// vulnerabilities. For a CA, this means using them risks misissuance.
|
|
546
|
+
//
|
|
547
|
+
// These functions are not safe to use with untrusted inputs. The string formats
|
|
548
|
+
// may implicitly reference context information and, in OpenSSL (though not
|
|
549
|
+
// BoringSSL), one even allows reading arbitrary files. They additionally see
|
|
550
|
+
// much less testing and review than most of the library and may have bugs
|
|
551
|
+
// including memory leaks or crashes.
|
|
552
|
+
|
|
553
|
+
// v3_ext_ctx, aka |X509V3_CTX|, contains additional context information for
|
|
554
|
+
// constructing extensions. Some string formats reference additional values in
|
|
555
|
+
// these objects. It must be initialized with |X509V3_set_ctx| or
|
|
556
|
+
// |X509V3_set_ctx_test| before use.
|
|
557
|
+
struct v3_ext_ctx {
|
|
558
|
+
int flags;
|
|
559
|
+
const X509 *issuer_cert;
|
|
560
|
+
const X509 *subject_cert;
|
|
561
|
+
const X509_REQ *subject_req;
|
|
562
|
+
const X509_CRL *crl;
|
|
563
|
+
const CONF *db;
|
|
564
|
+
};
|
|
565
|
+
|
|
566
|
+
#define X509V3_CTX_TEST 0x1
|
|
567
|
+
|
|
568
|
+
// X509V3_set_ctx initializes |ctx| with the specified objects. Some string
|
|
569
|
+
// formats will reference fields in these objects. Each object may be NULL to
|
|
570
|
+
// omit it, in which case those formats cannot be used. |flags| should be zero,
|
|
571
|
+
// unless called via |X509V3_set_ctx_test|.
|
|
572
|
+
//
|
|
573
|
+
// |issuer|, |subject|, |req|, and |crl|, if non-NULL, must outlive |ctx|.
|
|
574
|
+
OPENSSL_EXPORT void X509V3_set_ctx(X509V3_CTX *ctx, const X509 *issuer,
|
|
575
|
+
const X509 *subject, const X509_REQ *req,
|
|
576
|
+
const X509_CRL *crl, int flags);
|
|
577
|
+
|
|
578
|
+
// X509V3_set_ctx_test calls |X509V3_set_ctx| without any reference objects and
|
|
579
|
+
// mocks out some features that use them. The resulting extensions may be
|
|
580
|
+
// incomplete and should be discarded. This can be used to partially validate
|
|
581
|
+
// syntax.
|
|
582
|
+
//
|
|
583
|
+
// TODO(davidben): Can we remove this?
|
|
584
|
+
#define X509V3_set_ctx_test(ctx) \
|
|
585
|
+
X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, X509V3_CTX_TEST)
|
|
586
|
+
|
|
587
|
+
// X509V3_set_nconf sets |ctx| to use |conf| as the config database. |ctx| must
|
|
588
|
+
// have previously been initialized by |X509V3_set_ctx| or
|
|
589
|
+
// |X509V3_set_ctx_test|. Some string formats will reference sections in |conf|.
|
|
590
|
+
// |conf| may be NULL, in which case these formats cannot be used. If non-NULL,
|
|
591
|
+
// |conf| must outlive |ctx|.
|
|
592
|
+
OPENSSL_EXPORT void X509V3_set_nconf(X509V3_CTX *ctx, const CONF *conf);
|
|
593
|
+
|
|
594
|
+
// X509V3_set_ctx_nodb calls |X509V3_set_nconf| with no config database.
|
|
595
|
+
#define X509V3_set_ctx_nodb(ctx) X509V3_set_nconf(ctx, NULL)
|
|
596
|
+
|
|
597
|
+
// X509V3_EXT_nconf constructs an extension of type specified by |name|, and
|
|
598
|
+
// value specified by |value|. It returns a newly-allocated |X509_EXTENSION|
|
|
599
|
+
// object on success, or NULL on error. |conf| and |ctx| specify additional
|
|
600
|
+
// information referenced by some formats. Either |conf| or |ctx| may be NULL,
|
|
601
|
+
// in which case features which use it will be disabled.
|
|
602
|
+
//
|
|
603
|
+
// If non-NULL, |ctx| must be initialized with |X509V3_set_ctx| or
|
|
604
|
+
// |X509V3_set_ctx_test|.
|
|
605
|
+
//
|
|
606
|
+
// Both |conf| and |ctx| provide a |CONF| object. When |ctx| is non-NULL, most
|
|
607
|
+
// features use the |ctx| copy, configured with |X509V3_set_ctx|, but some use
|
|
608
|
+
// |conf|. Callers should ensure the two match to avoid surprisingly behavior.
|
|
609
|
+
OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_nconf(const CONF *conf,
|
|
610
|
+
const X509V3_CTX *ctx,
|
|
592
611
|
const char *name,
|
|
593
612
|
const char *value);
|
|
594
|
-
|
|
613
|
+
|
|
614
|
+
// X509V3_EXT_nconf_nid behaves like |X509V3_EXT_nconf|, except the extension
|
|
615
|
+
// type is specified as a NID.
|
|
616
|
+
OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_nconf_nid(const CONF *conf,
|
|
617
|
+
const X509V3_CTX *ctx,
|
|
618
|
+
int ext_nid,
|
|
619
|
+
const char *value);
|
|
620
|
+
|
|
621
|
+
// X509V3_EXT_conf_nid calls |X509V3_EXT_nconf_nid|. |conf| must be NULL.
|
|
622
|
+
//
|
|
623
|
+
// TODO(davidben): This is the only exposed instance of an LHASH in our public
|
|
624
|
+
// headers. cryptography.io wraps this function so we cannot, yet, replace the
|
|
625
|
+
// type with a dummy struct.
|
|
626
|
+
OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf,
|
|
627
|
+
const X509V3_CTX *ctx,
|
|
628
|
+
int ext_nid,
|
|
629
|
+
const char *value);
|
|
630
|
+
|
|
631
|
+
// X509V3_EXT_add_nconf_sk looks up the section named |section| in |conf|. For
|
|
632
|
+
// each |CONF_VALUE| in the section, it constructs an extension as in
|
|
633
|
+
// |X509V3_EXT_nconf|, taking |name| and |value| from the |CONF_VALUE|. Each new
|
|
634
|
+
// extension is appended to |*sk|. If |*sk| is non-NULL, and at least one
|
|
635
|
+
// extension is added, it sets |*sk| to a newly-allocated
|
|
636
|
+
// |STACK_OF(X509_EXTENSION)|. It returns one on success and zero on error.
|
|
637
|
+
OPENSSL_EXPORT int X509V3_EXT_add_nconf_sk(const CONF *conf,
|
|
638
|
+
const X509V3_CTX *ctx,
|
|
595
639
|
const char *section,
|
|
596
640
|
STACK_OF(X509_EXTENSION) **sk);
|
|
597
|
-
|
|
641
|
+
|
|
642
|
+
// X509V3_EXT_add_nconf adds extensions to |cert| as in
|
|
643
|
+
// |X509V3_EXT_add_nconf_sk|. It returns one on success and zero on error.
|
|
644
|
+
OPENSSL_EXPORT int X509V3_EXT_add_nconf(const CONF *conf, const X509V3_CTX *ctx,
|
|
598
645
|
const char *section, X509 *cert);
|
|
599
|
-
|
|
646
|
+
|
|
647
|
+
// X509V3_EXT_REQ_add_nconf adds extensions to |req| as in
|
|
648
|
+
// |X509V3_EXT_add_nconf_sk|. It returns one on success and zero on error.
|
|
649
|
+
OPENSSL_EXPORT int X509V3_EXT_REQ_add_nconf(const CONF *conf,
|
|
650
|
+
const X509V3_CTX *ctx,
|
|
600
651
|
const char *section, X509_REQ *req);
|
|
601
|
-
|
|
652
|
+
|
|
653
|
+
// X509V3_EXT_CRL_add_nconf adds extensions to |crl| as in
|
|
654
|
+
// |X509V3_EXT_add_nconf_sk|. It returns one on success and zero on error.
|
|
655
|
+
OPENSSL_EXPORT int X509V3_EXT_CRL_add_nconf(const CONF *conf,
|
|
656
|
+
const X509V3_CTX *ctx,
|
|
602
657
|
const char *section, X509_CRL *crl);
|
|
603
658
|
|
|
604
|
-
|
|
605
|
-
|
|
606
|
-
OPENSSL_EXPORT int X509V3_get_value_bool(const CONF_VALUE *value,
|
|
607
|
-
int *asn1_bool);
|
|
608
|
-
OPENSSL_EXPORT int X509V3_get_value_int(const CONF_VALUE *value,
|
|
609
|
-
ASN1_INTEGER **aint);
|
|
610
|
-
OPENSSL_EXPORT void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf);
|
|
611
|
-
|
|
612
|
-
OPENSSL_EXPORT char *X509V3_get_string(X509V3_CTX *ctx, const char *name,
|
|
613
|
-
const char *section);
|
|
614
|
-
OPENSSL_EXPORT STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx,
|
|
615
|
-
const char *section);
|
|
616
|
-
OPENSSL_EXPORT void X509V3_string_free(X509V3_CTX *ctx, char *str);
|
|
617
|
-
OPENSSL_EXPORT void X509V3_section_free(X509V3_CTX *ctx,
|
|
618
|
-
STACK_OF(CONF_VALUE) *section);
|
|
619
|
-
OPENSSL_EXPORT void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
|
|
620
|
-
X509_REQ *req, X509_CRL *crl, int flags);
|
|
621
|
-
|
|
622
|
-
// X509V3_add_value appends a |CONF_VALUE| containing |name| and |value| to
|
|
623
|
-
// |*extlist|. It returns one on success and zero on error. If |*extlist| is
|
|
624
|
-
// NULL, it sets |*extlist| to a newly-allocated |STACK_OF(CONF_VALUE)|
|
|
625
|
-
// containing the result. Either |name| or |value| may be NULL to omit the
|
|
626
|
-
// field.
|
|
627
|
-
//
|
|
628
|
-
// On failure, if |*extlist| was NULL, |*extlist| will remain NULL when the
|
|
629
|
-
// function returns.
|
|
630
|
-
OPENSSL_EXPORT int X509V3_add_value(const char *name, const char *value,
|
|
631
|
-
STACK_OF(CONF_VALUE) **extlist);
|
|
632
|
-
|
|
633
|
-
// X509V3_add_value_uchar behaves like |X509V3_add_value| but takes an
|
|
634
|
-
// |unsigned char| pointer.
|
|
635
|
-
OPENSSL_EXPORT int X509V3_add_value_uchar(const char *name,
|
|
636
|
-
const unsigned char *value,
|
|
637
|
-
STACK_OF(CONF_VALUE) **extlist);
|
|
638
|
-
|
|
639
|
-
// X509V3_add_value_bool behaves like |X509V3_add_value| but stores the value
|
|
640
|
-
// "TRUE" if |asn1_bool| is non-zero and "FALSE" otherwise.
|
|
641
|
-
OPENSSL_EXPORT int X509V3_add_value_bool(const char *name, int asn1_bool,
|
|
642
|
-
STACK_OF(CONF_VALUE) **extlist);
|
|
643
|
-
|
|
644
|
-
// X509V3_add_value_bool behaves like |X509V3_add_value| but stores a string
|
|
645
|
-
// representation of |aint|. Note this string representation may be decimal or
|
|
646
|
-
// hexadecimal, depending on the size of |aint|.
|
|
647
|
-
OPENSSL_EXPORT int X509V3_add_value_int(const char *name,
|
|
648
|
-
const ASN1_INTEGER *aint,
|
|
649
|
-
STACK_OF(CONF_VALUE) **extlist);
|
|
650
|
-
|
|
651
|
-
OPENSSL_EXPORT char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth,
|
|
659
|
+
|
|
660
|
+
OPENSSL_EXPORT char *i2s_ASN1_INTEGER(const X509V3_EXT_METHOD *meth,
|
|
652
661
|
const ASN1_INTEGER *aint);
|
|
653
|
-
OPENSSL_EXPORT ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth,
|
|
662
|
+
OPENSSL_EXPORT ASN1_INTEGER *s2i_ASN1_INTEGER(const X509V3_EXT_METHOD *meth,
|
|
654
663
|
const char *value);
|
|
655
|
-
OPENSSL_EXPORT char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth,
|
|
664
|
+
OPENSSL_EXPORT char *i2s_ASN1_ENUMERATED(const X509V3_EXT_METHOD *meth,
|
|
656
665
|
const ASN1_ENUMERATED *aint);
|
|
657
|
-
OPENSSL_EXPORT char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth,
|
|
658
|
-
const ASN1_ENUMERATED *aint);
|
|
659
666
|
OPENSSL_EXPORT int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
|
|
660
667
|
OPENSSL_EXPORT int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist);
|
|
661
668
|
OPENSSL_EXPORT int X509V3_EXT_add_alias(int nid_to, int nid_from);
|
|
@@ -665,7 +672,6 @@ OPENSSL_EXPORT const X509V3_EXT_METHOD *X509V3_EXT_get(
|
|
|
665
672
|
const X509_EXTENSION *ext);
|
|
666
673
|
OPENSSL_EXPORT const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
|
|
667
674
|
OPENSSL_EXPORT int X509V3_add_standard_extensions(void);
|
|
668
|
-
OPENSSL_EXPORT STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line);
|
|
669
675
|
|
|
670
676
|
// X509V3_EXT_d2i decodes |ext| and returns a pointer to a newly-allocated
|
|
671
677
|
// structure, with type dependent on the type of the extension. It returns NULL
|
|
@@ -796,12 +802,13 @@ OPENSSL_EXPORT int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid,
|
|
|
796
802
|
// hexdump.
|
|
797
803
|
#define X509V3_EXT_DUMP_UNKNOWN (3L << 16)
|
|
798
804
|
|
|
799
|
-
OPENSSL_EXPORT void X509V3_EXT_val_prn(BIO *out,
|
|
805
|
+
OPENSSL_EXPORT void X509V3_EXT_val_prn(BIO *out,
|
|
806
|
+
const STACK_OF(CONF_VALUE) *val,
|
|
800
807
|
int indent, int ml);
|
|
801
|
-
OPENSSL_EXPORT int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext,
|
|
808
|
+
OPENSSL_EXPORT int X509V3_EXT_print(BIO *out, const X509_EXTENSION *ext,
|
|
802
809
|
unsigned long flag, int indent);
|
|
803
|
-
OPENSSL_EXPORT int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext,
|
|
804
|
-
int indent);
|
|
810
|
+
OPENSSL_EXPORT int X509V3_EXT_print_fp(FILE *out, const X509_EXTENSION *ext,
|
|
811
|
+
int flag, int indent);
|
|
805
812
|
|
|
806
813
|
// X509V3_extensions_print prints |title|, followed by a human-readable
|
|
807
814
|
// representation of |exts| to |out|. It returns one on success and zero on
|
|
@@ -814,7 +821,7 @@ OPENSSL_EXPORT int X509V3_extensions_print(BIO *out, const char *title,
|
|
|
814
821
|
|
|
815
822
|
OPENSSL_EXPORT int X509_check_ca(X509 *x);
|
|
816
823
|
OPENSSL_EXPORT int X509_check_purpose(X509 *x, int id, int ca);
|
|
817
|
-
OPENSSL_EXPORT int X509_supported_extension(X509_EXTENSION *ex);
|
|
824
|
+
OPENSSL_EXPORT int X509_supported_extension(const X509_EXTENSION *ex);
|
|
818
825
|
OPENSSL_EXPORT int X509_PURPOSE_set(int *p, int purpose);
|
|
819
826
|
OPENSSL_EXPORT int X509_check_issued(X509 *issuer, X509 *subject);
|
|
820
827
|
OPENSSL_EXPORT int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid);
|
|
@@ -889,19 +896,16 @@ OPENSSL_EXPORT STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x);
|
|
|
889
896
|
#define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT 0
|
|
890
897
|
// Disable wildcard matching for dnsName fields and common name.
|
|
891
898
|
#define X509_CHECK_FLAG_NO_WILDCARDS 0x2
|
|
892
|
-
//
|
|
893
|
-
|
|
894
|
-
//
|
|
895
|
-
#define
|
|
896
|
-
//
|
|
897
|
-
#define
|
|
899
|
+
// X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS does nothing, but is necessary in
|
|
900
|
+
// OpenSSL to enable standard wildcard matching. In BoringSSL, this behavior is
|
|
901
|
+
// always enabled.
|
|
902
|
+
#define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS 0
|
|
903
|
+
// Deprecated: this flag does nothing
|
|
904
|
+
#define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS 0
|
|
905
|
+
// Deprecated: this flag does nothing
|
|
906
|
+
#define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS 0
|
|
898
907
|
// Skip the subject common name fallback if subjectAltNames is missing.
|
|
899
908
|
#define X509_CHECK_FLAG_NEVER_CHECK_SUBJECT 0x20
|
|
900
|
-
//
|
|
901
|
-
// Match reference identifiers starting with "." to any sub-domain.
|
|
902
|
-
// This is a non-public flag, turned on implicitly when the subject
|
|
903
|
-
// reference identity is a DNS name.
|
|
904
|
-
#define _X509_CHECK_FLAG_DOT_SUBDOMAINS 0x8000
|
|
905
909
|
|
|
906
910
|
OPENSSL_EXPORT int X509_check_host(X509 *x, const char *chk, size_t chklen,
|
|
907
911
|
unsigned int flags, char **peername);
|
|
@@ -914,13 +918,6 @@ OPENSSL_EXPORT int X509_check_ip_asc(X509 *x, const char *ipasc,
|
|
|
914
918
|
|
|
915
919
|
OPENSSL_EXPORT ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc);
|
|
916
920
|
OPENSSL_EXPORT ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc);
|
|
917
|
-
OPENSSL_EXPORT int X509V3_NAME_from_section(X509_NAME *nm,
|
|
918
|
-
STACK_OF(CONF_VALUE) *dn_sk,
|
|
919
|
-
unsigned long chtype);
|
|
920
|
-
|
|
921
|
-
OPENSSL_EXPORT void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node,
|
|
922
|
-
int indent);
|
|
923
|
-
DEFINE_STACK_OF(X509_POLICY_NODE)
|
|
924
921
|
|
|
925
922
|
// BEGIN ERROR CODES
|
|
926
923
|
// The following lines are auto generated by the script mkerr.pl. Any changes
|
|
@@ -1017,4 +1014,4 @@ BSSL_NAMESPACE_END
|
|
|
1017
1014
|
#define X509V3_R_INVALID_VALUE 163
|
|
1018
1015
|
#define X509V3_R_TRAILING_DATA_IN_EXTENSION 164
|
|
1019
1016
|
|
|
1020
|
-
#endif
|
|
1017
|
+
#endif // OPENSSL_HEADER_X509V3_H
|
|
@@ -109,7 +109,7 @@ static long ssl_ctrl(BIO *bio, int cmd, long num, void *ptr) {
|
|
|
109
109
|
// |bio->next_bio| with |ssl|'s rbio here, and on |BIO_CTRL_PUSH|. We call
|
|
110
110
|
// into the corresponding |BIO| directly. (We can implement the upstream
|
|
111
111
|
// behavior if it ends up necessary.)
|
|
112
|
-
bio->shutdown = num;
|
|
112
|
+
bio->shutdown = static_cast<int>(num);
|
|
113
113
|
bio->ptr = ptr;
|
|
114
114
|
bio->init = 1;
|
|
115
115
|
return 1;
|
|
@@ -118,7 +118,7 @@ static long ssl_ctrl(BIO *bio, int cmd, long num, void *ptr) {
|
|
|
118
118
|
return bio->shutdown;
|
|
119
119
|
|
|
120
120
|
case BIO_CTRL_SET_CLOSE:
|
|
121
|
-
bio->shutdown = num;
|
|
121
|
+
bio->shutdown = static_cast<int>(num);
|
|
122
122
|
return 1;
|
|
123
123
|
|
|
124
124
|
case BIO_CTRL_WPENDING:
|
|
@@ -163,7 +163,6 @@ static UniquePtr<hm_fragment> dtls1_hm_fragment_new(
|
|
|
163
163
|
frag->data =
|
|
164
164
|
(uint8_t *)OPENSSL_malloc(DTLS1_HM_HEADER_LENGTH + msg_hdr->msg_len);
|
|
165
165
|
if (frag->data == NULL) {
|
|
166
|
-
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
|
|
167
166
|
return nullptr;
|
|
168
167
|
}
|
|
169
168
|
|
|
@@ -174,7 +173,6 @@ static UniquePtr<hm_fragment> dtls1_hm_fragment_new(
|
|
|
174
173
|
!CBB_add_u24(cbb.get(), 0 /* frag_off */) ||
|
|
175
174
|
!CBB_add_u24(cbb.get(), msg_hdr->msg_len) ||
|
|
176
175
|
!CBB_finish(cbb.get(), NULL, NULL)) {
|
|
177
|
-
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
|
|
178
176
|
return nullptr;
|
|
179
177
|
}
|
|
180
178
|
|
|
@@ -188,7 +186,6 @@ static UniquePtr<hm_fragment> dtls1_hm_fragment_new(
|
|
|
188
186
|
size_t bitmask_len = (msg_hdr->msg_len + 7) / 8;
|
|
189
187
|
frag->reassembly = (uint8_t *)OPENSSL_malloc(bitmask_len);
|
|
190
188
|
if (frag->reassembly == NULL) {
|
|
191
|
-
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
|
|
192
189
|
return nullptr;
|
|
193
190
|
}
|
|
194
191
|
OPENSSL_memset(frag->reassembly, 0, bitmask_len);
|
|
@@ -487,10 +484,7 @@ ssl_open_record_t dtls1_open_change_cipher_spec(SSL *ssl, size_t *out_consumed,
|
|
|
487
484
|
|
|
488
485
|
// Sending handshake messages.
|
|
489
486
|
|
|
490
|
-
void DTLS_OUTGOING_MESSAGE::Clear() {
|
|
491
|
-
OPENSSL_free(data);
|
|
492
|
-
data = nullptr;
|
|
493
|
-
}
|
|
487
|
+
void DTLS_OUTGOING_MESSAGE::Clear() { data.Reset(); }
|
|
494
488
|
|
|
495
489
|
void dtls_clear_outgoing_messages(SSL *ssl) {
|
|
496
490
|
for (size_t i = 0; i < ssl->d1->outgoing_messages_len; i++) {
|
|
@@ -578,9 +572,7 @@ static bool add_outgoing(SSL *ssl, bool is_ccs, Array<uint8_t> data) {
|
|
|
578
572
|
|
|
579
573
|
DTLS_OUTGOING_MESSAGE *msg =
|
|
580
574
|
&ssl->d1->outgoing_messages[ssl->d1->outgoing_messages_len];
|
|
581
|
-
|
|
582
|
-
data.Release(&msg->data, &len);
|
|
583
|
-
msg->len = len;
|
|
575
|
+
msg->data = std::move(data);
|
|
584
576
|
msg->epoch = ssl->d1->w_epoch;
|
|
585
577
|
msg->is_ccs = is_ccs;
|
|
586
578
|
|
|
@@ -665,7 +657,7 @@ static enum seal_result_t seal_next_message(SSL *ssl, uint8_t *out,
|
|
|
665
657
|
// DTLS messages are serialized as a single fragment in |msg|.
|
|
666
658
|
CBS cbs, body;
|
|
667
659
|
struct hm_header_st hdr;
|
|
668
|
-
CBS_init(&cbs, msg->data, msg->
|
|
660
|
+
CBS_init(&cbs, msg->data.data(), msg->data.size());
|
|
669
661
|
if (!dtls1_parse_fragment(&cbs, &hdr, &body) ||
|
|
670
662
|
hdr.frag_off != 0 ||
|
|
671
663
|
hdr.frag_len != CBS_len(&body) ||
|
|
@@ -687,6 +679,7 @@ static enum seal_result_t seal_next_message(SSL *ssl, uint8_t *out,
|
|
|
687
679
|
|
|
688
680
|
// Assemble a fragment, to be sealed in-place.
|
|
689
681
|
ScopedCBB cbb;
|
|
682
|
+
CBB child;
|
|
690
683
|
uint8_t *frag = out + prefix;
|
|
691
684
|
size_t max_frag = max_out - prefix, frag_len;
|
|
692
685
|
if (!CBB_init_fixed(cbb.get(), frag, max_frag) ||
|
|
@@ -694,8 +687,8 @@ static enum seal_result_t seal_next_message(SSL *ssl, uint8_t *out,
|
|
|
694
687
|
!CBB_add_u24(cbb.get(), hdr.msg_len) ||
|
|
695
688
|
!CBB_add_u16(cbb.get(), hdr.seq) ||
|
|
696
689
|
!CBB_add_u24(cbb.get(), ssl->d1->outgoing_offset) ||
|
|
697
|
-
!
|
|
698
|
-
!CBB_add_bytes(
|
|
690
|
+
!CBB_add_u24_length_prefixed(cbb.get(), &child) ||
|
|
691
|
+
!CBB_add_bytes(&child, CBS_data(&body), todo) ||
|
|
699
692
|
!CBB_finish(cbb.get(), NULL, &frag_len)) {
|
|
700
693
|
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
|
701
694
|
return seal_error;
|