|
[-]
[+]
|
Changed |
nginx.spec
|
|
|
|
[-]
[+]
|
Deleted |
1.10.33.6.tar.gz/include/third_party/boringssl/src/crypto/dsa
^
|
| -(directory)
|
|
[-]
[+]
|
Deleted |
1.10.33.6.tar.gz/include/third_party/boringssl/src/crypto/dsa/internal.h
^
|
| @@ -1,78 +0,0 @@
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- *
- * The DSS routines are based on patches supplied by
- * Steven Schoch <schoch@sheba.arc.nasa.gov>. */
-
-#ifndef OPENSSL_HEADER_DSA_INTERNAL_H
-#define OPENSSL_HEADER_DSA_INTERNAL_H
-
-#include <openssl/base.h>
-
-#include <openssl/bn.h>
-#include <openssl/ex_data.h>
-
-#if defined(__cplusplus)
-extern "C" {
-#endif
-
-
-
-#if defined(__cplusplus)
-} /* extern C */
-#endif
-
-#endif /* OPENSSL_HEADER_DSA_INTERNAL_H */
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/net/instaweb/rewriter/public/device_properties.h
^
|
| @@ -82,12 +82,13 @@
static const int kLargeScreenWidthThreshold = 1500;
bool ForbidWebpInlining() const;
+ bool RequestsSaveData() const;
+ bool HasViaHeader() const;
+
private:
friend class ImageRewriteTest;
friend class RequestProperties;
- bool PossiblyMasqueradingAsChrome() const;
-
GoogleString user_agent_;
GoogleString accept_header_;
UserAgentMatcher* ua_matcher_;
@@ -96,6 +97,7 @@
mutable LazyBool supports_image_inlining_;
mutable LazyBool supports_js_defer_;
mutable LazyBool supports_lazyload_images_;
+ mutable LazyBool requests_save_data_;
mutable LazyBool accepts_webp_;
mutable LazyBool accepts_gzip_;
mutable LazyBool supports_webp_rewritten_urls_;
@@ -110,6 +112,7 @@
// Used to lazily set device_type_.
mutable LazyBool device_type_set_;
mutable UserAgentMatcher::DeviceType device_type_;
+ mutable LazyBool has_via_header_;
DISALLOW_COPY_AND_ASSIGN(DeviceProperties);
};
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/net/instaweb/rewriter/public/image.h
^
|
| @@ -180,15 +180,6 @@
return image_type_;
}
- // If we had arbitrary license to convert to any webp format, what's the
- // minimal webp library support that would be required for this image?
- ResourceContext::LibWebpLevel MinimalWebpSupport() {
- if (!rewrite_attempted_) {
- ComputeOutputContents();
- }
- return minimal_webp_support_;
- }
-
// Changes the size of the image to the given width and height. This will run
// image processing on the image, and return false if the image processing
// fails. Otherwise the image contents and type can change.
@@ -250,7 +241,6 @@
GoogleString output_contents_; // Lazily filled.
bool output_valid_; // Indicates output_contents_ now correct.
bool rewrite_attempted_; // Indicates if we tried rewriting for this.
- ResourceContext::LibWebpLevel minimal_webp_support_;
private:
friend class ImageTestingPeer;
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/net/instaweb/rewriter/public/image_rewrite_filter.h
^
|
| @@ -199,8 +199,7 @@
// Allocate and initialize CompressionOptions object based on RewriteOptions
// and ResourceContext.
Image::CompressionOptions* ImageOptionsForLoadedResource(
- const ResourceContext& context, const ResourcePtr& input_resource,
- bool is_css);
+ const ResourceContext& context, const ResourcePtr& input_resource);
virtual const RewriteOptions::Filter* RelatedFilters(int* num_filters) const;
virtual const StringPieceVector* RelatedOptions() const {
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/net/instaweb/rewriter/public/image_url_encoder.h
^
|
| @@ -119,6 +119,12 @@
return (dims.has_width() || dims.has_height());
}
+ static bool AllowVaryOnUserAgent(const RewriteOptions& options,
+ const RequestProperties& request_properties);
+
+ static bool AllowVaryOnAccept(const RewriteOptions& options,
+ const RequestProperties& request_properties);
+
private:
DISALLOW_COPY_AND_ASSIGN(ImageUrlEncoder);
};
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/net/instaweb/rewriter/public/insert_ga_filter.h
^
|
| @@ -42,7 +42,8 @@
extern const char kAnalyticsJsIncreaseSiteSpeedTracking[];
extern const char kAnalyticsJsIncreaseSiteSpeedTrackingMinimal[];
extern const char kContentExperimentsJsClientUrl[];
-extern const char kContentExperimentsSetChosenVariantSnippet[];
+extern const char kContentExperimentsNonNumericVariantComment[];
+extern const char kContentExperimentsSetChosenVariationSnippet[];
extern const char kContentExperimentsSetExpAndVariantSnippet[];
extern const char kGASpeedTracking[];
@@ -112,9 +113,9 @@
// snippet depends in part on whether we've already seen a ga.js library load.
AnalyticsStatus FindSnippetInScript(const GoogleString& s);
- // Determine the snippet of JS we need to log a content experiment to
- // analytics.js.
- GoogleString AnalyticsJsExperimentSnippet();
+ // Determine the snippet of JS we need to log a content experiment.
+ GoogleString AnalyticsJsExperimentSnippet() const;
+ GoogleString GaJsExperimentSnippet() const;
// Note: logs a warning if we're running with analytics.js and have asked it
// to log to a custom variable (which isn't possible).
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/net/instaweb/rewriter/public/request_properties.h
^
|
| @@ -68,6 +68,8 @@
bool AcceptsGzip() const;
void LogDeviceInfo(AbstractLogRecord* log_record,
bool enable_aggressive_rewriters_for_mobile);
+ bool RequestsSaveData() const;
+ bool HasViaHeader() const;
private:
friend class ImageRewriteTest;
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/net/instaweb/rewriter/public/rewrite_driver.h
^
|
| @@ -514,6 +514,15 @@
void InfoAt(const RewriteContext* context,
const char* msg, ...) INSTAWEB_PRINTF_FORMAT(3, 4);
+ // Constructs name and URL for the specified input resource and encoder.
+ bool GenerateOutputResourceNameAndUrl(
+ const UrlSegmentEncoder* encoder,
+ const ResourceContext* data,
+ const ResourcePtr& input_resource,
+ GoogleString* name,
+ GoogleUrl* mapped_gurl,
+ GoogleString* failure_reason);
+
// Creates a reference-counted pointer to a new OutputResource object.
//
// The content type is taken from the input_resource, but can be modified
@@ -526,7 +535,7 @@
// TODO(jmaessen, jmarantz): Do we want to permit NULL input_resources here?
// jmarantz has evinced a distaste.
OutputResourcePtr CreateOutputResourceFromResource(
- const StringPiece& filter_id,
+ const char* filter_id,
const UrlSegmentEncoder* encoder,
const ResourceContext* data,
const ResourcePtr& input_resource,
@@ -1235,7 +1244,7 @@
bool Decode(StringPiece leaf, ResourceNamer* resource_namer) const;
protected:
- virtual void DetermineEnabledFiltersImpl();
+ virtual void DetermineFiltersBehaviorImpl();
private:
friend class DistributedRewriteContextTest;
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/net/instaweb/rewriter/public/rewrite_filter.h
^
|
| @@ -20,20 +20,18 @@
#define NET_INSTAWEB_REWRITER_PUBLIC_REWRITE_FILTER_H_
#include "net/instaweb/rewriter/public/common_filter.h"
+#include "net/instaweb/rewriter/public/resource.h"
#include "net/instaweb/rewriter/public/resource_slot.h"
+#include "net/instaweb/rewriter/public/rewrite_context.h"
+#include "net/instaweb/rewriter/public/rewrite_driver.h"
#include "net/instaweb/rewriter/public/rewrite_options.h"
#include "pagespeed/kernel/base/basictypes.h"
#include "pagespeed/kernel/base/string.h"
#include "pagespeed/kernel/base/string_util.h"
+#include "pagespeed/kernel/util/url_segment_encoder.h"
namespace net_instaweb {
-class Resource;
-class ResourceContext;
-class RewriteContext;
-class RewriteDriver;
-class UrlSegmentEncoder;
-
class RewriteFilter : public CommonFilter {
public:
explicit RewriteFilter(RewriteDriver* driver)
@@ -49,6 +47,11 @@
// UsePropertyCacheDomCohort to return true.
virtual void DetermineEnabled(GoogleString* disabled_reason);
+ // Returns whether this filter can modify urls. Because most filters do
+ // modify urls this defaults returning true, and filters that commit to never
+ // modifying urls should override it to return false.
+ virtual bool CanModifyUrls() { return true; }
+
// All RewriteFilters define how they encode URLs and other
// associated information needed for a rewrite into a URL.
// The default implementation handles a single URL with
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/net/instaweb/rewriter/public/rewrite_options.h
^
|
| @@ -222,6 +222,7 @@
static const char kAddOptionsToUrls[];
static const char kAllowLoggingUrlsInLogRecord[];
static const char kAllowOptionsToBeSetByCookies[];
+ static const char kAllowVaryOn[];
static const char kAlwaysMobilize[];
static const char kAlwaysRewriteCss[];
static const char kAnalyticsID[];
@@ -285,6 +286,7 @@
// kImageJpeg*Quality might be renamed to kImageJpegQuality.
static const char kImageJpegNumProgressiveScans[];
static const char kImageJpegNumProgressiveScansForSmallScreens[];
+ static const char kImageJpegQualityForSaveData[];
static const char kImageJpegRecompressionQuality[];
static const char kImageJpegRecompressionQualityForSmallScreens[];
static const char kImageLimitOptimizedPercent[];
@@ -294,6 +296,7 @@
static const char kImagePreserveURLs[];
static const char kImageRecompressionQuality[];
static const char kImageResolutionLimitBytes[];
+ static const char kImageWebpQualityForSaveData[];
static const char kImageWebpRecompressionQuality[];
static const char kImageWebpRecompressionQualityForSmallScreens[];
static const char kImageWebpAnimatedRecompressionQuality[];
@@ -361,6 +364,7 @@
static const char kObliviousPagespeedUrls[];
static const char kOptionCookiesDurationMs[];
static const char kOverrideCachingTtlMs[];
+ static const char kPreserveSubresourceHints[];
static const char kPreserveUrlRelativity[];
static const char kPrivateNotVaryForIE[];
static const char kProactiveResourceFreshening[];
@@ -504,6 +508,98 @@
class ResponsiveDensities : public std::vector<double> {
};
+ class AllowVaryOn {
+ public:
+ // Strings for display.
+ static const char kNoneString[];
+ static const char kAutoString[];
+
+ AllowVaryOn() :
+ allow_auto_(false),
+ allow_accept_(false),
+ allow_save_data_(false),
+ allow_user_agent_(false) {
+ }
+
+ GoogleString ToString() const;
+
+ bool allow_auto() const {
+ return allow_auto_;
+ }
+ void set_allow_auto(bool v) {
+ allow_auto_ = v;
+ }
+ bool allow_accept() const {
+ return allow_accept_;
+ }
+ void set_allow_accept(bool v) {
+ allow_accept_ = v;
+ }
+ bool allow_save_data() const {
+ return allow_save_data_ || allow_auto_;
+ }
+ void set_allow_save_data(bool v) {
+ allow_save_data_ = v;
+ }
+ bool allow_user_agent() const {
+ return allow_user_agent_;
+ }
+ void set_allow_user_agent(bool v) {
+ allow_user_agent_ = v;
+ }
+
+ private:
+ // All of the properties must be included in
+ // RewriteOptions::OptionSignature.
+ bool allow_auto_;
+ bool allow_accept_;
+ bool allow_save_data_;
+ bool allow_user_agent_;
+ };
+
+ bool AllowVaryOnAuto() const {
+ return allow_vary_on_.value().allow_auto();
+ }
+ bool AllowVaryOnAccept() const {
+ return allow_vary_on_.value().allow_accept();
+ }
+ bool AllowVaryOnSaveData() const {
+ return allow_vary_on_.value().allow_save_data();
+ }
+ bool AllowVaryOnUserAgent() const {
+ return allow_vary_on_.value().allow_user_agent();
+ }
+ GoogleString AllowVaryOnToString() const {
+ return ToString(allow_vary_on_.value());
+ }
+
+ // Returns true if PageSpeed responds differently for image requests with
+ // Save-Data header, i.e., using a unique quality and adding
+ // "Vary: Save-Data" header.
+ bool SupportSaveData() const {
+ return (HasValidSaveDataQualities() && AllowVaryOnSaveData());
+ }
+
+ void set_allow_vary_on(const AllowVaryOn& x) {
+ set_option(x, &allow_vary_on_);
+ }
+
+ // Image qualities and parameters, after applying the inheritance rules.
+ int64 ImageJpegQuality() const;
+ int64 ImageJpegQualityForSmallScreen() const;
+ int64 ImageJpegQualityForSaveData() const;
+ int64 ImageWebpQuality() const;
+ int64 ImageWebpQualityForSmallScreen() const;
+ int64 ImageWebpQualityForSaveData() const;
+ int64 ImageWebpAnimatedQuality() const;
+ int64 ImageJpegNumProgressiveScansForSmallScreen() const;
+ // Returns true if any quality for small screen is valid and different from
+ // the base quality.
+ bool HasValidSmallScreenQualities() const;
+ // Returns true if any quality for Save-Data is valid and different from the
+ // base quality.
+ bool HasValidSaveDataQualities() const;
+
// This version index serves as global signature key. Much of the
// data emitted in signatures is based on the option ordering, which
// can change as we add new options. So every time there is a
@@ -669,6 +765,7 @@
kOptionValueInvalid
};
+ static const char kDefaultAllowVaryOn[];
static const int kDefaultBeaconReinstrumentTimeSec;
static const int64 kDefaultBlinkMaxHtmlSizeRewritable;
static const int64 kDefaultCssFlattenMaxBytes;
@@ -697,6 +794,7 @@
static const int64 kDefaultPrioritizeVisibleContentCacheTimeMs;
static const char kDefaultBeaconUrl[];
static const int64 kDefaultImageRecompressQuality;
+ static const int64 kDefaultImageJpegQualityForSaveData;
static const int64 kDefaultImageJpegRecompressQuality;
static const int64 kDefaultImageJpegRecompressQualityForSmallScreens;
static const int kDefaultImageLimitOptimizedPercent;
@@ -704,6 +802,7 @@
static const int kDefaultImageLimitResizeAreaPercent;
static const int64 kDefaultImageResolutionLimitBytes;
static const int64 kDefaultImageJpegNumProgressiveScans;
+ static const int64 kDefaultImageWebpQualityForSaveData;
static const int64 kDefaultImageWebpRecompressQuality;
static const int64 kDefaultImageWebpAnimatedRecompressQuality;
static const int64 kDefaultImageWebpRecompressQualityForSmallScreens;
@@ -1371,6 +1470,8 @@
ResponsiveDensities* value);
static bool ParseFromString(StringPiece value_string,
protobuf::MessageLite* proto);
+ static bool ParseFromString(StringPiece value_string,
+ AllowVaryOn* allow_vary_on);
// TODO(jmarantz): consider setting flags in the set_ methods so that
// first's explicit settings can override default values from second.
@@ -1527,6 +1628,14 @@
set_option(x, &blink_blacklist_end_timestamp_ms_);
}
+ bool preserve_subresource_hints() const {
+ return preserve_subresource_hints_.value();
+ }
+ void set_preserve_subresource_hints(bool x) {
+ set_option(x, &preserve_subresource_hints_);
+ }
+
+
bool preserve_url_relativity() const {
return preserve_url_relativity_.value();
}
@@ -2128,20 +2237,18 @@
// Return false in a subclass if you want to disallow all URL trimming in CSS.
virtual bool trim_urls_in_css() const { return true; }
- int64 image_jpeg_recompress_quality() const {
- return image_jpeg_recompress_quality_.value();
- }
void set_image_jpeg_recompress_quality(int64 x) {
set_option(x, &image_jpeg_recompress_quality_);
}
- int64 image_jpeg_recompress_quality_for_small_screens() const {
- return image_jpeg_recompress_quality_for_small_screens_.value();
- }
void set_image_jpeg_recompress_quality_for_small_screens(int64 x) {
set_option(x, &image_jpeg_recompress_quality_for_small_screens_);
}
+ void set_image_jpeg_quality_for_save_data(int64 x) {
+ set_option(x, &image_jpeg_quality_for_save_data_);
+ }
+
int64 image_recompress_quality() const {
return image_recompress_quality_.value();
}
@@ -2176,34 +2283,26 @@
set_option(x, &image_jpeg_num_progressive_scans_);
}
- int64 image_jpeg_num_progressive_scans_for_small_screens() const {
- return image_jpeg_num_progressive_scans_for_small_screens_.value();
- }
void set_image_jpeg_num_progressive_scans_for_small_screens(int64 x) {
set_option(x, &image_jpeg_num_progressive_scans_for_small_screens_);
}
- int64 image_webp_recompress_quality() const {
- return image_webp_recompress_quality_.value();
- }
void set_image_webp_recompress_quality(int64 x) {
set_option(x, &image_webp_recompress_quality_);
}
- int64 image_webp_recompress_quality_for_small_screens() const {
- return image_webp_recompress_quality_for_small_screens_.value();
- }
void set_image_webp_recompress_quality_for_small_screens(int64 x) {
set_option(x, &image_webp_recompress_quality_for_small_screens_);
}
- int64 image_webp_animated_recompress_quality() const {
- return image_webp_animated_recompress_quality_.value();
- }
void set_image_webp_animated_recompress_quality(int64 x) {
set_option(x, &image_webp_animated_recompress_quality_);
}
+ void set_image_webp_quality_for_save_data(int64 x) {
+ set_option(x, &image_webp_quality_for_save_data_);
+ }
+
int64 image_webp_timeout_ms() const {
return image_webp_timeout_ms_.value();
}
@@ -3584,6 +3683,8 @@
const Hasher* hasher);
static GoogleString OptionSignature(const ResponsiveDensities& densities,
const Hasher* hasher);
+ static GoogleString OptionSignature(const AllowVaryOn& allow_vary_on,
+ const Hasher* hasher);
static GoogleString OptionSignature(
const protobuf::MessageLite& proto,
const Hasher* hasher);
@@ -3609,6 +3710,7 @@
static GoogleString ToString(const Color& color);
static GoogleString ToString(const ResponsiveDensities& densities);
static GoogleString ToString(const protobuf::MessageLite& proto);
+ static GoogleString ToString(const AllowVaryOn& allow_vary_on);
// Returns true if p1's option_name is less than p2's. Used to order
// all_properties_ and all_options_.
@@ -3748,6 +3850,7 @@
// Options related to jpeg compression.
Option<int64> image_jpeg_recompress_quality_;
Option<int64> image_jpeg_recompress_quality_for_small_screens_;
+ Option<int64> image_jpeg_quality_for_save_data_;
Option<int64> image_jpeg_num_progressive_scans_;
Option<int64> image_jpeg_num_progressive_scans_for_small_screens_;
@@ -3760,6 +3863,7 @@
Option<int64> image_webp_recompress_quality_;
Option<int64> image_webp_recompress_quality_for_small_screens_;
Option<int64> image_webp_animated_recompress_quality_;
+ Option<int64> image_webp_quality_for_save_data_;
Option<int64> image_webp_timeout_ms_;
Option<int> image_max_rewrites_at_once_;
@@ -4039,6 +4143,9 @@
// The timestamp when blink blacklist expires.
Option<int64> blink_blacklist_end_timestamp_ms_;
+ // Keep the original subresource hints
+ Option<bool> preserve_subresource_hints_;
+
// Keep rewritten URLs as relative as the original resource URL was.
// TODO(sligocki): Remove this option once we know it's always safe.
Option<bool> preserve_url_relativity_;
@@ -4251,6 +4358,9 @@
Option<int64> noop_;
+ // Comma separated list of headers which we can vary-on, or "Auto", or "None".
+ Option<AllowVaryOn> allow_vary_on_;
+
CopyOnWrite<JavascriptLibraryIdentification>
javascript_library_identification_;
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/net/instaweb/rewriter/public/rewrite_test_base.h
^
|
| @@ -57,6 +57,7 @@
#include "pagespeed/kernel/html/html_parse_test_base.h"
#include "pagespeed/kernel/html/html_writer_filter.h"
#include "pagespeed/kernel/http/content_type.h"
+#include "pagespeed/kernel/http/http_names.h"
#include "pagespeed/kernel/http/request_headers.h"
#include "pagespeed/kernel/http/response_headers.h"
#include "pagespeed/kernel/http/user_agent_matcher.h"
@@ -429,6 +430,10 @@
const StringPiece& rewritten_name,
const StringPiece& rewritten_content);
+ // Check that when we have a cache miss for a pagespeed resource we set
+ // headers to reduce the chance of it being interpreted as html.
+ void ValidateFallbackHeaderSanitization(StringPiece filter_id);
+
TestRewriteDriverFactory* factory() { return factory_.get(); }
TestRewriteDriverFactory* other_factory() { return other_factory_.get(); }
@@ -769,13 +774,29 @@
current_user_agent_ = user_agent;
}
+ // Sets up user-agent and request-header to allow webp processing.
+ void SetupForWebp() {
+ SetCurrentUserAgent("webp");
+ AddRequestAttribute(HttpAttributes::kAccept, "image/webp");
+ }
+
+ void SetupForWebpLossless() {
+ SetCurrentUserAgent("webp-la");
+ AddRequestAttribute(HttpAttributes::kAccept, "image/webp");
+ }
+
+ void SetupForWebpAnimated() {
+ SetCurrentUserAgent("webp-animated");
+ AddRequestAttribute(HttpAttributes::kAccept, "image/webp");
+ }
+
// Adds an attribute to be populated later into a RequestHeaders* object,
// along with the user-agent. Note that these attributes stay in the
// test-class until ClearRewriteDriver is called.
void AddRequestAttribute(StringPiece name, StringPiece value);
// Populates a RequestHeaders* object with al
- void PopulateRequestHeaders(RequestHeaders* requset_headers);
+ void PopulateRequestHeaders(RequestHeaders* request_headers);
// Override HtmlParseTestBaseNoAlloc::ParseUrl to populate the
// request-headers into rewrite_driver_ before running filters.
@@ -826,6 +847,10 @@
uint64 expected_nonce_;
GoogleString debug_message_; // Message used by DebugMessage
+
+ private:
+ void ValidateFallbackHeaderSanitizationHelper(
+ StringPiece filter_id, StringPiece origin_content_type, bool expect_load);
};
} // namespace net_instaweb
|
|
[-]
[+]
|
Added |
1.11.33.2.tar.gz/include/net/instaweb/rewriter/public/strip_subresource_hints_filter.h
^
|
| @@ -0,0 +1,53 @@
+/*
+ * Copyright 2015 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+// Author: kspoelstra@we-amp.com (Kees Spoelstra)
+
+#ifndef NET_INSTAWEB_REWRITER_PUBLIC_STRIP_SUBRESOURCE_HINTS_FILTER_H_
+#define NET_INSTAWEB_REWRITER_PUBLIC_STRIP_SUBRESOURCE_HINTS_FILTER_H_
+
+#include "pagespeed/kernel/base/basictypes.h"
+#include "pagespeed/kernel/html/empty_html_filter.h"
+
+namespace net_instaweb {
+
+class HtmlElement;
+class RewriteDriver;
+
+// Removes rel=subresource links.
+class StripSubresourceHintsFilter : public EmptyHtmlFilter {
+ public:
+ explicit StripSubresourceHintsFilter(RewriteDriver* driver);
+ virtual ~StripSubresourceHintsFilter();
+
+ virtual void StartDocument();
+ virtual void StartElement(HtmlElement* element);
+ virtual void EndDocument();
+ virtual void EndElement(HtmlElement* element);
+ virtual void Flush();
+ virtual const char* Name() const { return "StripSubresourceHints"; }
+
+ private:
+ RewriteDriver* driver_;
+ HtmlElement* delete_element_;
+ bool remove_;
+
+ DISALLOW_COPY_AND_ASSIGN(StripSubresourceHintsFilter);
+};
+
+} // namespace net_instaweb
+
+#endif // NET_INSTAWEB_REWRITER_PUBLIC_STRIP_SUBRESOURCE_HINTS_FILTER_H_
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/out/Debug/obj/gen/data2c_out/instaweb/pagespeed/system/console_css_out.cc
^
|
| @@ -12,7 +12,7 @@
// See the License for the specific language governing permissions and
// limitations under the License.
-// Automatically generated from /tmp/tmp.Jlb21LLihi/mod_pagespeed/src/pagespeed/system/console.css
+// Automatically generated from /tmp/tmp.Fre8T8g56D/mod_pagespeed/src/pagespeed/system/console.css
namespace net_instaweb {
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/out/Debug/obj/gen/net/instaweb/public/version.h
^
|
| @@ -8,8 +8,8 @@
// Version Information
-#define MOD_PAGESPEED_VERSION 1,10,33,6
-#define MOD_PAGESPEED_VERSION_STRING "1.10.33.6"
+#define MOD_PAGESPEED_VERSION 1,11,33,2
+#define MOD_PAGESPEED_VERSION_STRING "1.11.33.2"
// Branding Information
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/out/Debug/obj/gen/protoc_out/instaweb/net/instaweb/rewriter/cached_result.pb.h
^
|
| @@ -415,7 +415,7 @@
inline ::std::string* release_input_content_hash();
inline void set_allocated_input_content_hash(::std::string* input_content_hash);
- // optional bool disable_further_processing = 8 [default = false];
+ // optional bool disable_further_processing = 8;
inline bool has_disable_further_processing() const;
inline void clear_disable_further_processing();
static const int kDisableFurtherProcessingFieldNumber = 8;
@@ -552,7 +552,7 @@
inline ::std::string* release_url();
inline void set_allocated_url(::std::string* url);
- // optional bool frozen = 5 [default = false];
+ // optional bool frozen = 5;
inline bool has_frozen() const;
inline void clear_frozen();
static const int kFrozenFieldNumber = 5;
@@ -658,7 +658,7 @@
inline bool url_relocatable() const;
inline void set_url_relocatable(bool value);
- // optional bool canonicalize_url = 19 [default = false];
+ // optional bool canonicalize_url = 19;
inline bool has_canonicalize_url() const;
inline void clear_canonicalize_url();
static const int kCanonicalizeUrlFieldNumber = 19;
@@ -688,12 +688,12 @@
inline const ::google::protobuf::RepeatedPtrField< ::std::string>& debug_message() const;
inline ::google::protobuf::RepeatedPtrField< ::std::string>* mutable_debug_message();
- // optional .net_instaweb.ResourceContext.LibWebpLevel minimal_webp_support = 22 [default = LIBWEBP_LOSSY_ONLY];
- inline bool has_minimal_webp_support() const;
- inline void clear_minimal_webp_support();
- static const int kMinimalWebpSupportFieldNumber = 22;
- inline ::net_instaweb::ResourceContext_LibWebpLevel minimal_webp_support() const;
- inline void set_minimal_webp_support(::net_instaweb::ResourceContext_LibWebpLevel value);
+ // optional .net_instaweb.ResourceContext.LibWebpLevel deprecated_minimal_webp_support = 22 [default = LIBWEBP_LOSSY_ONLY, deprecated = true];
+ inline bool has_deprecated_minimal_webp_support() const PROTOBUF_DEPRECATED;
+ inline void clear_deprecated_minimal_webp_support() PROTOBUF_DEPRECATED;
+ static const int kDeprecatedMinimalWebpSupportFieldNumber = 22;
+ inline ::net_instaweb::ResourceContext_LibWebpLevel deprecated_minimal_webp_support() const PROTOBUF_DEPRECATED;
+ inline void set_deprecated_minimal_webp_support(::net_instaweb::ResourceContext_LibWebpLevel value) PROTOBUF_DEPRECATED;
// repeated .net_instaweb.AssociatedImageInfo associated_image_info = 23;
inline int associated_image_info_size() const;
@@ -707,13 +707,20 @@
inline ::google::protobuf::RepeatedPtrField< ::net_instaweb::AssociatedImageInfo >*
mutable_associated_image_info();
- // optional bool is_inline_output_resource = 24 [default = false];
+ // optional bool is_inline_output_resource = 24;
inline bool has_is_inline_output_resource() const;
inline void clear_is_inline_output_resource();
static const int kIsInlineOutputResourceFieldNumber = 24;
inline bool is_inline_output_resource() const;
inline void set_is_inline_output_resource(bool value);
+ // optional int32 optimized_image_type = 25;
+ inline bool has_optimized_image_type() const;
+ inline void clear_optimized_image_type();
+ static const int kOptimizedImageTypeFieldNumber = 25;
+ inline ::google::protobuf::int32 optimized_image_type() const;
+ inline void set_optimized_image_type(::google::protobuf::int32 value);
+
// @@protoc_insertion_point(class_scope:net_instaweb.CachedResult)
private:
inline void set_has_optimizable();
@@ -744,10 +751,12 @@
inline void clear_has_canonicalize_url();
inline void set_has_size();
inline void clear_has_size();
- inline void set_has_minimal_webp_support();
- inline void clear_has_minimal_webp_support();
+ inline void set_has_deprecated_minimal_webp_support();
+ inline void clear_has_deprecated_minimal_webp_support();
inline void set_has_is_inline_output_resource();
inline void clear_has_is_inline_output_resource();
+ inline void set_has_optimized_image_type();
+ inline void clear_has_optimized_image_type();
::google::protobuf::UnknownFieldSet _unknown_fields_;
@@ -765,14 +774,15 @@
::google::protobuf::RepeatedPtrField< ::net_instaweb::InputInfo > input_;
::std::string* low_resolution_inlined_data_;
::google::protobuf::int32 low_resolution_inlined_image_type_;
- int minimal_webp_support_;
+ int deprecated_minimal_webp_support_;
::google::protobuf::int64 size_;
::google::protobuf::RepeatedPtrField< ::std::string> debug_message_;
::google::protobuf::RepeatedPtrField< ::net_instaweb::AssociatedImageInfo > associated_image_info_;
bool is_inline_output_resource_;
+ ::google::protobuf::int32 optimized_image_type_;
mutable int _cached_size_;
- ::google::protobuf::uint32 _has_bits_[(19 + 31) / 32];
+ ::google::protobuf::uint32 _has_bits_[(20 + 31) / 32];
friend void protobuf_AddDesc_net_2finstaweb_2frewriter_2fcached_5fresult_2eproto();
friend void protobuf_AssignDesc_net_2finstaweb_2frewriter_2fcached_5fresult_2eproto();
@@ -987,7 +997,7 @@
inline ::net_instaweb::ImageDim* release_desired_image_dims();
inline void set_allocated_desired_image_dims(::net_instaweb::ImageDim* desired_image_dims);
- // optional bool attempt_webp = 2 [default = false, deprecated = true];
+ // optional bool attempt_webp = 2 [deprecated = true];
inline bool has_attempt_webp() const PROTOBUF_DEPRECATED;
inline void clear_attempt_webp() PROTOBUF_DEPRECATED;
static const int kAttemptWebpFieldNumber = 2;
@@ -1001,7 +1011,7 @@
inline bool inline_images() const;
inline void set_inline_images(bool value);
- // optional bool mobile_user_agent = 4 [default = false];
+ // optional bool mobile_user_agent = 4;
inline bool has_mobile_user_agent() const;
inline void clear_mobile_user_agent();
static const int kMobileUserAgentFieldNumber = 4;
@@ -1024,12 +1034,19 @@
inline ::net_instaweb::ImageDim* release_user_agent_screen_resolution() PROTOBUF_DEPRECATED;
inline void set_allocated_user_agent_screen_resolution(::net_instaweb::ImageDim* user_agent_screen_resolution) PROTOBUF_DEPRECATED;
- // optional bool use_small_screen_quality = 7 [default = false];
- inline bool has_use_small_screen_quality() const;
- inline void clear_use_small_screen_quality();
- static const int kUseSmallScreenQualityFieldNumber = 7;
- inline bool use_small_screen_quality() const;
- inline void set_use_small_screen_quality(bool value);
+ // optional bool may_use_small_screen_quality = 7;
+ inline bool has_may_use_small_screen_quality() const;
+ inline void clear_may_use_small_screen_quality();
+ static const int kMayUseSmallScreenQualityFieldNumber = 7;
+ inline bool may_use_small_screen_quality() const;
+ inline void set_may_use_small_screen_quality(bool value);
+
+ // optional bool may_use_save_data_quality = 8;
+ inline bool has_may_use_save_data_quality() const;
+ inline void clear_may_use_save_data_quality();
+ static const int kMayUseSaveDataQualityFieldNumber = 8;
+ inline bool may_use_save_data_quality() const;
+ inline void set_may_use_save_data_quality(bool value);
// @@protoc_insertion_point(class_scope:net_instaweb.ResourceContext)
private:
@@ -1045,8 +1062,10 @@
inline void clear_has_libwebp_level();
inline void set_has_user_agent_screen_resolution();
inline void clear_has_user_agent_screen_resolution();
- inline void set_has_use_small_screen_quality();
- inline void clear_has_use_small_screen_quality();
+ inline void set_has_may_use_small_screen_quality();
+ inline void clear_has_may_use_small_screen_quality();
+ inline void set_has_may_use_save_data_quality();
+ inline void clear_has_may_use_save_data_quality();
::google::protobuf::UnknownFieldSet _unknown_fields_;
@@ -1054,12 +1073,13 @@
bool attempt_webp_;
bool inline_images_;
bool mobile_user_agent_;
- bool use_small_screen_quality_;
+ bool may_use_small_screen_quality_;
int libwebp_level_;
::net_instaweb::ImageDim* user_agent_screen_resolution_;
+ bool may_use_save_data_quality_;
mutable int _cached_size_;
- ::google::protobuf::uint32 _has_bits_[(7 + 31) / 32];
+ ::google::protobuf::uint32 _has_bits_[(8 + 31) / 32];
friend void protobuf_AddDesc_net_2finstaweb_2frewriter_2fcached_5fresult_2eproto();
friend void protobuf_AssignDesc_net_2finstaweb_2frewriter_2fcached_5fresult_2eproto();
@@ -1486,7 +1506,7 @@
}
}
-// optional bool disable_further_processing = 8 [default = false];
+// optional bool disable_further_processing = 8;
inline bool InputInfo::has_disable_further_processing() const {
return (_has_bits_[0] & 0x00000080u) != 0;
}
@@ -1674,7 +1694,7 @@
}
}
-// optional bool frozen = 5 [default = false];
+// optional bool frozen = 5;
inline bool CachedResult::has_frozen() const {
return (_has_bits_[0] & 0x00000004u) != 0;
}
@@ -2143,7 +2163,7 @@
url_relocatable_ = value;
}
-// optional bool canonicalize_url = 19 [default = false];
+// optional bool canonicalize_url = 19;
inline bool CachedResult::has_canonicalize_url() const {
return (_has_bits_[0] & 0x00002000u) != 0;
}
@@ -2231,27 +2251,27 @@
return &debug_message_;
}
-// optional .net_instaweb.ResourceContext.LibWebpLevel minimal_webp_support = 22 [default = LIBWEBP_LOSSY_ONLY];
-inline bool CachedResult::has_minimal_webp_support() const {
+// optional .net_instaweb.ResourceContext.LibWebpLevel deprecated_minimal_webp_support = 22 [default = LIBWEBP_LOSSY_ONLY, deprecated = true];
+inline bool CachedResult::has_deprecated_minimal_webp_support() const {
return (_has_bits_[0] & 0x00010000u) != 0;
}
-inline void CachedResult::set_has_minimal_webp_support() {
+inline void CachedResult::set_has_deprecated_minimal_webp_support() {
_has_bits_[0] |= 0x00010000u;
}
-inline void CachedResult::clear_has_minimal_webp_support() {
+inline void CachedResult::clear_has_deprecated_minimal_webp_support() {
_has_bits_[0] &= ~0x00010000u;
}
-inline void CachedResult::clear_minimal_webp_support() {
- minimal_webp_support_ = 1;
- clear_has_minimal_webp_support();
+inline void CachedResult::clear_deprecated_minimal_webp_support() {
+ deprecated_minimal_webp_support_ = 1;
+ clear_has_deprecated_minimal_webp_support();
}
-inline ::net_instaweb::ResourceContext_LibWebpLevel CachedResult::minimal_webp_support() const {
- return static_cast< ::net_instaweb::ResourceContext_LibWebpLevel >(minimal_webp_support_);
+inline ::net_instaweb::ResourceContext_LibWebpLevel CachedResult::deprecated_minimal_webp_support() const {
+ return static_cast< ::net_instaweb::ResourceContext_LibWebpLevel >(deprecated_minimal_webp_support_);
}
-inline void CachedResult::set_minimal_webp_support(::net_instaweb::ResourceContext_LibWebpLevel value) {
+inline void CachedResult::set_deprecated_minimal_webp_support(::net_instaweb::ResourceContext_LibWebpLevel value) {
assert(::net_instaweb::ResourceContext_LibWebpLevel_IsValid(value));
- set_has_minimal_webp_support();
- minimal_webp_support_ = value;
+ set_has_deprecated_minimal_webp_support();
+ deprecated_minimal_webp_support_ = value;
}
// repeated .net_instaweb.AssociatedImageInfo associated_image_info = 23;
@@ -2279,7 +2299,7 @@
return &associated_image_info_;
}
-// optional bool is_inline_output_resource = 24 [default = false];
+// optional bool is_inline_output_resource = 24;
inline bool CachedResult::has_is_inline_output_resource() const {
return (_has_bits_[0] & 0x00040000u) != 0;
}
@@ -2301,6 +2321,28 @@
is_inline_output_resource_ = value;
}
+// optional int32 optimized_image_type = 25;
+inline bool CachedResult::has_optimized_image_type() const {
+ return (_has_bits_[0] & 0x00080000u) != 0;
+}
+inline void CachedResult::set_has_optimized_image_type() {
+ _has_bits_[0] |= 0x00080000u;
+}
+inline void CachedResult::clear_has_optimized_image_type() {
+ _has_bits_[0] &= ~0x00080000u;
+}
+inline void CachedResult::clear_optimized_image_type() {
+ optimized_image_type_ = 0;
+ clear_has_optimized_image_type();
+}
+inline ::google::protobuf::int32 CachedResult::optimized_image_type() const {
+ return optimized_image_type_;
+}
+inline void CachedResult::set_optimized_image_type(::google::protobuf::int32 value) {
+ set_has_optimized_image_type();
+ optimized_image_type_ = value;
+}
+
// -------------------------------------------------------------------
// OutputPartitions
@@ -2441,7 +2483,7 @@
}
}
-// optional bool attempt_webp = 2 [default = false, deprecated = true];
+// optional bool attempt_webp = 2 [deprecated = true];
inline bool ResourceContext::has_attempt_webp() const {
return (_has_bits_[0] & 0x00000002u) != 0;
}
@@ -2485,7 +2527,7 @@
inline_images_ = value;
}
-// optional bool mobile_user_agent = 4 [default = false];
+// optional bool mobile_user_agent = 4;
inline bool ResourceContext::has_mobile_user_agent() const {
return (_has_bits_[0] & 0x00000008u) != 0;
}
@@ -2568,26 +2610,48 @@
}
}
-// optional bool use_small_screen_quality = 7 [default = false];
-inline bool ResourceContext::has_use_small_screen_quality() const {
+// optional bool may_use_small_screen_quality = 7;
+inline bool ResourceContext::has_may_use_small_screen_quality() const {
return (_has_bits_[0] & 0x00000040u) != 0;
}
-inline void ResourceContext::set_has_use_small_screen_quality() {
+inline void ResourceContext::set_has_may_use_small_screen_quality() {
_has_bits_[0] |= 0x00000040u;
}
-inline void ResourceContext::clear_has_use_small_screen_quality() {
+inline void ResourceContext::clear_has_may_use_small_screen_quality() {
_has_bits_[0] &= ~0x00000040u;
}
-inline void ResourceContext::clear_use_small_screen_quality() {
- use_small_screen_quality_ = false;
- clear_has_use_small_screen_quality();
-}
-inline bool ResourceContext::use_small_screen_quality() const {
- return use_small_screen_quality_;
-}
-inline void ResourceContext::set_use_small_screen_quality(bool value) {
- set_has_use_small_screen_quality();
- use_small_screen_quality_ = value;
+inline void ResourceContext::clear_may_use_small_screen_quality() {
+ may_use_small_screen_quality_ = false;
+ clear_has_may_use_small_screen_quality();
+}
+inline bool ResourceContext::may_use_small_screen_quality() const {
+ return may_use_small_screen_quality_;
+}
+inline void ResourceContext::set_may_use_small_screen_quality(bool value) {
+ set_has_may_use_small_screen_quality();
+ may_use_small_screen_quality_ = value;
+}
+
+// optional bool may_use_save_data_quality = 8;
+inline bool ResourceContext::has_may_use_save_data_quality() const {
+ return (_has_bits_[0] & 0x00000080u) != 0;
+}
+inline void ResourceContext::set_has_may_use_save_data_quality() {
+ _has_bits_[0] |= 0x00000080u;
+}
+inline void ResourceContext::clear_has_may_use_save_data_quality() {
+ _has_bits_[0] &= ~0x00000080u;
+}
+inline void ResourceContext::clear_may_use_save_data_quality() {
+ may_use_save_data_quality_ = false;
+ clear_has_may_use_save_data_quality();
+}
+inline bool ResourceContext::may_use_save_data_quality() const {
+ return may_use_save_data_quality_;
+}
+inline void ResourceContext::set_may_use_save_data_quality(bool value) {
+ set_has_may_use_save_data_quality();
+ may_use_save_data_quality_ = value;
}
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/out/Release/obj/gen/data2c_out/instaweb/pagespeed/system/console_css_out.cc
^
|
| @@ -12,7 +12,7 @@
// See the License for the specific language governing permissions and
// limitations under the License.
-// Automatically generated from /tmp/tmp.Jlb21LLihi/mod_pagespeed/src/pagespeed/system/console.css
+// Automatically generated from /tmp/tmp.Fre8T8g56D/mod_pagespeed/src/pagespeed/system/console.css
namespace net_instaweb {
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/out/Release/obj/gen/net/instaweb/public/version.h
^
|
| @@ -8,8 +8,8 @@
// Version Information
-#define MOD_PAGESPEED_VERSION 1,10,33,6
-#define MOD_PAGESPEED_VERSION_STRING "1.10.33.6"
+#define MOD_PAGESPEED_VERSION 1,11,33,2
+#define MOD_PAGESPEED_VERSION_STRING "1.11.33.2"
// Branding Information
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/out/Release/obj/gen/protoc_out/instaweb/net/instaweb/rewriter/cached_result.pb.h
^
|
| @@ -415,7 +415,7 @@
inline ::std::string* release_input_content_hash();
inline void set_allocated_input_content_hash(::std::string* input_content_hash);
- // optional bool disable_further_processing = 8 [default = false];
+ // optional bool disable_further_processing = 8;
inline bool has_disable_further_processing() const;
inline void clear_disable_further_processing();
static const int kDisableFurtherProcessingFieldNumber = 8;
@@ -552,7 +552,7 @@
inline ::std::string* release_url();
inline void set_allocated_url(::std::string* url);
- // optional bool frozen = 5 [default = false];
+ // optional bool frozen = 5;
inline bool has_frozen() const;
inline void clear_frozen();
static const int kFrozenFieldNumber = 5;
@@ -658,7 +658,7 @@
inline bool url_relocatable() const;
inline void set_url_relocatable(bool value);
- // optional bool canonicalize_url = 19 [default = false];
+ // optional bool canonicalize_url = 19;
inline bool has_canonicalize_url() const;
inline void clear_canonicalize_url();
static const int kCanonicalizeUrlFieldNumber = 19;
@@ -688,12 +688,12 @@
inline const ::google::protobuf::RepeatedPtrField< ::std::string>& debug_message() const;
inline ::google::protobuf::RepeatedPtrField< ::std::string>* mutable_debug_message();
- // optional .net_instaweb.ResourceContext.LibWebpLevel minimal_webp_support = 22 [default = LIBWEBP_LOSSY_ONLY];
- inline bool has_minimal_webp_support() const;
- inline void clear_minimal_webp_support();
- static const int kMinimalWebpSupportFieldNumber = 22;
- inline ::net_instaweb::ResourceContext_LibWebpLevel minimal_webp_support() const;
- inline void set_minimal_webp_support(::net_instaweb::ResourceContext_LibWebpLevel value);
+ // optional .net_instaweb.ResourceContext.LibWebpLevel deprecated_minimal_webp_support = 22 [default = LIBWEBP_LOSSY_ONLY, deprecated = true];
+ inline bool has_deprecated_minimal_webp_support() const PROTOBUF_DEPRECATED;
+ inline void clear_deprecated_minimal_webp_support() PROTOBUF_DEPRECATED;
+ static const int kDeprecatedMinimalWebpSupportFieldNumber = 22;
+ inline ::net_instaweb::ResourceContext_LibWebpLevel deprecated_minimal_webp_support() const PROTOBUF_DEPRECATED;
+ inline void set_deprecated_minimal_webp_support(::net_instaweb::ResourceContext_LibWebpLevel value) PROTOBUF_DEPRECATED;
// repeated .net_instaweb.AssociatedImageInfo associated_image_info = 23;
inline int associated_image_info_size() const;
@@ -707,13 +707,20 @@
inline ::google::protobuf::RepeatedPtrField< ::net_instaweb::AssociatedImageInfo >*
mutable_associated_image_info();
- // optional bool is_inline_output_resource = 24 [default = false];
+ // optional bool is_inline_output_resource = 24;
inline bool has_is_inline_output_resource() const;
inline void clear_is_inline_output_resource();
static const int kIsInlineOutputResourceFieldNumber = 24;
inline bool is_inline_output_resource() const;
inline void set_is_inline_output_resource(bool value);
+ // optional int32 optimized_image_type = 25;
+ inline bool has_optimized_image_type() const;
+ inline void clear_optimized_image_type();
+ static const int kOptimizedImageTypeFieldNumber = 25;
+ inline ::google::protobuf::int32 optimized_image_type() const;
+ inline void set_optimized_image_type(::google::protobuf::int32 value);
+
// @@protoc_insertion_point(class_scope:net_instaweb.CachedResult)
private:
inline void set_has_optimizable();
@@ -744,10 +751,12 @@
inline void clear_has_canonicalize_url();
inline void set_has_size();
inline void clear_has_size();
- inline void set_has_minimal_webp_support();
- inline void clear_has_minimal_webp_support();
+ inline void set_has_deprecated_minimal_webp_support();
+ inline void clear_has_deprecated_minimal_webp_support();
inline void set_has_is_inline_output_resource();
inline void clear_has_is_inline_output_resource();
+ inline void set_has_optimized_image_type();
+ inline void clear_has_optimized_image_type();
::google::protobuf::UnknownFieldSet _unknown_fields_;
@@ -765,14 +774,15 @@
::google::protobuf::RepeatedPtrField< ::net_instaweb::InputInfo > input_;
::std::string* low_resolution_inlined_data_;
::google::protobuf::int32 low_resolution_inlined_image_type_;
- int minimal_webp_support_;
+ int deprecated_minimal_webp_support_;
::google::protobuf::int64 size_;
::google::protobuf::RepeatedPtrField< ::std::string> debug_message_;
::google::protobuf::RepeatedPtrField< ::net_instaweb::AssociatedImageInfo > associated_image_info_;
bool is_inline_output_resource_;
+ ::google::protobuf::int32 optimized_image_type_;
mutable int _cached_size_;
- ::google::protobuf::uint32 _has_bits_[(19 + 31) / 32];
+ ::google::protobuf::uint32 _has_bits_[(20 + 31) / 32];
friend void protobuf_AddDesc_net_2finstaweb_2frewriter_2fcached_5fresult_2eproto();
friend void protobuf_AssignDesc_net_2finstaweb_2frewriter_2fcached_5fresult_2eproto();
@@ -987,7 +997,7 @@
inline ::net_instaweb::ImageDim* release_desired_image_dims();
inline void set_allocated_desired_image_dims(::net_instaweb::ImageDim* desired_image_dims);
- // optional bool attempt_webp = 2 [default = false, deprecated = true];
+ // optional bool attempt_webp = 2 [deprecated = true];
inline bool has_attempt_webp() const PROTOBUF_DEPRECATED;
inline void clear_attempt_webp() PROTOBUF_DEPRECATED;
static const int kAttemptWebpFieldNumber = 2;
@@ -1001,7 +1011,7 @@
inline bool inline_images() const;
inline void set_inline_images(bool value);
- // optional bool mobile_user_agent = 4 [default = false];
+ // optional bool mobile_user_agent = 4;
inline bool has_mobile_user_agent() const;
inline void clear_mobile_user_agent();
static const int kMobileUserAgentFieldNumber = 4;
@@ -1024,12 +1034,19 @@
inline ::net_instaweb::ImageDim* release_user_agent_screen_resolution() PROTOBUF_DEPRECATED;
inline void set_allocated_user_agent_screen_resolution(::net_instaweb::ImageDim* user_agent_screen_resolution) PROTOBUF_DEPRECATED;
- // optional bool use_small_screen_quality = 7 [default = false];
- inline bool has_use_small_screen_quality() const;
- inline void clear_use_small_screen_quality();
- static const int kUseSmallScreenQualityFieldNumber = 7;
- inline bool use_small_screen_quality() const;
- inline void set_use_small_screen_quality(bool value);
+ // optional bool may_use_small_screen_quality = 7;
+ inline bool has_may_use_small_screen_quality() const;
+ inline void clear_may_use_small_screen_quality();
+ static const int kMayUseSmallScreenQualityFieldNumber = 7;
+ inline bool may_use_small_screen_quality() const;
+ inline void set_may_use_small_screen_quality(bool value);
+
+ // optional bool may_use_save_data_quality = 8;
+ inline bool has_may_use_save_data_quality() const;
+ inline void clear_may_use_save_data_quality();
+ static const int kMayUseSaveDataQualityFieldNumber = 8;
+ inline bool may_use_save_data_quality() const;
+ inline void set_may_use_save_data_quality(bool value);
// @@protoc_insertion_point(class_scope:net_instaweb.ResourceContext)
private:
@@ -1045,8 +1062,10 @@
inline void clear_has_libwebp_level();
inline void set_has_user_agent_screen_resolution();
inline void clear_has_user_agent_screen_resolution();
- inline void set_has_use_small_screen_quality();
- inline void clear_has_use_small_screen_quality();
+ inline void set_has_may_use_small_screen_quality();
+ inline void clear_has_may_use_small_screen_quality();
+ inline void set_has_may_use_save_data_quality();
+ inline void clear_has_may_use_save_data_quality();
::google::protobuf::UnknownFieldSet _unknown_fields_;
@@ -1054,12 +1073,13 @@
bool attempt_webp_;
bool inline_images_;
bool mobile_user_agent_;
- bool use_small_screen_quality_;
+ bool may_use_small_screen_quality_;
int libwebp_level_;
::net_instaweb::ImageDim* user_agent_screen_resolution_;
+ bool may_use_save_data_quality_;
mutable int _cached_size_;
- ::google::protobuf::uint32 _has_bits_[(7 + 31) / 32];
+ ::google::protobuf::uint32 _has_bits_[(8 + 31) / 32];
friend void protobuf_AddDesc_net_2finstaweb_2frewriter_2fcached_5fresult_2eproto();
friend void protobuf_AssignDesc_net_2finstaweb_2frewriter_2fcached_5fresult_2eproto();
@@ -1486,7 +1506,7 @@
}
}
-// optional bool disable_further_processing = 8 [default = false];
+// optional bool disable_further_processing = 8;
inline bool InputInfo::has_disable_further_processing() const {
return (_has_bits_[0] & 0x00000080u) != 0;
}
@@ -1674,7 +1694,7 @@
}
}
-// optional bool frozen = 5 [default = false];
+// optional bool frozen = 5;
inline bool CachedResult::has_frozen() const {
return (_has_bits_[0] & 0x00000004u) != 0;
}
@@ -2143,7 +2163,7 @@
url_relocatable_ = value;
}
-// optional bool canonicalize_url = 19 [default = false];
+// optional bool canonicalize_url = 19;
inline bool CachedResult::has_canonicalize_url() const {
return (_has_bits_[0] & 0x00002000u) != 0;
}
@@ -2231,27 +2251,27 @@
return &debug_message_;
}
-// optional .net_instaweb.ResourceContext.LibWebpLevel minimal_webp_support = 22 [default = LIBWEBP_LOSSY_ONLY];
-inline bool CachedResult::has_minimal_webp_support() const {
+// optional .net_instaweb.ResourceContext.LibWebpLevel deprecated_minimal_webp_support = 22 [default = LIBWEBP_LOSSY_ONLY, deprecated = true];
+inline bool CachedResult::has_deprecated_minimal_webp_support() const {
return (_has_bits_[0] & 0x00010000u) != 0;
}
-inline void CachedResult::set_has_minimal_webp_support() {
+inline void CachedResult::set_has_deprecated_minimal_webp_support() {
_has_bits_[0] |= 0x00010000u;
}
-inline void CachedResult::clear_has_minimal_webp_support() {
+inline void CachedResult::clear_has_deprecated_minimal_webp_support() {
_has_bits_[0] &= ~0x00010000u;
}
-inline void CachedResult::clear_minimal_webp_support() {
- minimal_webp_support_ = 1;
- clear_has_minimal_webp_support();
+inline void CachedResult::clear_deprecated_minimal_webp_support() {
+ deprecated_minimal_webp_support_ = 1;
+ clear_has_deprecated_minimal_webp_support();
}
-inline ::net_instaweb::ResourceContext_LibWebpLevel CachedResult::minimal_webp_support() const {
- return static_cast< ::net_instaweb::ResourceContext_LibWebpLevel >(minimal_webp_support_);
+inline ::net_instaweb::ResourceContext_LibWebpLevel CachedResult::deprecated_minimal_webp_support() const {
+ return static_cast< ::net_instaweb::ResourceContext_LibWebpLevel >(deprecated_minimal_webp_support_);
}
-inline void CachedResult::set_minimal_webp_support(::net_instaweb::ResourceContext_LibWebpLevel value) {
+inline void CachedResult::set_deprecated_minimal_webp_support(::net_instaweb::ResourceContext_LibWebpLevel value) {
assert(::net_instaweb::ResourceContext_LibWebpLevel_IsValid(value));
- set_has_minimal_webp_support();
- minimal_webp_support_ = value;
+ set_has_deprecated_minimal_webp_support();
+ deprecated_minimal_webp_support_ = value;
}
// repeated .net_instaweb.AssociatedImageInfo associated_image_info = 23;
@@ -2279,7 +2299,7 @@
return &associated_image_info_;
}
-// optional bool is_inline_output_resource = 24 [default = false];
+// optional bool is_inline_output_resource = 24;
inline bool CachedResult::has_is_inline_output_resource() const {
return (_has_bits_[0] & 0x00040000u) != 0;
}
@@ -2301,6 +2321,28 @@
is_inline_output_resource_ = value;
}
+// optional int32 optimized_image_type = 25;
+inline bool CachedResult::has_optimized_image_type() const {
+ return (_has_bits_[0] & 0x00080000u) != 0;
+}
+inline void CachedResult::set_has_optimized_image_type() {
+ _has_bits_[0] |= 0x00080000u;
+}
+inline void CachedResult::clear_has_optimized_image_type() {
+ _has_bits_[0] &= ~0x00080000u;
+}
+inline void CachedResult::clear_optimized_image_type() {
+ optimized_image_type_ = 0;
+ clear_has_optimized_image_type();
+}
+inline ::google::protobuf::int32 CachedResult::optimized_image_type() const {
+ return optimized_image_type_;
+}
+inline void CachedResult::set_optimized_image_type(::google::protobuf::int32 value) {
+ set_has_optimized_image_type();
+ optimized_image_type_ = value;
+}
+
// -------------------------------------------------------------------
// OutputPartitions
@@ -2441,7 +2483,7 @@
}
}
-// optional bool attempt_webp = 2 [default = false, deprecated = true];
+// optional bool attempt_webp = 2 [deprecated = true];
inline bool ResourceContext::has_attempt_webp() const {
return (_has_bits_[0] & 0x00000002u) != 0;
}
@@ -2485,7 +2527,7 @@
inline_images_ = value;
}
-// optional bool mobile_user_agent = 4 [default = false];
+// optional bool mobile_user_agent = 4;
inline bool ResourceContext::has_mobile_user_agent() const {
return (_has_bits_[0] & 0x00000008u) != 0;
}
@@ -2568,26 +2610,48 @@
}
}
-// optional bool use_small_screen_quality = 7 [default = false];
-inline bool ResourceContext::has_use_small_screen_quality() const {
+// optional bool may_use_small_screen_quality = 7;
+inline bool ResourceContext::has_may_use_small_screen_quality() const {
return (_has_bits_[0] & 0x00000040u) != 0;
}
-inline void ResourceContext::set_has_use_small_screen_quality() {
+inline void ResourceContext::set_has_may_use_small_screen_quality() {
_has_bits_[0] |= 0x00000040u;
}
-inline void ResourceContext::clear_has_use_small_screen_quality() {
+inline void ResourceContext::clear_has_may_use_small_screen_quality() {
_has_bits_[0] &= ~0x00000040u;
}
-inline void ResourceContext::clear_use_small_screen_quality() {
- use_small_screen_quality_ = false;
- clear_has_use_small_screen_quality();
-}
-inline bool ResourceContext::use_small_screen_quality() const {
- return use_small_screen_quality_;
-}
-inline void ResourceContext::set_use_small_screen_quality(bool value) {
- set_has_use_small_screen_quality();
- use_small_screen_quality_ = value;
+inline void ResourceContext::clear_may_use_small_screen_quality() {
+ may_use_small_screen_quality_ = false;
+ clear_has_may_use_small_screen_quality();
+}
+inline bool ResourceContext::may_use_small_screen_quality() const {
+ return may_use_small_screen_quality_;
+}
+inline void ResourceContext::set_may_use_small_screen_quality(bool value) {
+ set_has_may_use_small_screen_quality();
+ may_use_small_screen_quality_ = value;
+}
+
+// optional bool may_use_save_data_quality = 8;
+inline bool ResourceContext::has_may_use_save_data_quality() const {
+ return (_has_bits_[0] & 0x00000080u) != 0;
+}
+inline void ResourceContext::set_has_may_use_save_data_quality() {
+ _has_bits_[0] |= 0x00000080u;
+}
+inline void ResourceContext::clear_has_may_use_save_data_quality() {
+ _has_bits_[0] &= ~0x00000080u;
+}
+inline void ResourceContext::clear_may_use_save_data_quality() {
+ may_use_save_data_quality_ = false;
+ clear_has_may_use_save_data_quality();
+}
+inline bool ResourceContext::may_use_save_data_quality() const {
+ return may_use_save_data_quality_;
+}
+inline void ResourceContext::set_may_use_save_data_quality(bool value) {
+ set_has_may_use_save_data_quality();
+ may_use_save_data_quality_ = value;
}
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/pagespeed/kernel/html/empty_html_filter.h
^
|
| @@ -61,6 +61,10 @@
virtual void Flush();
virtual void DetermineEnabled(GoogleString* disabled_reason);
+ // This filter and derived classes will not rewrite urls. If a derived filter
+ // wants to rewrite urls, override this function.
+ virtual bool CanModifyUrls() {return false;}
+
// Note -- this does not provide an implementation for Name(). This
// must be supplied by derived classes.
};
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/pagespeed/kernel/html/html_filter.h
^
|
| @@ -103,6 +103,10 @@
// Returns whether a filter is enabled.
bool is_enabled() const { return is_enabled_; }
+ // Invoked by the rewrite driver to query whether this filter will
+ // rewrite any urls.
+ virtual bool CanModifyUrls() = 0;
+
// The name of this filter -- used for logging and debugging.
virtual const char* Name() const = 0;
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/pagespeed/kernel/html/html_parse.h
^
|
| @@ -507,6 +507,11 @@
// Note: you cannot restore during Flush().
void RestoreDeferredNode(HtmlNode* deferred_node);
+ // Returns whether the filter pipeline can rewrite urls.
+ bool can_modify_urls() {
+ return can_modify_urls_;
+ }
+
protected:
typedef std::vector<HtmlFilter*> FilterVector;
typedef std::list<HtmlFilter*> FilterList;
@@ -530,21 +535,22 @@
virtual void ParseTextInternal(const char* content, int size);
- // Calls DetermineEnabledFiltersImpl in an idempotent way.
- void DetermineEnabledFilters() {
- if (!determine_enabled_filters_called_) {
- determine_enabled_filters_called_ = true;
- DetermineEnabledFiltersImpl();
+ // Calls DetermineFiltersBehaviorImpl in an idempotent way.
+ void DetermineFiltersBehavior() {
+ if (!determine_filter_behavior_called_) {
+ determine_filter_behavior_called_ = true;
+ can_modify_urls_ = false;
+ DetermineFiltersBehaviorImpl();
}
}
- void DetermineEnabledFiltersInList(const FilterList& list) {
+ void DetermineFilterListBehavior(const FilterList& list) {
for (FilterList::const_iterator i = list.begin(); i != list.end(); ++i) {
- CheckFilterEnabled(*i);
+ CheckFilterBehavior(*i);
}
}
- void CheckFilterEnabled(HtmlFilter* filter);
+ void CheckFilterBehavior(HtmlFilter* filter);
// Call DetermineEnabled() on each filter. Should be called after
// the property cache lookup has finished since some filters depend on
@@ -552,7 +558,9 @@
// filters that the base HtmlParse doesn't know about, it should override this
// function and call DetermineEnabled on each of its filters, along with
// calling the base DetermineEnabledFiltersImpl.
- virtual void DetermineEnabledFiltersImpl();
+ // For all enabled filters the CanModifyUrl() flag will be aggregated (or'ed)
+ // and can be queried on the can_modify_url function.
+ virtual void DetermineFiltersBehaviorImpl();
private:
void ApplyFilterHelper(HtmlFilter* filter);
@@ -611,6 +619,8 @@
GoogleString id_; // Per-request identifier string used in error messages.
int line_number_;
bool skip_increment_;
+ bool determine_filter_behavior_called_;
+ bool can_modify_urls_;
bool determine_enabled_filters_called_;
bool need_sanity_check_;
bool coalesce_characters_;
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/pagespeed/kernel/html/html_writer_filter.h
^
|
| @@ -55,6 +55,8 @@
virtual void Directive(HtmlDirectiveNode* directive);
virtual void Flush();
virtual void DetermineEnabled(GoogleString* disabled_reason);
+ // This filter will not change urls.
+ virtual bool CanModifyUrls() { return false; }
void set_max_column(int max_column) { max_column_ = max_column; }
void set_case_fold(bool case_fold) { case_fold_ = case_fold; }
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/pagespeed/kernel/http/http_names.h
^
|
| @@ -74,6 +74,7 @@
static const char kPurpose[];
static const char kReferer[]; // sic
static const char kRefresh[];
+ static const char kSaveData[];
static const char kServer[];
static const char kSetCookie[];
static const char kSetCookie2[];
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/pagespeed/kernel/http/user_agent_matcher.h
^
|
| @@ -111,10 +111,10 @@
bool SupportsJsDefer(const StringPiece& user_agent, bool allow_mobile) const;
- // Returns true if the user agent includes a WebP lossy capable sub-string.
- // If the browser does indeed support WebP, it also needs to send out an
- // "accept: webp" header.
- bool SupportsWebp(const StringPiece& user_agent) const;
+ // Returns true if the user agent includes a legacy browser that supports
+ // webp, but does not issue Accept:image/webp. At the moment, this means
+ // only Android 4.0+ (excluding Firefox).
+ bool LegacyWebp(const StringPiece& user_agent) const;
// Returns true if the user agent includes a string indicating WebP lossy
// or WebP alpha support. If the browser does indeed support WebP, it also
@@ -136,16 +136,6 @@
virtual bool IsAndroidUserAgent(const StringPiece& user_agent) const;
virtual bool IsiOSUserAgent(const StringPiece& user_agent) const;
- // Determines based on the user-agent whether the browser claims to be Chrome.
- // Based on https://code.google.com/p/modpagespeed/issues/detail?id=978,
- // Desktop IE11 will start masquerading as Chrome soon, and according to
- // https://groups.google.com/forum/?utm_medium=email&utm_source=footer#!msg/mod-pagespeed-discuss/HYzzdOzJu_k/ftdV8koVgUEJ
- // a browser called Midori might (at some point) masquerade as Chrome as well.
- //
- // This function returns 'true' for real Chrome, and any of these
- // masquerades.
- bool IsChromeLike(const StringPiece& user_agent) const;
-
// Returns false if this is not a Chrome user agent, or parsing the
// string build number fails.
virtual bool GetChromeBuildNumber(const StringPiece& user_agent, int* major,
@@ -175,7 +165,7 @@
FastWildcardGroup blink_desktop_whitelist_;
FastWildcardGroup blink_desktop_blacklist_;
FastWildcardGroup blink_mobile_whitelist_;
- FastWildcardGroup supports_webp_;
+ FastWildcardGroup legacy_webp_;
FastWildcardGroup supports_webp_lossless_alpha_;
FastWildcardGroup supports_webp_animated_;
FastWildcardGroup supports_prefetch_link_rel_subresource_;
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/pagespeed/system/loopback_route_fetcher.cc
^
|
| @@ -82,21 +82,18 @@
request_headers->Replace(HttpAttributes::kHost, parsed_url.HostAndPort());
}
- GoogleUrl base;
+ GoogleString path_and_leaf;
+ // Includes leading slash.
+ parsed_url.PathAndLeaf().CopyToString(&path_and_leaf);
+
StringPiece scheme = parsed_url.Scheme();
- if ((own_port_ == 80 && scheme == "http") ||
- (own_port_ == 443 && scheme == "https")) {
- base.Reset(StrCat(scheme, "://", own_ip_, "/"));
- } else {
- base.Reset(
- StrCat(scheme, "://", own_ip_, ":", IntegerToString(own_port_), "/"));
+ GoogleString port_section = "";
+ if (!((own_port_ == 80 && scheme == "http") ||
+ (own_port_ == 443 && scheme == "https"))) {
+ port_section = StrCat(":", IntegerToString(own_port_));
}
- GoogleString rel;
- parsed_url.PathAndLeaf().CopyToString(&rel);
-
- parsed_url.Reset(base, rel);
- parsed_url.Spec().CopyToString(&url);
+ url = StrCat(scheme, "://", own_ip_, port_section, path_and_leaf);
// Note that we end up with host: containing the actual URL's host, but
// the URL containing just our IP. This is technically wrong, but the
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/crypto/asn1/asn1_locl.h
^
|
| @@ -1,6 +1,7 @@
/* asn1t.h */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2006.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2006.
*/
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
@@ -10,7 +11,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -63,11 +64,10 @@
/* ASN1 print context structure */
-struct asn1_pctx_st
- {
- unsigned long flags;
- unsigned long nm_flags;
- unsigned long cert_flags;
- unsigned long oid_flags;
- unsigned long str_flags;
- } /* ASN1_PCTX */;
+struct asn1_pctx_st {
+ unsigned long flags;
+ unsigned long nm_flags;
+ unsigned long cert_flags;
+ unsigned long oid_flags;
+ unsigned long str_flags;
+} /* ASN1_PCTX */ ;
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/crypto/bn/internal.h
^
|
| @@ -125,13 +125,15 @@
#include <openssl/base.h>
-#if defined(OPENSSL_X86_64) && defined(_MSC_VER) && _MSC_VER >= 1400
+#if defined(OPENSSL_X86_64) && defined(_MSC_VER)
#pragma warning(push, 3)
#include <intrin.h>
#pragma warning(pop)
#pragma intrinsic(__umulh, _umul128)
#endif
+#include "../internal.h"
+
#if defined(__cplusplus)
extern "C" {
#endif
@@ -144,7 +146,7 @@
#if !defined(_MSC_VER)
/* MSVC doesn't support two-word integers on 64-bit. */
-#define BN_ULLONG __uint128_t
+#define BN_ULLONG uint128_t
#endif
#define BN_BITS2 64
@@ -179,14 +181,6 @@
#endif
-/* Pentium pro 16,16,16,32,64 */
-/* Alpha 16,16,16,16.64 */
-#define BN_MULL_SIZE_NORMAL (16) /* 32 */
-#define BN_MUL_RECURSIVE_SIZE_NORMAL (16) /* 32 less than */
-#define BN_SQR_RECURSIVE_SIZE_NORMAL (16) /* 32 */
-#define BN_MUL_LOW_RECURSIVE_SIZE_NORMAL (32) /* 32 */
-#define BN_MONT_CTX_SET_SIZE_WORD (64) /* 32 */
-
#define STATIC_BIGNUM(x) \
{ \
(BN_ULONG *)x, sizeof(x) / sizeof(BN_ULONG), \
@@ -223,67 +217,12 @@
int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
const BN_ULONG *np, const BN_ULONG *n0, int num);
-#if !defined(BN_ULLONG)
-
-#define LBITS(a) ((a) & BN_MASK2l)
-#define HBITS(a) (((a) >> BN_BITS4) & BN_MASK2l)
-#define L2HBITS(a) (((a) << BN_BITS4) & BN_MASK2)
-
-#define LLBITS(a) ((a) & BN_MASKl)
-#define LHBITS(a) (((a) >> BN_BITS2) & BN_MASKl)
-#define LL2HBITS(a) ((BN_ULLONG)((a) & BN_MASKl) << BN_BITS2)
-
-#define mul64(l, h, bl, bh) \
- { \
- BN_ULONG m, m1, lt, ht; \
- \
- lt = l; \
- ht = h; \
- m = (bh) * (lt); \
- lt = (bl) * (lt); \
- m1 = (bl) * (ht); \
- ht = (bh) * (ht); \
- m = (m + m1) & BN_MASK2; \
- if (m < m1) \
- ht += L2HBITS((BN_ULONG)1); \
- ht += HBITS(m); \
- m1 = L2HBITS(m); \
- lt = (lt + m1) & BN_MASK2; \
- if (lt < m1) \
- ht++; \
- (l) = lt; \
- (h) = ht; \
- }
-
-#endif /* !defined(BN_ULLONG) */
+#if defined(OPENSSL_X86_64) && defined(_MSC_VER)
+#define BN_UMULT_LOHI(low, high, a, b) ((low) = _umul128((a), (b), &(high)))
+#endif
-#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86_64)
-# if defined(__GNUC__) && __GNUC__ >= 2
-# define BN_UMULT_HIGH(a,b) ({ \
- register BN_ULONG ret,discard; \
- __asm__ ("mulq %3" \
- : "=a"(discard),"=d"(ret) \
- : "a"(a), "g"(b) \
- : "cc"); \
- ret; })
-# define BN_UMULT_LOHI(low,high,a,b) \
- __asm__ ("mulq %3" \
- : "=a"(low),"=d"(high) \
- : "a"(a),"g"(b) \
- : "cc");
-# elif defined(_MSC_VER) && _MSC_VER >= 1400
-# define BN_UMULT_HIGH(a, b) __umulh((a), (b))
-# define BN_UMULT_LOHI(low, high, a, b) ((low) = _umul128((a), (b), &(high)))
-# endif
-#elif !defined(OPENSSL_NO_ASM) && defined(OPENSSL_AARCH64)
-# if defined(__GNUC__) && __GNUC__>=2
-# define BN_UMULT_HIGH(a,b) ({ \
- register BN_ULONG ret; \
- __asm__ ("umulh %0,%1,%2" \
- : "=r"(ret) \
- : "r"(a), "r"(b)); \
- ret; })
-# endif
+#if !defined(BN_ULLONG) && !defined(BN_UMULT_LOHI)
+#error "Either BN_ULLONG or BN_UMULT_LOHI must be defined on every platform."
#endif
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/crypto/bytestring/internal.h
^
|
| @@ -22,22 +22,51 @@
#endif
-/* CBS_asn1_ber_to_der reads an ASN.1 structure from |in|. If it finds
- * indefinite-length elements then it attempts to convert the BER data to DER
- * and sets |*out| and |*out_length| to describe a malloced buffer containing
- * the DER data. Additionally, |*in| will be advanced over the ASN.1 data.
- *
- * If it doesn't find any indefinite-length elements then it sets |*out| to
- * NULL and |*in| is unmodified.
- *
- * A sufficiently complex ASN.1 structure will break this function because it's
- * not possible to generically convert BER to DER without knowledge of the
- * structure itself. However, this sufficies to handle the PKCS#7 and #12 output
- * from NSS.
+/* CBS_asn1_ber_to_der reads a BER element from |in|. If it finds
+ * indefinite-length elements or constructed strings then it converts the BER
+ * data to DER and sets |*out| and |*out_length| to describe a malloced buffer
+ * containing the DER data. Additionally, |*in| will be advanced over the BER
+ * element.
+ *
+ * If it doesn't find any indefinite-length elements or constructed strings then
+ * it sets |*out| to NULL and |*in| is unmodified.
+ *
+ * This function should successfully process any valid BER input, however it
+ * will not convert all of BER's deviations from DER. BER is ambiguous between
+ * implicitly-tagged SEQUENCEs of strings and implicitly-tagged constructed
+ * strings. Implicitly-tagged strings must be parsed with
+ * |CBS_get_ber_implicitly_tagged_string| instead of |CBS_get_asn1|. The caller
+ * must also account for BER variations in the contents of a primitive.
*
* It returns one on success and zero otherwise. */
OPENSSL_EXPORT int CBS_asn1_ber_to_der(CBS *in, uint8_t **out, size_t *out_len);
+/* CBS_get_asn1_implicit_string parses a BER string of primitive type
+ * |inner_tag| implicitly-tagged with |outer_tag|. It sets |out| to the
+ * contents. If concatenation was needed, it sets |*out_storage| to a buffer
+ * which the caller must release with |OPENSSL_free|. Otherwise, it sets
+ * |*out_storage| to NULL.
+ *
+ * This function does not parse all of BER. It requires the string be
+ * definite-length. Constructed strings are allowed, but all children of the
+ * outermost element must be primitive. The caller should use
+ * |CBS_asn1_ber_to_der| before running this function.
+ *
+ * It returns one on success and zero otherwise. */
+OPENSSL_EXPORT int CBS_get_asn1_implicit_string(CBS *in, CBS *out,
+ uint8_t **out_storage,
+ unsigned outer_tag,
+ unsigned inner_tag);
+
+/* CBB_finish_i2d calls |CBB_finish| on |cbb| which must have been initialized
+ * with |CBB_init|. If |outp| is not NULL then the result is written to |*outp|
+ * and |*outp| is advanced just past the output. It returns the number of bytes
+ * in the result, whether written or not, or a negative value on error. On
+ * error, it calls |CBB_cleanup| on |cbb|.
+ *
+ * This function may be used to help implement legacy i2d ASN.1 functions. */
+int CBB_finish_i2d(CBB *cbb, uint8_t **outp);
+
#if defined(__cplusplus)
} /* extern C */
|
|
[-]
[+]
|
Added |
1.11.33.2.tar.gz/include/third_party/boringssl/src/crypto/curve25519
^
|
| +(directory)
|
|
[-]
[+]
|
Added |
1.11.33.2.tar.gz/include/third_party/boringssl/src/crypto/curve25519/internal.h
^
|
| @@ -0,0 +1,45 @@
+/* Copyright (c) 2015, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#ifndef OPENSSL_HEADER_CURVE25519_INTERNAL_H
+#define OPENSSL_HEADER_CURVE25519_INTERNAL_H
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+
+#if defined(OPENSSL_X86_64) && !defined(OPENSSL_SMALL) && \
+ !defined(OPENSSL_WINDOWS) && !defined(OPENSSL_NO_ASM)
+#define BORINGSSL_X25519_X86_64
+
+void x25519_x86_64(uint8_t out[32], const uint8_t scalar[32],
+ const uint8_t point[32]);
+#endif
+
+
+#if defined(OPENSSL_ARM) && !defined(OPENSSL_NO_ASM)
+#define BORINGSSL_X25519_NEON
+
+/* x25519_NEON is defined in asm/x25519-arm.S. */
+void x25519_NEON(uint8_t out[32], const uint8_t scalar[32],
+ const uint8_t point[32]);
+#endif
+
+
+#if defined(__cplusplus)
+} /* extern C */
+#endif
+
+#endif /* OPENSSL_HEADER_CURVE25519_INTERNAL_H */
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/crypto/des/internal.h
^
|
| @@ -202,24 +202,7 @@
#define ITERATIONS 16
#define HALF_ITERATIONS 8
-#if defined(_MSC_VER)
-#define ROTATE(a, n) (_lrotr(a, n))
-#elif defined(__ICC)
-#define ROTATE(a, n) (_rotr(a, n))
-#elif defined(__GNUC__) && __GNUC__ >= 2 && !defined(OPENSSL_NO_ASM) && \
- !defined(__STRICT_ANSI__) && \
- (defined(OPENSSL_X86) || defined(OPENSSL_X86_64))
-#define ROTATE(a, n) \
- ({ \
- unsigned int ret; \
- asm("rorl %1,%0" : "=r"(ret) : "I"(n), "0"(a) : "cc"); \
- ret; \
- })
-#endif
-
-#ifndef ROTATE
#define ROTATE(a, n) (((a) >> (n)) + ((a) << (32 - (n))))
-#endif
#if defined(__cplusplus)
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/crypto/digest/md32_common.h
^
|
| @@ -51,12 +51,12 @@
#include <openssl/base.h>
+#include <assert.h>
#if defined(__cplusplus)
extern "C" {
#endif
-#define asm __asm__
/* This is a generic 32-bit "collector" for message digest algorithms. It
* collects input character stream into chunks of 32-bit values and invokes the
@@ -74,14 +74,15 @@
*
* typedef struct <name>_state_st {
* uint32_t h[<chaining length> / sizeof(uint32_t)];
- * uint32_t Nl,Nh;
- * uint32_t data[HASH_CBLOCK / sizeof(uint32_t)];
- * unsigned int num
+ * uint32_t Nl, Nh;
+ * uint8_t data[HASH_CBLOCK];
+ * unsigned num;
* ...
* } <NAME>_CTX;
*
* <chaining length> is the output length of the hash in bytes, before
- * any truncation (e.g. 64 for SHA-224 and SHA-256, 128 for SHA-384 and SHA-512).
+ * any truncation (e.g. 64 for SHA-224 and SHA-256, 128 for SHA-384 and
+ * SHA-512).
*
* |HASH_UPDATE| must be defined as the name of the "Update" function to
* generate.
@@ -133,220 +134,129 @@
#error "HASH_BLOCK_DATA_ORDER must be defined!"
#endif
-/*
- * Engage compiler specific rotate intrinsic function if available.
- */
-#undef ROTATE
-# if defined(_MSC_VER)
-# define ROTATE(a,n) _lrotl(a,n)
-# elif defined(__ICC)
-# define ROTATE(a,n) _rotl(a,n)
-# elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM)
- /*
- * Some GNU C inline assembler templates. Note that these are
- * rotates by *constant* number of bits! But that's exactly
- * what we need here...
- * <appro@fy.chalmers.se>
- */
-# if defined(OPENSSL_X86) || defined(OPENSSL_X86_64)
-# define ROTATE(a,n) ({ register uint32_t ret; \
- asm ( \
- "roll %1,%0" \
- : "=r"(ret) \
- : "I"(n), "0"((uint32_t)(a)) \
- : "cc"); \
- ret; \
- })
-# endif /* OPENSSL_X86 || OPENSSL_X86_64 */
-# endif /* COMPILER */
-
-#ifndef ROTATE
-#define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
+#ifndef HASH_MAKE_STRING
+#error "HASH_MAKE_STRING must be defined!"
#endif
#if defined(DATA_ORDER_IS_BIG_ENDIAN)
-#ifndef PEDANTIC
-# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM)
-# if defined(OPENSSL_X86) || defined(OPENSSL_X86_64)
- /*
- * This gives ~30-40% performance improvement in SHA-256 compiled
- * with gcc [on P4]. Well, first macro to be frank. We can pull
- * this trick on x86* platforms only, because these CPUs can fetch
- * unaligned data without raising an exception.
- */
-# define HOST_c2l(c,l) ({ uint32_t r=*((const uint32_t *)(c)); \
- asm ("bswapl %0":"=r"(r):"0"(r)); \
- (c)+=4; (l)=r; })
-# define HOST_l2c(l,c) ({ uint32_t r=(l); \
- asm ("bswapl %0":"=r"(r):"0"(r)); \
- *((uint32_t *)(c))=r; (c)+=4; r; })
-# elif defined(__aarch64__)
-# if defined(__BYTE_ORDER__)
-# if defined(__ORDER_LITTLE_ENDIAN__) && __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
-# define HOST_c2l(c,l) ({ uint32_t r; \
- asm ("rev %w0,%w1" \
- :"=r"(r) \
- :"r"(*((const uint32_t *)(c))));\
- (c)+=4; (l)=r; })
-# define HOST_l2c(l,c) ({ uint32_t r; \
- asm ("rev %w0,%w1" \
- :"=r"(r) \
- :"r"((uint32_t)(l))); \
- *((uint32_t *)(c))=r; (c)+=4; r; })
-# elif defined(__ORDER_BIG_ENDIAN__) && __BYTE_ORDER__==__ORDER_BIG_ENDIAN__
-# define HOST_c2l(c,l) (void)((l)=*((const uint32_t *)(c)), (c)+=4)
-# define HOST_l2c(l,c) (*((uint32_t *)(c))=(l), (c)+=4, (l))
-# endif
-# endif
-# endif
-# endif
-#endif
-
-#ifndef HOST_c2l
-#define HOST_c2l(c,l) (void)(l =(((uint32_t)(*((c)++)))<<24), \
- l|=(((uint32_t)(*((c)++)))<<16), \
- l|=(((uint32_t)(*((c)++)))<< 8), \
- l|=(((uint32_t)(*((c)++))) ))
-#endif
-#ifndef HOST_l2c
-#define HOST_l2c(l,c) (*((c)++)=(uint8_t)(((l)>>24)&0xff), \
- *((c)++)=(uint8_t)(((l)>>16)&0xff), \
- *((c)++)=(uint8_t)(((l)>> 8)&0xff), \
- *((c)++)=(uint8_t)(((l) )&0xff), \
- l)
-#endif
+#define HOST_c2l(c, l) \
+ (void)(l = (((uint32_t)(*((c)++))) << 24), \
+ l |= (((uint32_t)(*((c)++))) << 16), \
+ l |= (((uint32_t)(*((c)++))) << 8), l |= (((uint32_t)(*((c)++)))))
+
+#define HOST_l2c(l, c) \
+ (void)(*((c)++) = (uint8_t)(((l) >> 24) & 0xff), \
+ *((c)++) = (uint8_t)(((l) >> 16) & 0xff), \
+ *((c)++) = (uint8_t)(((l) >> 8) & 0xff), \
+ *((c)++) = (uint8_t)(((l)) & 0xff))
#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
-#if defined(OPENSSL_X86) || defined(OPENSSL_X86_64)
- /* See comment in DATA_ORDER_IS_BIG_ENDIAN section. */
-# define HOST_c2l(c,l) (void)((l)=*((const uint32_t *)(c)), (c)+=4)
-# define HOST_l2c(l,c) (*((uint32_t *)(c))=(l), (c)+=4, l)
-#endif
-
-#ifndef HOST_c2l
-#define HOST_c2l(c,l) (void)(l =(((uint32_t)(*((c)++))) ), \
- l|=(((uint32_t)(*((c)++)))<< 8), \
- l|=(((uint32_t)(*((c)++)))<<16), \
- l|=(((uint32_t)(*((c)++)))<<24))
-#endif
-#ifndef HOST_l2c
-#define HOST_l2c(l,c) (*((c)++)=(uint8_t)(((l) )&0xff), \
- *((c)++)=(uint8_t)(((l)>> 8)&0xff), \
- *((c)++)=(uint8_t)(((l)>>16)&0xff), \
- *((c)++)=(uint8_t)(((l)>>24)&0xff), \
- l)
-#endif
-
-#endif
-
-int HASH_UPDATE (HASH_CTX *c, const void *data_, size_t len)
- {
- const uint8_t *data=data_;
- uint8_t *p;
- uint32_t l;
- size_t n;
-
- if (len==0) return 1;
-
- l=(c->Nl+(((uint32_t)len)<<3))&0xffffffffUL;
- /* 95-05-24 eay Fixed a bug with the overflow handling, thanks to
- * Wei Dai <weidai@eskimo.com> for pointing it out. */
- if (l < c->Nl) /* overflow */
- c->Nh++;
- c->Nh+=(uint32_t)(len>>29); /* might cause compiler warning on 16-bit */
- c->Nl=l;
-
- n = c->num;
- if (n != 0)
- {
- p=(uint8_t *)c->data;
-
- if (len >= HASH_CBLOCK || len+n >= HASH_CBLOCK)
- {
- memcpy (p+n,data,HASH_CBLOCK-n);
- HASH_BLOCK_DATA_ORDER (c->h,p,1);
- n = HASH_CBLOCK-n;
- data += n;
- len -= n;
- c->num = 0;
- memset (p,0,HASH_CBLOCK); /* keep it zeroed */
- }
- else
- {
- memcpy (p+n,data,len);
- c->num += (unsigned int)len;
- return 1;
- }
- }
-
- n = len/HASH_CBLOCK;
- if (n > 0)
- {
- HASH_BLOCK_DATA_ORDER (c->h,data,n);
- n *= HASH_CBLOCK;
- data += n;
- len -= n;
- }
-
- if (len != 0)
- {
- p = (uint8_t *)c->data;
- c->num = (unsigned int)len;
- memcpy (p,data,len);
- }
- return 1;
- }
-
-
-void HASH_TRANSFORM (HASH_CTX *c, const uint8_t *data)
- {
- HASH_BLOCK_DATA_ORDER (c->h,data,1);
- }
-
-
-int HASH_FINAL (uint8_t *md, HASH_CTX *c)
- {
- uint8_t *p = (uint8_t *)c->data;
- size_t n = c->num;
-
- p[n] = 0x80; /* there is always room for one */
- n++;
-
- if (n > (HASH_CBLOCK-8))
- {
- memset (p+n,0,HASH_CBLOCK-n);
- n=0;
- HASH_BLOCK_DATA_ORDER (c->h,p,1);
- }
- memset (p+n,0,HASH_CBLOCK-8-n);
-
- p += HASH_CBLOCK-8;
-#if defined(DATA_ORDER_IS_BIG_ENDIAN)
- (void)HOST_l2c(c->Nh,p);
- (void)HOST_l2c(c->Nl,p);
-#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
- (void)HOST_l2c(c->Nl,p);
- (void)HOST_l2c(c->Nh,p);
-#endif
- p -= HASH_CBLOCK;
- HASH_BLOCK_DATA_ORDER (c->h,p,1);
- c->num=0;
- memset (p,0,HASH_CBLOCK);
+#define HOST_c2l(c, l) \
+ (void)(l = (((uint32_t)(*((c)++)))), l |= (((uint32_t)(*((c)++))) << 8), \
+ l |= (((uint32_t)(*((c)++))) << 16), \
+ l |= (((uint32_t)(*((c)++))) << 24))
+
+#define HOST_l2c(l, c) \
+ (void)(*((c)++) = (uint8_t)(((l)) & 0xff), \
+ *((c)++) = (uint8_t)(((l) >> 8) & 0xff), \
+ *((c)++) = (uint8_t)(((l) >> 16) & 0xff), \
+ *((c)++) = (uint8_t)(((l) >> 24) & 0xff))
+
+#endif /* DATA_ORDER */
+
+int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len) {
+ const uint8_t *data = data_;
+
+ if (len == 0) {
+ return 1;
+ }
+
+ uint32_t l = c->Nl + (((uint32_t)len) << 3);
+ if (l < c->Nl) {
+ /* Handle carries. */
+ c->Nh++;
+ }
+ c->Nh += (uint32_t)(len >> 29);
+ c->Nl = l;
+
+ size_t n = c->num;
+ if (n != 0) {
+ if (len >= HASH_CBLOCK || len + n >= HASH_CBLOCK) {
+ memcpy(c->data + n, data, HASH_CBLOCK - n);
+ HASH_BLOCK_DATA_ORDER(c->h, c->data, 1);
+ n = HASH_CBLOCK - n;
+ data += n;
+ len -= n;
+ c->num = 0;
+ /* Keep |c->data| zeroed when unused. */
+ memset(c->data, 0, HASH_CBLOCK);
+ } else {
+ memcpy(c->data + n, data, len);
+ c->num += (unsigned)len;
+ return 1;
+ }
+ }
+
+ n = len / HASH_CBLOCK;
+ if (n > 0) {
+ HASH_BLOCK_DATA_ORDER(c->h, data, n);
+ n *= HASH_CBLOCK;
+ data += n;
+ len -= n;
+ }
+
+ if (len != 0) {
+ c->num = (unsigned)len;
+ memcpy(c->data, data, len);
+ }
+ return 1;
+}
+
+
+void HASH_TRANSFORM(HASH_CTX *c, const uint8_t *data) {
+ HASH_BLOCK_DATA_ORDER(c->h, data, 1);
+}
+
+
+int HASH_FINAL(uint8_t *md, HASH_CTX *c) {
+ /* |c->data| always has room for at least one byte. A full block would have
+ * been consumed. */
+ size_t n = c->num;
+ assert(n < HASH_CBLOCK);
+ c->data[n] = 0x80;
+ n++;
+
+ /* Fill the block with zeros if there isn't room for a 64-bit length. */
+ if (n > (HASH_CBLOCK - 8)) {
+ memset(c->data + n, 0, HASH_CBLOCK - n);
+ n = 0;
+ HASH_BLOCK_DATA_ORDER(c->h, c->data, 1);
+ }
+ memset(c->data + n, 0, HASH_CBLOCK - 8 - n);
-#ifndef HASH_MAKE_STRING
-#error "HASH_MAKE_STRING must be defined!"
-#else
- HASH_MAKE_STRING(c,md);
+ /* Append a 64-bit length to the block and process it. */
+ uint8_t *p = c->data + HASH_CBLOCK - 8;
+#if defined(DATA_ORDER_IS_BIG_ENDIAN)
+ HOST_l2c(c->Nh, p);
+ HOST_l2c(c->Nl, p);
+#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+ HOST_l2c(c->Nl, p);
+ HOST_l2c(c->Nh, p);
#endif
-
- return 1;
- }
+ assert(p == c->data + HASH_CBLOCK);
+ HASH_BLOCK_DATA_ORDER(c->h, c->data, 1);
+ c->num = 0;
+ memset(c->data, 0, HASH_CBLOCK);
+
+ HASH_MAKE_STRING(c, md);
+ return 1;
+}
#if defined(__cplusplus)
-} /* extern C */
+} /* extern C */
#endif
-#endif /* OPENSSL_HEADER_MD32_COMMON_H */
+#endif /* OPENSSL_HEADER_MD32_COMMON_H */
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/crypto/ec/internal.h
^
|
| @@ -80,18 +80,11 @@
struct ec_method_st {
- /* used by EC_GROUP_new, EC_GROUP_free, EC_GROUP_clear_free, EC_GROUP_copy: */
int (*group_init)(EC_GROUP *);
void (*group_finish)(EC_GROUP *);
- void (*group_clear_finish)(EC_GROUP *);
int (*group_copy)(EC_GROUP *, const EC_GROUP *);
-
- /* used by EC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, */
- /* EC_GROUP_set_curve_GF2m, and EC_GROUP_get_curve_GF2m: */
int (*group_set_curve)(EC_GROUP *, const BIGNUM *p, const BIGNUM *a,
const BIGNUM *b, BN_CTX *);
-
- /* used by EC_POINT_get_affine_coordinates_GFp: */
int (*point_get_affine_coordinates)(const EC_GROUP *, const EC_POINT *,
BIGNUM *x, BIGNUM *y, BN_CTX *);
@@ -103,7 +96,14 @@
int (*mul)(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar,
const EC_POINT *p, const BIGNUM *p_scalar, BN_CTX *ctx);
- /* internal functions */
+ /* |check_pub_key_order| checks that the public key is in the proper subgroup
+ * by checking that |pub_key*group->order| is the point at infinity. This may
+ * be NULL for |EC_METHOD|s specialized for prime-order curves (i.e. with
+ * cofactor one), as this check is not necessary for such curves (See section
+ * A.3 of the NSA's "Suite B Implementer's Guide to FIPS 186-3
+ * (ECDSA)"). */
+ int (*check_pub_key_order)(const EC_GROUP *group, const EC_POINT *pub_key,
+ BN_CTX *ctx);
/* 'field_mul' and 'field_sqr' can be used by 'add' and 'dbl' so that the
* same implementations of point operations can be used with different
@@ -124,7 +124,7 @@
struct ec_group_st {
const EC_METHOD *meth;
- EC_POINT *generator; /* optional */
+ EC_POINT *generator;
BIGNUM order, cofactor;
int curve_name; /* optional NID for named curve */
@@ -147,9 +147,6 @@
struct ec_point_st {
const EC_METHOD *meth;
- /* All members except 'meth' are handled by the method functions,
- * even if they appear generic */
-
BIGNUM X;
BIGNUM Y;
BIGNUM Z; /* Jacobian projective coordinates:
@@ -171,14 +168,12 @@
/* method functions in simple.c */
int ec_GFp_simple_group_init(EC_GROUP *);
void ec_GFp_simple_group_finish(EC_GROUP *);
-void ec_GFp_simple_group_clear_finish(EC_GROUP *);
int ec_GFp_simple_group_copy(EC_GROUP *, const EC_GROUP *);
int ec_GFp_simple_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a,
const BIGNUM *b, BN_CTX *);
int ec_GFp_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a,
BIGNUM *b, BN_CTX *);
unsigned ec_GFp_simple_group_get_degree(const EC_GROUP *);
-int ec_GFp_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *);
int ec_GFp_simple_point_init(EC_POINT *);
void ec_GFp_simple_point_finish(EC_POINT *);
void ec_GFp_simple_point_clear_finish(EC_POINT *);
@@ -223,7 +218,6 @@
int ec_GFp_mont_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a,
const BIGNUM *b, BN_CTX *);
void ec_GFp_mont_group_finish(EC_GROUP *);
-void ec_GFp_mont_group_clear_finish(EC_GROUP *);
int ec_GFp_mont_group_copy(EC_GROUP *, const EC_GROUP *);
int ec_GFp_mont_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
const BIGNUM *b, BN_CTX *);
@@ -259,8 +253,6 @@
const EC_METHOD *EC_GFp_nistz256_method(void);
struct ec_key_st {
- int version;
-
EC_GROUP *group;
EC_POINT *pub_key;
@@ -270,7 +262,6 @@
point_conversion_form_t conv_form;
CRYPTO_refcount_t references;
- int flags;
ECDSA_METHOD *ecdsa_meth;
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/crypto/ec/p256-x86_64-table.h
^
|
| @@ -24,12 +24,7 @@
* in order to increase the chances of using a large page but that appears to
* lead to invalid ELF files being produced. */
-#if defined(__GNUC__)
-__attribute((aligned(4096)))
-#elif defined(_MSC_VER)
-__declspec(align(4096))
-#endif
-static const BN_ULONG
+static const alignas(4096) BN_ULONG
ecp_nistz256_precomputed[37][64 * sizeof(P256_POINT_AFFINE) /
sizeof(BN_ULONG)] = {
{TOBN(0x79e730d4, 0x18a9143c), TOBN(0x75ba95fc, 0x5fedb601),
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/crypto/evp/internal.h
^
|
| @@ -86,18 +86,36 @@
struct evp_pkey_asn1_method_st {
int pkey_id;
- int pkey_base_id;
unsigned long pkey_flags;
const char *pem_str;
- int (*pub_decode)(EVP_PKEY *pk, X509_PUBKEY *pub);
- int (*pub_encode)(X509_PUBKEY *pub, const EVP_PKEY *pk);
+ /* pub_decode decodes |params| and |key| as a SubjectPublicKeyInfo
+ * and writes the result into |out|. It returns one on success and zero on
+ * error. |params| is the AlgorithmIdentifier after the OBJECT IDENTIFIER
+ * type field, and |key| is the contents of the subjectPublicKey with the
+ * leading padding byte checked and removed. Although X.509 uses BIT STRINGs
+ * to represent SubjectPublicKeyInfo, every key type defined encodes the key
+ * as a byte string with the same conversion to BIT STRING. */
+ int (*pub_decode)(EVP_PKEY *out, CBS *params, CBS *key);
+
+ /* pub_encode encodes |key| as a SubjectPublicKeyInfo and appends the result
+ * to |out|. It returns one on success and zero on error. */
+ int (*pub_encode)(CBB *out, const EVP_PKEY *key);
+
int (*pub_cmp)(const EVP_PKEY *a, const EVP_PKEY *b);
int (*pub_print)(BIO *out, const EVP_PKEY *pkey, int indent, ASN1_PCTX *pctx);
- int (*priv_decode)(EVP_PKEY *pk, PKCS8_PRIV_KEY_INFO *p8inf);
- int (*priv_encode)(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk);
+ /* priv_decode decodes |params| and |key| as a PrivateKeyInfo and writes the
+ * result into |out|. It returns one on success and zero on error. |params| is
+ * the AlgorithmIdentifier after the OBJECT IDENTIFIER type field, and |key|
+ * is the contents of the OCTET STRING privateKey field. */
+ int (*priv_decode)(EVP_PKEY *out, CBS *params, CBS *key);
+
+ /* priv_encode encodes |key| as a PrivateKeyInfo and appends the result to
+ * |out|. It returns one on success and zero on error. */
+ int (*priv_encode)(CBB *out, const EVP_PKEY *key);
+
int (*priv_print)(BIO *out, const EVP_PKEY *pkey, int indent,
ASN1_PCTX *pctx);
@@ -114,8 +132,6 @@
int (*pkey_size)(const EVP_PKEY *pk);
int (*pkey_bits)(const EVP_PKEY *pk);
- int (*param_decode)(EVP_PKEY *pkey, const uint8_t **pder, int derlen);
- int (*param_encode)(const EVP_PKEY *pkey, uint8_t **pder);
int (*param_missing)(const EVP_PKEY *pk);
int (*param_copy)(EVP_PKEY *to, const EVP_PKEY *from);
int (*param_cmp)(const EVP_PKEY *a, const EVP_PKEY *b);
@@ -131,7 +147,6 @@
int (*old_priv_decode)(EVP_PKEY *pkey, const uint8_t **pder,
int derlen);
- int (*old_priv_encode)(const EVP_PKEY *pkey, uint8_t **pder);
/* Converting parameters to/from AlgorithmIdentifier (X509_ALGOR). */
int (*digest_verify_init_from_algorithm)(EVP_MD_CTX *ctx,
@@ -144,10 +159,7 @@
} /* EVP_PKEY_ASN1_METHOD */;
-typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
-
#define EVP_PKEY_OP_UNDEFINED 0
-#define EVP_PKEY_OP_PARAMGEN (1 << 1)
#define EVP_PKEY_OP_KEYGEN (1 << 2)
#define EVP_PKEY_OP_SIGN (1 << 3)
#define EVP_PKEY_OP_VERIFY (1 << 4)
@@ -156,7 +168,7 @@
#define EVP_PKEY_OP_DECRYPT (1 << 7)
#define EVP_PKEY_OP_DERIVE (1 << 8)
-#define EVP_PKEY_OP_TYPE_SIG \
+#define EVP_PKEY_OP_TYPE_SIG \
(EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY | EVP_PKEY_OP_VERIFYRECOVER)
#define EVP_PKEY_OP_TYPE_CRYPT (EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT)
@@ -164,7 +176,7 @@
#define EVP_PKEY_OP_TYPE_NOGEN \
(EVP_PKEY_OP_SIG | EVP_PKEY_OP_CRYPT | EVP_PKEY_OP_DERIVE)
-#define EVP_PKEY_OP_TYPE_GEN (EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN)
+#define EVP_PKEY_OP_TYPE_GEN EVP_PKEY_OP_KEYGEN
/* EVP_PKEY_CTX_ctrl performs |cmd| on |ctx|. The |keytype| and |optype|
* arguments can be -1 to specify that any type and operation are acceptable,
@@ -208,8 +220,6 @@
#define EVP_PKEY_CTRL_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 11)
#define EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 12)
-#define EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID (EVP_PKEY_ALG_CTRL + 1)
-
struct evp_pkey_ctx_st {
/* Method associated with this operation */
const EVP_PKEY_METHOD *pmeth;
@@ -223,41 +233,32 @@
int operation;
/* Algorithm specific data */
void *data;
- /* Application specific data */
- void *app_data;
} /* EVP_PKEY_CTX */;
struct evp_pkey_method_st {
int pkey_id;
- int flags;
int (*init)(EVP_PKEY_CTX *ctx);
int (*copy)(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src);
void (*cleanup)(EVP_PKEY_CTX *ctx);
- int (*paramgen_init)(EVP_PKEY_CTX *ctx);
- int (*paramgen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
-
- int (*keygen_init)(EVP_PKEY_CTX *ctx);
int (*keygen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
- int (*sign_init)(EVP_PKEY_CTX *ctx);
int (*sign)(EVP_PKEY_CTX *ctx, uint8_t *sig, size_t *siglen,
const uint8_t *tbs, size_t tbslen);
- int (*verify_init)(EVP_PKEY_CTX *ctx);
int (*verify)(EVP_PKEY_CTX *ctx, const uint8_t *sig, size_t siglen,
const uint8_t *tbs, size_t tbslen);
- int (*encrypt_init)(EVP_PKEY_CTX *ctx);
+ int (*verify_recover)(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *out_len,
+ const uint8_t *sig, size_t sig_len);
+
int (*encrypt)(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *outlen,
const uint8_t *in, size_t inlen);
- int (*decrypt_init)(EVP_PKEY_CTX *ctx);
int (*decrypt)(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *outlen,
const uint8_t *in, size_t inlen);
- int (*derive_init)(EVP_PKEY_CTX *ctx);
int (*derive)(EVP_PKEY_CTX *ctx, uint8_t *key, size_t *keylen);
int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/crypto/internal.h
^
|
| @@ -112,6 +112,15 @@
#include <openssl/ex_data.h>
#include <openssl/thread.h>
+#if defined(_MSC_VER)
+#if !defined(__cplusplus) || _MSC_VER < 1900
+#define alignas(x) __declspec(align(x))
+#define alignof __alignof
+#endif
+#else
+#include <stdalign.h>
+#endif
+
#if defined(OPENSSL_NO_THREADS)
#elif defined(OPENSSL_WINDOWS)
#pragma warning(push, 3)
@@ -179,6 +188,12 @@
#endif
+#if !defined(_MSC_VER) && defined(OPENSSL_64_BIT)
+typedef __int128_t int128_t;
+typedef __uint128_t uint128_t;
+#endif
+
+
/* Constant-time utility functions.
*
* The following methods return a bitmask of all ones (0xff...f) for true and 0
@@ -325,7 +340,7 @@
typedef uint32_t CRYPTO_once_t;
#define CRYPTO_ONCE_INIT 0
#elif defined(OPENSSL_WINDOWS)
-typedef LONG CRYPTO_once_t;
+typedef volatile LONG CRYPTO_once_t;
#define CRYPTO_ONCE_INIT 0
#else
typedef pthread_once_t CRYPTO_once_t;
@@ -497,8 +512,7 @@
* zero otherwise. */
OPENSSL_EXPORT int CRYPTO_get_ex_new_index(CRYPTO_EX_DATA_CLASS *ex_data_class,
int *out_index, long argl,
- void *argp, CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func,
+ void *argp, CRYPTO_EX_dup *dup_func,
CRYPTO_EX_free *free_func);
/* CRYPTO_set_ex_data sets an extra data pointer on a given object. Each class
@@ -510,11 +524,8 @@
* function. */
OPENSSL_EXPORT void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int index);
-/* CRYPTO_new_ex_data initialises a newly allocated |CRYPTO_EX_DATA| which is
- * embedded inside of |obj| which is of class |ex_data_class|. Returns one on
- * success and zero otherwise. */
-OPENSSL_EXPORT int CRYPTO_new_ex_data(CRYPTO_EX_DATA_CLASS *ex_data_class,
- void *obj, CRYPTO_EX_DATA *ad);
+/* CRYPTO_new_ex_data initialises a newly allocated |CRYPTO_EX_DATA|. */
+OPENSSL_EXPORT void CRYPTO_new_ex_data(CRYPTO_EX_DATA *ad);
/* CRYPTO_dup_ex_data duplicates |from| into a freshly allocated
* |CRYPTO_EX_DATA|, |to|. Both of which are inside objects of the given
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/crypto/obj/obj_dat.h
^
|
| @@ -58,9 +58,9 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.] */
-#define NUM_NID 948
-#define NUM_SN 940
-#define NUM_LN 940
+#define NUM_NID 949
+#define NUM_SN 941
+#define NUM_LN 941
#define NUM_OBJ 882
static const unsigned char lvalues[6176]={
@@ -2482,6 +2482,7 @@
NID_dhSinglePass_cofactorDH_sha512kdf_scheme,6,&(lvalues[6169]),0},
{"dh-std-kdf","dh-std-kdf",NID_dh_std_kdf,0,NULL,0},
{"dh-cofactor-kdf","dh-cofactor-kdf",NID_dh_cofactor_kdf,0,NULL,0},
+{"X25519","x25519",NID_x25519,0,NULL,0},
};
static const unsigned int kNIDsInShortNameOrder[NUM_SN]={
@@ -2668,6 +2669,7 @@
143, /* "SXNetID" */
458, /* "UID" */
0, /* "UNDEF" */
+948, /* "X25519" */
11, /* "X500" */
378, /* "X500algorithms" */
12, /* "X509" */
@@ -4364,6 +4366,7 @@
742, /* "wap-wsg-idm-ecid-wtls9" */
804, /* "whirlpool" */
868, /* "x121Address" */
+948, /* "x25519" */
503, /* "x500UniqueIdentifier" */
158, /* "x509Certificate" */
160, /* "x509Crl" */
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/crypto/rsa/internal.h
^
|
| @@ -90,19 +90,11 @@
#define RSA_PKCS1_PADDING_SIZE 11
-/* BN_BLINDING flags */
-#define BN_BLINDING_NO_UPDATE 0x00000001
-#define BN_BLINDING_NO_RECREATE 0x00000002
-
BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod);
void BN_BLINDING_free(BN_BLINDING *b);
int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx);
int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
-int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
-int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *);
-int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *);
-unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
-void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
+int BN_BLINDING_invert(BIGNUM *n, const BN_BLINDING *b, BN_CTX *ctx);
BN_BLINDING *BN_BLINDING_create_param(
BN_BLINDING *b, const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/crypto/test/file_test.h
^
|
| @@ -15,6 +15,8 @@
#ifndef OPENSSL_HEADER_CRYPTO_TEST_FILE_TEST_H
#define OPENSSL_HEADER_CRYPTO_TEST_FILE_TEST_H
+#include <openssl/base.h>
+
#include <stdint.h>
#include <stdio.h>
@@ -36,7 +38,7 @@
//
// This module provides a file-based test framework. The file format is based on
// that of OpenSSL upstream's evp_test and BoringSSL's aead_test. Each input
-// file is a sequence of attributes, blocks, and blank lines.
+// file is a sequence of attributes and blank lines.
//
// Each attribute has the form:
//
@@ -45,15 +47,11 @@
// Either '=' or ':' may be used to delimit the name from the value. Both the
// name and value have leading and trailing spaces stripped.
//
-// Blocks are delimited by lines beginning with three hyphens, "---". One such
-// line begins a block and another ends it. Blocks are intended as a convenient
-// way to embed PEM data and include their delimiters.
-//
-// Outside a block, lines beginning with # are ignored.
-//
-// A test is a sequence of one or more attributes followed by a block or blank
-// line. Blank lines are otherwise ignored. For tests that process multiple
-// kinds of test cases, the first attribute is parsed out as the test's type and
+// Lines beginning with # are ignored.
+//
+// A test is a sequence of one or more attributes followed by a blank line.
+// Blank lines are otherwise ignored. For tests that process multiple kinds of
+// test cases, the first attribute is parsed out as the test's type and
// parameter. Otherwise, attributes are unordered. The first attribute is also
// included in the set of attributes, so tests which do not dispatch may ignore
// this mechanism.
@@ -88,11 +86,7 @@
// PrintLine is a variant of printf which prepends the line number and appends
// a trailing newline.
- void PrintLine(const char *format, ...)
-#ifdef __GNUC__
- __attribute__((__format__(__printf__, 2, 3)))
-#endif
- ;
+ void PrintLine(const char *format, ...) OPENSSL_PRINTF_FORMAT_FUNC(2, 3);
unsigned start_line() const { return start_line_; }
@@ -100,9 +94,6 @@
const std::string &GetType();
// GetParameter returns the value of the first attribute of the current test.
const std::string &GetParameter();
- // GetBlock returns the optional block of the current test, or the empty
- // if there was no block.
- const std::string &GetBlock();
// HasAttribute returns true if the current test has an attribute named |key|.
bool HasAttribute(const std::string &key);
@@ -113,7 +104,7 @@
bool GetAttribute(std::string *out_value, const std::string &key);
// GetAttributeOrDie looks up the attribute with key |key| and aborts if it is
- // missing. It only be used after a |HasAttribute| call.
+ // missing. It should only be used after a |HasAttribute| call.
const std::string &GetAttributeOrDie(const std::string &key);
// GetBytes looks up the attribute with key |key| and decodes it as a byte
@@ -144,13 +135,9 @@
std::string parameter_;
// attributes_ contains all attributes in the test, including the first.
std::map<std::string, std::string> attributes_;
- // block_, if non-empty, is the test's optional trailing block.
- std::string block_;
// unused_attributes_ is the set of attributes that have been queried.
std::set<std::string> unused_attributes_;
- // used_block_ is true if the block has been queried.
- bool used_block_ = false;
FileTest(const FileTest&) = delete;
FileTest &operator=(const FileTest&) = delete;
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/crypto/test/scoped_types.h
^
|
| @@ -21,6 +21,7 @@
#include <memory>
#include <openssl/aead.h>
+#include <openssl/asn1.h>
#include <openssl/bio.h>
#include <openssl/bn.h>
#include <openssl/cmac.h>
@@ -95,6 +96,7 @@
T ctx_;
};
+using ScopedASN1_TYPE = ScopedOpenSSLType<ASN1_TYPE, ASN1_TYPE_free>;
using ScopedBIO = ScopedOpenSSLType<BIO, BIO_vfree>;
using ScopedBIGNUM = ScopedOpenSSLType<BIGNUM, BN_free>;
using ScopedBN_CTX = ScopedOpenSSLType<BN_CTX, BN_CTX_free>;
@@ -114,6 +116,7 @@
using ScopedX509 = ScopedOpenSSLType<X509, X509_free>;
using ScopedX509_ALGOR = ScopedOpenSSLType<X509_ALGOR, X509_ALGOR_free>;
using ScopedX509_SIG = ScopedOpenSSLType<X509_SIG, X509_SIG_free>;
+using ScopedX509_STORE_CTX = ScopedOpenSSLType<X509_STORE_CTX, X509_STORE_CTX_free>;
using ScopedX509Stack = ScopedOpenSSLStack<STACK_OF(X509), X509, X509_free>;
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/crypto/x509/charmap.h
^
|
| @@ -1,15 +1,15 @@
-/* Auto generated with chartype.pl script.
- * Mask of various character properties
+/*
+ * Auto generated with chartype.pl script. Mask of various character
+ * properties
*/
static const unsigned char char_type[] = {
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
-120, 0, 1,40, 0, 0, 0,16,16,16, 0,25,25,16,16,16,
-16,16,16,16,16,16,16,16,16,16,16, 9, 9,16, 9,16,
- 0,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,
-16,16,16,16,16,16,16,16,16,16,16, 0, 1, 0, 0, 0,
- 0,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,
-16,16,16,16,16,16,16,16,16,16,16, 0, 0, 0, 0, 2
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 120, 0, 1, 40, 0, 0, 0, 16, 16, 16, 0, 25, 25, 16, 16, 16,
+ 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 9, 9, 16, 9, 16,
+ 0, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16,
+ 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 0, 1, 0, 0, 0,
+ 0, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16,
+ 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 0, 0, 0, 0, 2
};
-
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/crypto/x509/vpm_int.h
^
|
| @@ -1,6 +1,7 @@
/* vpm_int.h */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2013.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2013.
*/
/* ====================================================================
* Copyright (c) 2013 The OpenSSL Project. All rights reserved.
@@ -10,7 +11,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -58,13 +59,12 @@
/* internal only structure to hold additional X509_VERIFY_PARAM data */
-struct X509_VERIFY_PARAM_ID_st
- {
- STACK_OF(OPENSSL_STRING) *hosts; /* Set of acceptable names */
- unsigned int hostflags; /* Flags to control matching features */
- char *peername; /* Matching hostname in peer certificate */
- char *email; /* If not NULL email address to match */
- size_t emaillen;
- unsigned char *ip; /* If not NULL IP address to match */
- size_t iplen; /* Length of IP address */
- };
+struct X509_VERIFY_PARAM_ID_st {
+ STACK_OF(OPENSSL_STRING) *hosts; /* Set of acceptable names */
+ unsigned int hostflags; /* Flags to control matching features */
+ char *peername; /* Matching hostname in peer certificate */
+ char *email; /* If not NULL email address to match */
+ size_t emaillen;
+ unsigned char *ip; /* If not NULL IP address to match */
+ size_t iplen; /* Length of IP address */
+};
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/crypto/x509v3/ext_dat.h
^
|
| @@ -1,5 +1,6 @@
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
*/
/* ====================================================================
* Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
@@ -9,7 +10,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -56,74 +57,79 @@
/* This file contains a table of "standard" extensions */
extern const X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
-extern const X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo;
-extern const X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
+extern const X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info,
+ v3_sinfo;
+extern const X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id,
+ v3_akey_id;
extern const X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate;
-extern const X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld, v3_freshest_crl;
-extern const X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff;
-extern const X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc;
+extern const X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld,
+ v3_freshest_crl;
+extern const X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp,
+ v3_ocsp_acutoff;
+extern const X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck,
+ v3_ocsp_serviceloc;
extern const X509V3_EXT_METHOD v3_crl_hold, v3_pci;
extern const X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints;
extern const X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp, v3_idp;
extern const X509V3_EXT_METHOD v3_addr, v3_asid;
-/* This table will be searched using OBJ_bsearch so it *must* kept in
- * order of the ext_nid values.
+/*
+ * This table will be searched using OBJ_bsearch so it *must* kept in order
+ * of the ext_nid values.
*/
/* TODO(fork): OCSP support */
#define OPENSSL_NO_OCSP
static const X509V3_EXT_METHOD *const standard_exts[] = {
-&v3_nscert,
-&v3_ns_ia5_list[0],
-&v3_ns_ia5_list[1],
-&v3_ns_ia5_list[2],
-&v3_ns_ia5_list[3],
-&v3_ns_ia5_list[4],
-&v3_ns_ia5_list[5],
-&v3_ns_ia5_list[6],
-&v3_skey_id,
-&v3_key_usage,
-&v3_pkey_usage_period,
-&v3_alt[0],
-&v3_alt[1],
-&v3_bcons,
-&v3_crl_num,
-&v3_cpols,
-&v3_akey_id,
-&v3_crld,
-&v3_ext_ku,
-&v3_delta_crl,
-&v3_crl_reason,
+ &v3_nscert,
+ &v3_ns_ia5_list[0],
+ &v3_ns_ia5_list[1],
+ &v3_ns_ia5_list[2],
+ &v3_ns_ia5_list[3],
+ &v3_ns_ia5_list[4],
+ &v3_ns_ia5_list[5],
+ &v3_ns_ia5_list[6],
+ &v3_skey_id,
+ &v3_key_usage,
+ &v3_pkey_usage_period,
+ &v3_alt[0],
+ &v3_alt[1],
+ &v3_bcons,
+ &v3_crl_num,
+ &v3_cpols,
+ &v3_akey_id,
+ &v3_crld,
+ &v3_ext_ku,
+ &v3_delta_crl,
+ &v3_crl_reason,
#ifndef OPENSSL_NO_OCSP
-&v3_crl_invdate,
+ &v3_crl_invdate,
#endif
-&v3_sxnet,
-&v3_info,
+ &v3_sxnet,
+ &v3_info,
#ifndef OPENSSL_NO_OCSP
-&v3_ocsp_nonce,
-&v3_ocsp_crlid,
-&v3_ocsp_accresp,
-&v3_ocsp_nocheck,
-&v3_ocsp_acutoff,
-&v3_ocsp_serviceloc,
+ &v3_ocsp_nonce,
+ &v3_ocsp_crlid,
+ &v3_ocsp_accresp,
+ &v3_ocsp_nocheck,
+ &v3_ocsp_acutoff,
+ &v3_ocsp_serviceloc,
#endif
-&v3_sinfo,
-&v3_policy_constraints,
+ &v3_sinfo,
+ &v3_policy_constraints,
#ifndef OPENSSL_NO_OCSP
-&v3_crl_hold,
+ &v3_crl_hold,
#endif
-&v3_pci,
-&v3_name_constraints,
-&v3_policy_mappings,
-&v3_inhibit_anyp,
-&v3_idp,
-&v3_alt[2],
-&v3_freshest_crl,
+ &v3_pci,
+ &v3_name_constraints,
+ &v3_policy_mappings,
+ &v3_inhibit_anyp,
+ &v3_idp,
+ &v3_alt[2],
+ &v3_freshest_crl,
};
/* Number of standard extensions */
#define STANDARD_EXTENSION_COUNT (sizeof(standard_exts)/sizeof(X509V3_EXT_METHOD *))
-
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/crypto/x509v3/pcy_int.h
^
|
| @@ -1,6 +1,7 @@
/* pcy_int.h */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2004.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2004.
*/
/* ====================================================================
* Copyright (c) 2004 The OpenSSL Project. All rights reserved.
@@ -10,7 +11,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -56,121 +57,126 @@
*
*/
-
typedef struct X509_POLICY_DATA_st X509_POLICY_DATA;
DECLARE_STACK_OF(X509_POLICY_DATA)
/* Internal structures */
-/* This structure and the field names correspond to the Policy 'node' of
- * RFC3280. NB this structure contains no pointers to parent or child
- * data: X509_POLICY_NODE contains that. This means that the main policy data
- * can be kept static and cached with the certificate.
+/*
+ * This structure and the field names correspond to the Policy 'node' of
+ * RFC3280. NB this structure contains no pointers to parent or child data:
+ * X509_POLICY_NODE contains that. This means that the main policy data can
+ * be kept static and cached with the certificate.
*/
-struct X509_POLICY_DATA_st
- {
- unsigned int flags;
- /* Policy OID and qualifiers for this data */
- ASN1_OBJECT *valid_policy;
- STACK_OF(POLICYQUALINFO) *qualifier_set;
- STACK_OF(ASN1_OBJECT) *expected_policy_set;
- };
+struct X509_POLICY_DATA_st {
+ unsigned int flags;
+ /* Policy OID and qualifiers for this data */
+ ASN1_OBJECT *valid_policy;
+ STACK_OF(POLICYQUALINFO) *qualifier_set;
+ STACK_OF(ASN1_OBJECT) *expected_policy_set;
+};
/* X509_POLICY_DATA flags values */
-/* This flag indicates the structure has been mapped using a policy mapping
- * extension. If policy mapping is not active its references get deleted.
+/*
+ * This flag indicates the structure has been mapped using a policy mapping
+ * extension. If policy mapping is not active its references get deleted.
*/
-#define POLICY_DATA_FLAG_MAPPED 0x1
+#define POLICY_DATA_FLAG_MAPPED 0x1
-/* This flag indicates the data doesn't correspond to a policy in Certificate
+/*
+ * This flag indicates the data doesn't correspond to a policy in Certificate
* Policies: it has been mapped to any policy.
*/
-#define POLICY_DATA_FLAG_MAPPED_ANY 0x2
+#define POLICY_DATA_FLAG_MAPPED_ANY 0x2
/* AND with flags to see if any mapping has occurred */
-#define POLICY_DATA_FLAG_MAP_MASK 0x3
+#define POLICY_DATA_FLAG_MAP_MASK 0x3
/* qualifiers are shared and shouldn't be freed */
-#define POLICY_DATA_FLAG_SHARED_QUALIFIERS 0x4
+#define POLICY_DATA_FLAG_SHARED_QUALIFIERS 0x4
/* Parent node is an extra node and should be freed */
-#define POLICY_DATA_FLAG_EXTRA_NODE 0x8
+#define POLICY_DATA_FLAG_EXTRA_NODE 0x8
/* Corresponding CertificatePolicies is critical */
-#define POLICY_DATA_FLAG_CRITICAL 0x10
+#define POLICY_DATA_FLAG_CRITICAL 0x10
/* This structure is cached with a certificate */
struct X509_POLICY_CACHE_st {
- /* anyPolicy data or NULL if no anyPolicy */
- X509_POLICY_DATA *anyPolicy;
- /* other policy data */
- STACK_OF(X509_POLICY_DATA) *data;
- /* If InhibitAnyPolicy present this is its value or -1 if absent. */
- long any_skip;
- /* If policyConstraints and requireExplicitPolicy present this is its
- * value or -1 if absent.
- */
- long explicit_skip;
- /* If policyConstraints and policyMapping present this is its
- * value or -1 if absent.
- */
- long map_skip;
- };
+ /* anyPolicy data or NULL if no anyPolicy */
+ X509_POLICY_DATA *anyPolicy;
+ /* other policy data */
+ STACK_OF(X509_POLICY_DATA) *data;
+ /* If InhibitAnyPolicy present this is its value or -1 if absent. */
+ long any_skip;
+ /*
+ * If policyConstraints and requireExplicitPolicy present this is its
+ * value or -1 if absent.
+ */
+ long explicit_skip;
+ /*
+ * If policyConstraints and policyMapping present this is its value or -1
+ * if absent.
+ */
+ long map_skip;
+};
-/*#define POLICY_CACHE_FLAG_CRITICAL POLICY_DATA_FLAG_CRITICAL*/
+/*
+ * #define POLICY_CACHE_FLAG_CRITICAL POLICY_DATA_FLAG_CRITICAL
+ */
/* This structure represents the relationship between nodes */
-struct X509_POLICY_NODE_st
- {
- /* node data this refers to */
- const X509_POLICY_DATA *data;
- /* Parent node */
- X509_POLICY_NODE *parent;
- /* Number of child nodes */
- int nchild;
- };
-
-struct X509_POLICY_LEVEL_st
- {
- /* Cert for this level */
- X509 *cert;
- /* nodes at this level */
- STACK_OF(X509_POLICY_NODE) *nodes;
- /* anyPolicy node */
- X509_POLICY_NODE *anyPolicy;
- /* Extra data */
- /*STACK_OF(X509_POLICY_DATA) *extra_data;*/
- unsigned int flags;
- };
-
-struct X509_POLICY_TREE_st
- {
- /* This is the tree 'level' data */
- X509_POLICY_LEVEL *levels;
- int nlevel;
- /* Extra policy data when additional nodes (not from the certificate)
- * are required.
- */
- STACK_OF(X509_POLICY_DATA) *extra_data;
- /* This is the authority constained policy set */
- STACK_OF(X509_POLICY_NODE) *auth_policies;
- STACK_OF(X509_POLICY_NODE) *user_policies;
- unsigned int flags;
- };
+struct X509_POLICY_NODE_st {
+ /* node data this refers to */
+ const X509_POLICY_DATA *data;
+ /* Parent node */
+ X509_POLICY_NODE *parent;
+ /* Number of child nodes */
+ int nchild;
+};
+
+struct X509_POLICY_LEVEL_st {
+ /* Cert for this level */
+ X509 *cert;
+ /* nodes at this level */
+ STACK_OF(X509_POLICY_NODE) *nodes;
+ /* anyPolicy node */
+ X509_POLICY_NODE *anyPolicy;
+ /* Extra data */
+ /*
+ * STACK_OF(X509_POLICY_DATA) *extra_data;
+ */
+ unsigned int flags;
+};
+
+struct X509_POLICY_TREE_st {
+ /* This is the tree 'level' data */
+ X509_POLICY_LEVEL *levels;
+ int nlevel;
+ /*
+ * Extra policy data when additional nodes (not from the certificate) are
+ * required.
+ */
+ STACK_OF(X509_POLICY_DATA) *extra_data;
+ /* This is the authority constained policy set */
+ STACK_OF(X509_POLICY_NODE) *auth_policies;
+ STACK_OF(X509_POLICY_NODE) *user_policies;
+ unsigned int flags;
+};
/* Set if anyPolicy present in user policies */
-#define POLICY_FLAG_ANY_POLICY 0x2
+#define POLICY_FLAG_ANY_POLICY 0x2
/* Useful macros */
@@ -180,14 +186,13 @@
/* Internal functions */
X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, const ASN1_OBJECT *id,
- int crit);
+ int crit);
void policy_data_free(X509_POLICY_DATA *data);
X509_POLICY_DATA *policy_cache_find_data(const X509_POLICY_CACHE *cache,
- const ASN1_OBJECT *id);
+ const ASN1_OBJECT *id);
int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps);
-
STACK_OF(X509_POLICY_NODE) *policy_node_cmp_new(void);
void policy_cache_init(void);
@@ -195,18 +200,18 @@
void policy_cache_free(X509_POLICY_CACHE *cache);
X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level,
- const X509_POLICY_NODE *parent,
- const ASN1_OBJECT *id);
+ const X509_POLICY_NODE *parent,
+ const ASN1_OBJECT *id);
X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk,
- const ASN1_OBJECT *id);
+ const ASN1_OBJECT *id);
X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
- const X509_POLICY_DATA *data,
- X509_POLICY_NODE *parent,
- X509_POLICY_TREE *tree);
+ const X509_POLICY_DATA *data,
+ X509_POLICY_NODE *parent,
+ X509_POLICY_TREE *tree);
void policy_node_free(X509_POLICY_NODE *node);
int policy_node_match(const X509_POLICY_LEVEL *lvl,
- const X509_POLICY_NODE *node, const ASN1_OBJECT *oid);
+ const X509_POLICY_NODE *node, const ASN1_OBJECT *oid);
const X509_POLICY_CACHE *policy_cache_set(X509 *x);
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/include/openssl/aead.h
^
|
| @@ -98,23 +98,15 @@
/* EVP_aead_aes_256_gcm is AES-256 in Galois Counter Mode. */
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_gcm(void);
+/* EVP_aead_chacha20_poly1305 is the AEAD built from ChaCha20 and
+ * Poly1305 as described in RFC 7539. */
+OPENSSL_EXPORT const EVP_AEAD *EVP_aead_chacha20_poly1305(void);
+
/* EVP_aead_chacha20_poly1305_old is an AEAD built from ChaCha20 and
* Poly1305 that is used in the experimental ChaCha20-Poly1305 TLS cipher
* suites. */
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_chacha20_poly1305_old(void);
-/* EVP_aead_chacha20_poly1305 is currently an alias for
- * |EVP_aead_chacha20_poly1305_old|. In the future, the RFC 7539 version will
- * take this name. */
-OPENSSL_EXPORT const EVP_AEAD *EVP_aead_chacha20_poly1305(void);
-
-/* EVP_aead_chacha20_poly1305_rfc7539 is the AEAD built from ChaCha20 and
- * Poly1305 as described in RFC 7539.
- *
- * WARNING: this function is not ready yet. It will be renamed in the future to
- * drop the “_rfc7539” suffix. */
-OPENSSL_EXPORT const EVP_AEAD *EVP_aead_chacha20_poly1305_rfc7539(void);
-
/* EVP_aead_aes_128_key_wrap is AES-128 Key Wrap mode. This should never be
* used except to interoperate with existing systems that use this mode.
*
@@ -339,6 +331,14 @@
const uint8_t **out_iv, size_t *out_len);
+/* Deprecated functions. */
+
+/* EVP_aead_chacha20_poly1305_rfc7539 calls |EVP_aead_chacha20_poly1305|.
+ *
+ * TODO(davidben): Remove this. */
+OPENSSL_EXPORT const EVP_AEAD *EVP_aead_chacha20_poly1305_rfc7539(void);
+
+
#if defined(__cplusplus)
} /* extern C */
#endif
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/include/openssl/asn1.h
^
|
| @@ -85,6 +85,9 @@
#define V_ASN1_ANY -4 /* used in ASN1 template code */
#define V_ASN1_NEG 0x100 /* negative flag */
+/* No supported universal tags may exceed this value, to avoid ambiguity with
+ * V_ASN1_NEG. */
+#define V_ASN1_MAX_UNIVERSAL 0xff
#define V_ASN1_UNDEF -1
#define V_ASN1_EOC 0
@@ -1126,43 +1129,42 @@
#define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 147
#define ASN1_R_INVALID_UTF8STRING 148
#define ASN1_R_LIST_ERROR 149
-#define ASN1_R_MALLOC_FAILURE 150
-#define ASN1_R_MISSING_ASN1_EOS 151
-#define ASN1_R_MISSING_EOC 152
-#define ASN1_R_MISSING_SECOND_NUMBER 153
-#define ASN1_R_MISSING_VALUE 154
-#define ASN1_R_MSTRING_NOT_UNIVERSAL 155
-#define ASN1_R_MSTRING_WRONG_TAG 156
-#define ASN1_R_NESTED_ASN1_ERROR 157
-#define ASN1_R_NESTED_ASN1_STRING 158
-#define ASN1_R_NON_HEX_CHARACTERS 159
-#define ASN1_R_NOT_ASCII_FORMAT 160
-#define ASN1_R_NOT_ENOUGH_DATA 161
-#define ASN1_R_NO_MATCHING_CHOICE_TYPE 162
-#define ASN1_R_NULL_IS_WRONG_LENGTH 163
-#define ASN1_R_OBJECT_NOT_ASCII_FORMAT 164
-#define ASN1_R_ODD_NUMBER_OF_CHARS 165
-#define ASN1_R_SECOND_NUMBER_TOO_LARGE 166
-#define ASN1_R_SEQUENCE_LENGTH_MISMATCH 167
-#define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 168
-#define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 169
-#define ASN1_R_SHORT_LINE 170
-#define ASN1_R_STREAMING_NOT_SUPPORTED 171
-#define ASN1_R_STRING_TOO_LONG 172
-#define ASN1_R_STRING_TOO_SHORT 173
-#define ASN1_R_TAG_VALUE_TOO_HIGH 174
-#define ASN1_R_TIME_NOT_ASCII_FORMAT 175
-#define ASN1_R_TOO_LONG 176
-#define ASN1_R_TYPE_NOT_CONSTRUCTED 177
-#define ASN1_R_TYPE_NOT_PRIMITIVE 178
-#define ASN1_R_UNEXPECTED_EOC 179
-#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 180
-#define ASN1_R_UNKNOWN_FORMAT 181
-#define ASN1_R_UNKNOWN_TAG 182
-#define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 183
-#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 184
-#define ASN1_R_UNSUPPORTED_TYPE 185
-#define ASN1_R_WRONG_TAG 186
-#define ASN1_R_WRONG_TYPE 187
+#define ASN1_R_MISSING_ASN1_EOS 150
+#define ASN1_R_MISSING_EOC 151
+#define ASN1_R_MISSING_SECOND_NUMBER 152
+#define ASN1_R_MISSING_VALUE 153
+#define ASN1_R_MSTRING_NOT_UNIVERSAL 154
+#define ASN1_R_MSTRING_WRONG_TAG 155
+#define ASN1_R_NESTED_ASN1_ERROR 156
+#define ASN1_R_NESTED_ASN1_STRING 157
+#define ASN1_R_NON_HEX_CHARACTERS 158
+#define ASN1_R_NOT_ASCII_FORMAT 159
+#define ASN1_R_NOT_ENOUGH_DATA 160
+#define ASN1_R_NO_MATCHING_CHOICE_TYPE 161
+#define ASN1_R_NULL_IS_WRONG_LENGTH 162
+#define ASN1_R_OBJECT_NOT_ASCII_FORMAT 163
+#define ASN1_R_ODD_NUMBER_OF_CHARS 164
+#define ASN1_R_SECOND_NUMBER_TOO_LARGE 165
+#define ASN1_R_SEQUENCE_LENGTH_MISMATCH 166
+#define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 167
+#define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 168
+#define ASN1_R_SHORT_LINE 169
+#define ASN1_R_STREAMING_NOT_SUPPORTED 170
+#define ASN1_R_STRING_TOO_LONG 171
+#define ASN1_R_STRING_TOO_SHORT 172
+#define ASN1_R_TAG_VALUE_TOO_HIGH 173
+#define ASN1_R_TIME_NOT_ASCII_FORMAT 174
+#define ASN1_R_TOO_LONG 175
+#define ASN1_R_TYPE_NOT_CONSTRUCTED 176
+#define ASN1_R_TYPE_NOT_PRIMITIVE 177
+#define ASN1_R_UNEXPECTED_EOC 178
+#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 179
+#define ASN1_R_UNKNOWN_FORMAT 180
+#define ASN1_R_UNKNOWN_TAG 181
+#define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 182
+#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 183
+#define ASN1_R_UNSUPPORTED_TYPE 184
+#define ASN1_R_WRONG_TAG 185
+#define ASN1_R_WRONG_TYPE 186
#endif
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/include/openssl/base.h
^
|
| @@ -108,7 +108,7 @@
#endif
#define OPENSSL_IS_BORINGSSL
-#define BORINGSSL_201510
+#define BORINGSSL_201512
#define OPENSSL_VERSION_NUMBER 0x10002000
#define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER
@@ -138,6 +138,15 @@
#endif /* defined(BORINGSSL_SHARED_LIBRARY) */
+
+#if defined(__GNUC__)
+#define OPENSSL_PRINTF_FORMAT_FUNC(string_index, first_to_check) \
+ __attribute__((format(printf, string_index, first_to_check)))
+#else
+#define OPENSSL_PRINTF_FORMAT_FUNC(string_index, first_to_check)
+#endif
+
+
/* CRYPTO_THREADID is a dummy value. */
typedef int CRYPTO_THREADID;
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/include/openssl/bio.h
^
|
| @@ -308,18 +308,12 @@
OPENSSL_EXPORT void BIO_copy_next_retry(BIO *bio);
-/* Printf functions.
- *
- * These functions are versions of printf functions that output to a BIO rather
- * than a FILE. */
-#ifdef __GNUC__
-#define __bio_h__attr__ __attribute__
-#else
-#define __bio_h__attr__(x)
-#endif
+/* Printf functions. */
+
+/* BIO_printf behaves like |printf| but outputs to |bio| rather than a |FILE|.
+ * It returns the number of bytes written or a negative number on error. */
OPENSSL_EXPORT int BIO_printf(BIO *bio, const char *format, ...)
- __bio_h__attr__((__format__(__printf__, 2, 3)));
-#undef __bio_h__attr__
+ OPENSSL_PRINTF_FORMAT_FUNC(2, 3);
/* Utility functions. */
@@ -717,6 +711,11 @@
#define BIO_CTRL_GET_CALLBACK 15 /* opt - set callback function */
#define BIO_CTRL_SET_FILENAME 30 /* BIO_s_file special */
+/* These are never used, but exist to allow code to compile more easily. */
+#define BIO_CTRL_DUP 100
+#define BIO_CTRL_PUSH 101
+#define BIO_CTRL_POP 102
+
/* Android compatibility section.
*
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/include/openssl/bn.h
^
|
| @@ -253,6 +253,9 @@
* returns 0. Otherwise, it returns 1. */
OPENSSL_EXPORT int BN_bn2bin_padded(uint8_t *out, size_t len, const BIGNUM *in);
+/* BN_bn2cbb_padded behaves like |BN_bn2bin_padded| but writes to a |CBB|. */
+OPENSSL_EXPORT int BN_bn2cbb_padded(CBB *out, size_t len, const BIGNUM *in);
+
/* BN_bn2hex returns an allocated string that contains a NUL-terminated, hex
* representation of |bn|. If |bn| is negative, the first char in the resulting
* string will be '-'. Returns NULL on allocation failure. */
@@ -300,17 +303,17 @@
/* ASN.1 functions. */
-/* BN_cbs2unsigned parses a non-negative DER INTEGER from |cbs| writes the
- * result to |ret|. It returns one on success and zero on failure. */
-OPENSSL_EXPORT int BN_cbs2unsigned(CBS *cbs, BIGNUM *ret);
-
-/* BN_cbs2unsigned_buggy acts like |BN_cbs2unsigned| but tolerates some invalid
- * encodings. Do not use this function. */
-OPENSSL_EXPORT int BN_cbs2unsigned_buggy(CBS *cbs, BIGNUM *ret);
-
-/* BN_bn2cbb marshals |bn| as a non-negative DER INTEGER and appends the result
- * to |cbb|. It returns one on success and zero on failure. */
-OPENSSL_EXPORT int BN_bn2cbb(CBB *cbb, const BIGNUM *bn);
+/* BN_parse_asn1_unsigned parses a non-negative DER INTEGER from |cbs| writes
+ * the result to |ret|. It returns one on success and zero on failure. */
+OPENSSL_EXPORT int BN_parse_asn1_unsigned(CBS *cbs, BIGNUM *ret);
+
+/* BN_parse_asn1_unsigned_buggy acts like |BN_parse_asn1_unsigned| but tolerates
+ * some invalid encodings. Do not use this function. */
+OPENSSL_EXPORT int BN_parse_asn1_unsigned_buggy(CBS *cbs, BIGNUM *ret);
+
+/* BN_marshal_asn1 marshals |bn| as a non-negative DER INTEGER and appends the
+ * result to |cbb|. It returns one on success and zero on failure. */
+OPENSSL_EXPORT int BN_marshal_asn1(CBB *cbb, const BIGNUM *bn);
/* Internal functions.
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/include/openssl/buf.h
^
|
| @@ -67,7 +67,7 @@
/* Memory and string functions, see also mem.h. */
-/* BUF_MEM is a generic buffer object used by OpenSSL. */
+/* buf_mem_st (aka |BUF_MEM|) is a generic buffer object used by OpenSSL. */
struct buf_mem_st {
size_t length; /* current number of bytes */
char *data;
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/include/openssl/bytestring.h
^
|
| @@ -130,7 +130,18 @@
#define CBS_ASN1_ENUMERATED 0xa
#define CBS_ASN1_SEQUENCE (0x10 | CBS_ASN1_CONSTRUCTED)
#define CBS_ASN1_SET (0x11 | CBS_ASN1_CONSTRUCTED)
+#define CBS_ASN1_NUMERICSTRING 0x12
+#define CBS_ASN1_PRINTABLESTRING 0x13
+#define CBS_ASN1_T16STRING 0x14
+#define CBS_ASN1_VIDEOTEXSTRING 0x15
+#define CBS_ASN1_IA5STRING 0x16
+#define CBS_ASN1_UTCTIME 0x17
#define CBS_ASN1_GENERALIZEDTIME 0x18
+#define CBS_ASN1_GRAPHICSTRING 0x19
+#define CBS_ASN1_VISIBLESTRING 0x1a
+#define CBS_ASN1_GENERALSTRING 0x1b
+#define CBS_ASN1_UNIVERSALSTRING 0x1c
+#define CBS_ASN1_BMPSTRING 0x1e
#define CBS_ASN1_CONSTRUCTED 0x20
#define CBS_ASN1_CONTEXT_SPECIFIC 0x80
@@ -238,13 +249,13 @@
struct cbb_st {
struct cbb_buffer_st *base;
- /* offset is the offset from the start of |base->buf| to the position of any
- * pending length-prefix. */
- size_t offset;
/* child points to a child CBB if a length-prefix is pending. */
CBB *child;
- /* pending_len_len contains the number of bytes in a pending length-prefix,
- * or zero if no length-prefix is pending. */
+ /* offset is the number of bytes from the start of |base->buf| to this |CBB|'s
+ * pending length prefix. */
+ size_t offset;
+ /* pending_len_len contains the number of bytes in this |CBB|'s pending
+ * length-prefix, or zero if no length-prefix is pending. */
uint8_t pending_len_len;
char pending_is_asn1;
/* is_top_level is true iff this is a top-level |CBB| (as opposed to a child
@@ -292,12 +303,18 @@
* on error. */
OPENSSL_EXPORT int CBB_flush(CBB *cbb);
-/* CBB_len returns the number of bytes written to |cbb|'s top-level |CBB|. It
- * may be compared before and after an operation to determine how many bytes
- * were written.
+/* CBB_data returns a pointer to the bytes written to |cbb|. It does not flush
+ * |cbb|. The pointer is valid until the next operation to |cbb|.
*
- * It is a fatal error to call this on a CBB with any active children. This does
- * not flush |cbb|. */
+ * To avoid unfinalized length prefixes, it is a fatal error to call this on a
+ * CBB with any active children. */
+OPENSSL_EXPORT const uint8_t *CBB_data(const CBB *cbb);
+
+/* CBB_len returns the number of bytes written to |cbb|. It does not flush
+ * |cbb|.
+ *
+ * To avoid unfinalized length prefixes, it is a fatal error to call this on a
+ * CBB with any active children. */
OPENSSL_EXPORT size_t CBB_len(const CBB *cbb);
/* CBB_add_u8_length_prefixed sets |*out_contents| to a new child of |cbb|. The
@@ -332,6 +349,17 @@
* otherwise. */
OPENSSL_EXPORT int CBB_add_space(CBB *cbb, uint8_t **out_data, size_t len);
+/* CBB_reserve ensures |cbb| has room for |len| additional bytes and sets
+ * |*out_data| to point to the beginning of that space. It returns one on
+ * success and zero otherwise. The caller may write up to |len| bytes to
+ * |*out_data| and call |CBB_did_write| to complete the write. |*out_data| is
+ * valid until the next operation on |cbb| or an ancestor |CBB|. */
+OPENSSL_EXPORT int CBB_reserve(CBB *cbb, uint8_t **out_data, size_t len);
+
+/* CBB_did_write advances |cbb| by |len| bytes, assuming the space has been
+ * written to by the caller. It returns one on success and zero on error. */
+OPENSSL_EXPORT int CBB_did_write(CBB *cbb, size_t len);
+
/* CBB_add_u8 appends an 8-bit number from |value| to |cbb|. It returns one on
* success and zero otherwise. */
OPENSSL_EXPORT int CBB_add_u8(CBB *cbb, uint8_t value);
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/include/openssl/conf.h
^
|
| @@ -131,6 +131,31 @@
int (*list_cb)(const char *elem, int len, void *usr),
void *arg);
+
+/* Deprecated functions */
+
+/* These defines do nothing but are provided to make old code easier to
+ * compile. */
+#define CONF_MFLAGS_DEFAULT_SECTION 0
+#define CONF_MFLAGS_IGNORE_MISSING_FILE 0
+
+typedef struct conf_must_be_null_st CONF_MUST_BE_NULL;
+
+/* CONF_modules_load_file returns one. |filename| was originally a string, with
+ * NULL indicating the default. BoringSSL does not support configuration files,
+ * so this stub emulates the "default" no-op file but intentionally breaks
+ * compilation of consumers actively attempting to use this subsystem. */
+OPENSSL_EXPORT int CONF_modules_load_file(CONF_MUST_BE_NULL *filename,
+ const char *appname,
+ unsigned long flags);
+
+/* CONF_modules_free does nothing. */
+OPENSSL_EXPORT void CONF_modules_free(void);
+
+/* OPENSSL_config does nothing. */
+OPENSSL_EXPORT void OPENSSL_config(CONF_MUST_BE_NULL *config_name);
+
+
#if defined(__cplusplus)
} /* extern C */
#endif
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/include/openssl/crypto.h
^
|
| @@ -42,7 +42,9 @@
/* Deprecated functions. */
-#define OPENSSL_VERSION_TEXT "BoringSSL"
+/* OPENSSL_VERSION_TEXT contains a string the identifies the version of
+ * “OpenSSL”. node.js requires a version number in this text. */
+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2 (compatible; BoringSSL)"
#define SSLEAY_VERSION 0
@@ -60,6 +62,9 @@
/* ENGINE_load_builtin_engines does nothing. */
OPENSSL_EXPORT void ENGINE_load_builtin_engines(void);
+/* OPENSSL_load_builtin_modules does nothing. */
+OPENSSL_EXPORT void OPENSSL_load_builtin_modules(void);
+
#if defined(__cplusplus)
} /* extern C */
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/include/openssl/curve25519.h
^
|
| @@ -24,8 +24,7 @@
/* Curve25519.
*
- * Curve25519 is an elliptic curve. See
- * https://tools.ietf.org/html/draft-irtf-cfrg-curves-11. */
+ * Curve25519 is an elliptic curve. See https://tools.ietf.org/html/rfc7748. */
/* X25519.
@@ -33,7 +32,7 @@
* Curve25519 is an elliptic curve. The same name is also sometimes used for
* the Diffie-Hellman primitive built from it but “X25519” is a more precise
* name for that, which is the one used here. See http://cr.yp.to/ecdh.html and
- * https://tools.ietf.org/html/draft-irtf-cfrg-curves-11. */
+ * https://tools.ietf.org/html/rfc7748. */
/* X25519_keypair sets |out_public_value| and |out_private_key| to a freshly
* generated, public–private key pair. */
@@ -61,6 +60,10 @@
* Ed25519 is a signature scheme using a twisted-Edwards curve that is
* birationally equivalent to curve25519. */
+#define ED25519_PRIVATE_KEY_LEN 64
+#define ED25519_PUBLIC_KEY_LEN 32
+#define ED25519_SIGNATURE_LEN 64
+
/* ED25519_keypair sets |out_public_key| and |out_private_key| to a freshly
* generated, public–private key pair. */
OPENSSL_EXPORT void ED25519_keypair(uint8_t out_public_key[32],
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/include/openssl/dh.h
^
|
| @@ -156,8 +156,9 @@
* Note: these checks may be quite computationally expensive. */
OPENSSL_EXPORT int DH_check(const DH *dh, int *out_flags);
-#define DH_CHECK_PUBKEY_TOO_SMALL 1
-#define DH_CHECK_PUBKEY_TOO_LARGE 2
+#define DH_CHECK_PUBKEY_TOO_SMALL 0x1
+#define DH_CHECK_PUBKEY_TOO_LARGE 0x2
+#define DH_CHECK_PUBKEY_INVALID 0x4
/* DH_check_pub_key checks the suitability of |pub_key| as a public key for the
* DH group in |dh| and sets |DH_CHECK_PUBKEY_*| flags in |*out_flags| if it
@@ -177,7 +178,10 @@
* structure from |len| bytes at |*inp|. If |ret| is not NULL then, on exit, a
* pointer to the result is in |*ret|. If |*ret| is already non-NULL on entry
* then the result is written directly into |*ret|, otherwise a fresh |DH| is
- * allocated. On successful exit, |*inp| is advanced past the DER structure. It
+ * allocated. However, one should not depend on writing into |*ret| because
+ * this behaviour is likely to change in the future.
+ *
+ * On successful exit, |*inp| is advanced past the DER structure. It
* returns the result or NULL on error. */
OPENSSL_EXPORT DH *d2i_DHparams(DH **ret, const unsigned char **inp, long len);
@@ -193,7 +197,7 @@
* See |ex_data.h| for details. */
OPENSSL_EXPORT int DH_get_ex_new_index(long argl, void *argp,
- CRYPTO_EX_new *new_func,
+ CRYPTO_EX_unused *unused,
CRYPTO_EX_dup *dup_func,
CRYPTO_EX_free *free_func);
OPENSSL_EXPORT int DH_set_ex_data(DH *d, int idx, void *arg);
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/include/openssl/dsa.h
^
|
| @@ -128,7 +128,7 @@
/* Signatures. */
-/* DSA_SIG contains a DSA signature as a pair of integers. */
+/* DSA_SIG_st (aka |DSA_SIG|) contains a DSA signature as a pair of integers. */
typedef struct DSA_SIG_st {
BIGNUM *r, *s;
} DSA_SIG;
@@ -218,100 +218,154 @@
/* ASN.1 encoding. */
+/* DSA_SIG_parse parses a DER-encoded DSA-Sig-Value structure from |cbs| and
+ * advances |cbs|. It returns a newly-allocated |DSA_SIG| or NULL on error. */
+OPENSSL_EXPORT DSA_SIG *DSA_SIG_parse(CBS *cbs);
+
+/* DSA_SIG_marshal marshals |sig| as a DER-encoded DSA-Sig-Value and appends the
+ * result to |cbb|. It returns one on success and zero on error. */
+OPENSSL_EXPORT int DSA_SIG_marshal(CBB *cbb, const DSA_SIG *sig);
+
+/* DSA_parse_public_key parses a DER-encoded DSA public key from |cbs| and
+ * advances |cbs|. It returns a newly-allocated |DSA| or NULL on error. */
+OPENSSL_EXPORT DSA *DSA_parse_public_key(CBS *cbs);
+
+/* DSA_marshal_public_key marshals |dsa| as a DER-encoded DSA public key and
+ * appends the result to |cbb|. It returns one on success and zero on
+ * failure. */
+OPENSSL_EXPORT int DSA_marshal_public_key(CBB *cbb, const DSA *dsa);
+
+/* DSA_parse_private_key parses a DER-encoded DSA private key from |cbs| and
+ * advances |cbs|. It returns a newly-allocated |DSA| or NULL on error. */
+OPENSSL_EXPORT DSA *DSA_parse_private_key(CBS *cbs);
+
+/* DSA_marshal_private_key marshals |dsa| as a DER-encoded DSA private key and
+ * appends the result to |cbb|. It returns one on success and zero on
+ * failure. */
+OPENSSL_EXPORT int DSA_marshal_private_key(CBB *cbb, const DSA *dsa);
+
+/* DSA_parse_parameters parses a DER-encoded Dss-Parms structure (RFC 3279)
+ * from |cbs| and advances |cbs|. It returns a newly-allocated |DSA| or NULL on
+ * error. */
+OPENSSL_EXPORT DSA *DSA_parse_parameters(CBS *cbs);
+
+/* DSA_marshal_parameters marshals |dsa| as a DER-encoded Dss-Parms structure
+ * (RFC 3447) and appends the result to |cbb|. It returns one on success and
+ * zero on failure. */
+OPENSSL_EXPORT int DSA_marshal_parameters(CBB *cbb, const DSA *dsa);
+
+
+/* Precomputation. */
+
+/* DSA_sign_setup precomputes the message independent part of the DSA signature
+ * and writes them to |*out_kinv| and |*out_r|. Returns one on success, zero on
+ * error.
+ *
+ * TODO(fork): decide what to do with this. Since making DSA* opaque there's no
+ * way for the user to install them. Also, it forces the DSA* not to be const
+ * when passing to the signing function. */
+OPENSSL_EXPORT int DSA_sign_setup(const DSA *dsa, BN_CTX *ctx,
+ BIGNUM **out_kinv, BIGNUM **out_r);
+
+
+/* Conversion. */
+
+/* DSA_dup_DH returns a |DH| constructed from the parameters of |dsa|. This is
+ * sometimes needed when Diffie-Hellman parameters are stored in the form of
+ * DSA parameters. It returns an allocated |DH| on success or NULL on error. */
+OPENSSL_EXPORT DH *DSA_dup_DH(const DSA *dsa);
+
+
+/* ex_data functions.
+ *
+ * See |ex_data.h| for details. */
+
+OPENSSL_EXPORT int DSA_get_ex_new_index(long argl, void *argp,
+ CRYPTO_EX_unused *unused,
+ CRYPTO_EX_dup *dup_func,
+ CRYPTO_EX_free *free_func);
+OPENSSL_EXPORT int DSA_set_ex_data(DSA *d, int idx, void *arg);
+OPENSSL_EXPORT void *DSA_get_ex_data(const DSA *d, int idx);
+
+
+/* Deprecated functions. */
+
/* d2i_DSA_SIG parses an ASN.1, DER-encoded, DSA signature from |len| bytes at
* |*inp|. If |out_sig| is not NULL then, on exit, a pointer to the result is
- * in |*out_sig|. If |*out_sig| is already non-NULL on entry then the result is
- * written directly into |*out_sig|, otherwise a fresh |DSA_SIG| is allocated.
- * On successful exit, |*inp| is advanced past the DER structure. It returns
- * the result or NULL on error. */
+ * in |*out_sig|. Note that, even if |*out_sig| is already non-NULL on entry, it
+ * will not be written to. Rather, a fresh |DSA_SIG| is allocated and the
+ * previous one is freed. On successful exit, |*inp| is advanced past the DER
+ * structure. It returns the result or NULL on error.
+ *
+ * Use |DSA_SIG_parse| instead. */
OPENSSL_EXPORT DSA_SIG *d2i_DSA_SIG(DSA_SIG **out_sig, const uint8_t **inp,
long len);
/* i2d_DSA_SIG marshals |in| to an ASN.1, DER structure. If |outp| is not NULL
* then the result is written to |*outp| and |*outp| is advanced just past the
* output. It returns the number of bytes in the result, whether written or not,
- * or a negative value on error. */
+ * or a negative value on error.
+ *
+ * Use |DSA_SIG_marshal| instead. */
OPENSSL_EXPORT int i2d_DSA_SIG(const DSA_SIG *in, uint8_t **outp);
/* d2i_DSAPublicKey parses an ASN.1, DER-encoded, DSA public key from |len|
* bytes at |*inp|. If |out| is not NULL then, on exit, a pointer to the result
- * is in |*out|. If |*out| is already non-NULL on entry then the result is
- * written directly into |*out|, otherwise a fresh |DSA| is allocated. On
- * successful exit, |*inp| is advanced past the DER structure. It returns the
- * result or NULL on error. */
+ * is in |*out|. Note that, even if |*ou| is already non-NULL on entry, it will
+ * not be written to. Rather, a fresh |DSA| is allocated and the previous one is
+ * freed. On successful exit, |*inp| is advanced past the DER structure. It
+ * returns the result or NULL on error.
+ *
+ * Use |DSA_parse_public_key| instead. */
OPENSSL_EXPORT DSA *d2i_DSAPublicKey(DSA **out, const uint8_t **inp, long len);
/* i2d_DSAPublicKey marshals a public key from |in| to an ASN.1, DER structure.
* If |outp| is not NULL then the result is written to |*outp| and |*outp| is
* advanced just past the output. It returns the number of bytes in the result,
- * whether written or not, or a negative value on error. */
-OPENSSL_EXPORT int i2d_DSAPublicKey(const DSA *in, unsigned char **outp);
+ * whether written or not, or a negative value on error.
+ *
+ * Use |DSA_marshal_public_key| instead. */
+OPENSSL_EXPORT int i2d_DSAPublicKey(const DSA *in, uint8_t **outp);
/* d2i_DSAPrivateKey parses an ASN.1, DER-encoded, DSA private key from |len|
* bytes at |*inp|. If |out| is not NULL then, on exit, a pointer to the result
- * is in |*out|. If |*out| is already non-NULL on entry then the result is
- * written directly into |*out|, otherwise a fresh |DSA| is allocated. On
- * successful exit, |*inp| is advanced past the DER structure. It returns the
- * result or NULL on error. */
+ * is in |*out|. Note that, even if |*out| is already non-NULL on entry, it will
+ * not be written to. Rather, a fresh |DSA| is allocated and the previous one is
+ * freed. On successful exit, |*inp| is advanced past the DER structure. It
+ * returns the result or NULL on error.
+ *
+ * Use |DSA_parse_private_key| instead. */
OPENSSL_EXPORT DSA *d2i_DSAPrivateKey(DSA **out, const uint8_t **inp, long len);
/* i2d_DSAPrivateKey marshals a private key from |in| to an ASN.1, DER structure.
* If |outp| is not NULL then the result is written to |*outp| and |*outp| is
* advanced just past the output. It returns the number of bytes in the result,
- * whether written or not, or a negative value on error. */
-OPENSSL_EXPORT int i2d_DSAPrivateKey(const DSA *in, unsigned char **outp);
+ * whether written or not, or a negative value on error.
+ *
+ * Use |DSA_marshal_private_key| instead. */
+OPENSSL_EXPORT int i2d_DSAPrivateKey(const DSA *in, uint8_t **outp);
/* d2i_DSAparams parses ASN.1, DER-encoded, DSA parameters from |len| bytes at
* |*inp|. If |out| is not NULL then, on exit, a pointer to the result is in
- * |*out|. If |*out| is already non-NULL on entry then the result is written
- * directly into |*out|, otherwise a fresh |DSA| is allocated. On successful
- * exit, |*inp| is advanced past the DER structure. It returns the result or
- * NULL on error. */
+ * |*out|. Note that, even if |*out| is already non-NULL on entry, it will not
+ * be written to. Rather, a fresh |DSA| is allocated and the previous one is
+ * freed. On successful exit, |*inp| is advanced past the DER structure. It
+ * returns the result or NULL on error.
+ *
+ * Use |DSA_parse_parameters| instead. */
OPENSSL_EXPORT DSA *d2i_DSAparams(DSA **out, const uint8_t **inp, long len);
/* i2d_DSAparams marshals DSA parameters from |in| to an ASN.1, DER structure.
* If |outp| is not NULL then the result is written to |*outp| and |*outp| is
* advanced just past the output. It returns the number of bytes in the result,
- * whether written or not, or a negative value on error. */
-OPENSSL_EXPORT int i2d_DSAparams(const DSA *in, unsigned char **outp);
-
-
-/* Precomputation. */
-
-/* DSA_sign_setup precomputes the message independent part of the DSA signature
- * and writes them to |*out_kinv| and |*out_r|. Returns one on success, zero on
- * error.
- *
- * TODO(fork): decide what to do with this. Since making DSA* opaque there's no
- * way for the user to install them. Also, it forces the DSA* not to be const
- * when passing to the signing function. */
-OPENSSL_EXPORT int DSA_sign_setup(const DSA *dsa, BN_CTX *ctx,
- BIGNUM **out_kinv, BIGNUM **out_r);
-
-
-/* Conversion. */
-
-/* DSA_dup_DH returns a |DH| constructed from the parameters of |dsa|. This is
- * sometimes needed when Diffie-Hellman parameters are stored in the form of
- * DSA parameters. It returns an allocated |DH| on success or NULL on error. */
-OPENSSL_EXPORT DH *DSA_dup_DH(const DSA *dsa);
-
-
-/* ex_data functions.
+ * whether written or not, or a negative value on error.
*
- * See |ex_data.h| for details. */
-
-OPENSSL_EXPORT int DSA_get_ex_new_index(long argl, void *argp,
- CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func,
- CRYPTO_EX_free *free_func);
-OPENSSL_EXPORT int DSA_set_ex_data(DSA *d, int idx, void *arg);
-OPENSSL_EXPORT void *DSA_get_ex_data(const DSA *d, int idx);
+ * Use |DSA_marshal_parameters| instead. */
+OPENSSL_EXPORT int i2d_DSAparams(const DSA *in, uint8_t **outp);
struct dsa_st {
long version;
- int write_params;
BIGNUM *p;
BIGNUM *q; /* == 20 */
BIGNUM *g;
@@ -339,5 +393,8 @@
#define DSA_R_MISSING_PARAMETERS 101
#define DSA_R_MODULUS_TOO_LARGE 102
#define DSA_R_NEED_NEW_SETUP_VALUES 103
+#define DSA_R_BAD_VERSION 104
+#define DSA_R_DECODE_ERROR 105
+#define DSA_R_ENCODE_ERROR 106
#endif /* OPENSSL_HEADER_DSA_H */
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/include/openssl/ec.h
^
|
| @@ -81,14 +81,24 @@
typedef struct ec_group_st EC_GROUP;
typedef struct ec_point_st EC_POINT;
-/** Enum for the point conversion form as defined in X9.62 (ECDSA)
- * for the encoding of a elliptic curve point (x,y) */
+/* point_conversion_form_t enumerates forms, as defined in X9.62 (ECDSA), for
+ * the encoding of a elliptic curve point (x,y) */
typedef enum {
- /** the point is encoded as z||x, where the octet z specifies
- * which solution of the quadratic equation y is */
- POINT_CONVERSION_COMPRESSED = 2,
- /** the point is encoded as z||x||y, where z is the octet 0x04 */
- POINT_CONVERSION_UNCOMPRESSED = 4
+ /* POINT_CONVERSION_COMPRESSED indicates that the point is encoded as z||x,
+ * where the octet z specifies which solution of the quadratic equation y
+ * is. */
+ POINT_CONVERSION_COMPRESSED = 2,
+
+ /* POINT_CONVERSION_COMPRESSED indicates that the point is encoded as
+ * z||x||y, where z is the octet 0x04. */
+ POINT_CONVERSION_UNCOMPRESSED = 4,
+
+ /* POINT_CONVERSION_HYBRID indicates that the point is encoded as z||x||y,
+ * where z specifies which solution of the quadratic equation y is. This is
+ * not supported by the code and has never been observed in use.
+ *
+ * TODO(agl): remove once node.js no longer references this. */
+ POINT_CONVERSION_HYBRID = 6,
} point_conversion_form_t;
@@ -120,10 +130,9 @@
* in |group| that specifies the generator for the group. */
OPENSSL_EXPORT const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group);
-/* EC_GROUP_get_order sets |*order| to the order of |group|, if it's not
- * NULL. It returns one on success and zero otherwise. |ctx| is ignored. */
-OPENSSL_EXPORT int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order,
- BN_CTX *ctx);
+/* EC_GROUP_get0_order returns a pointer to the internal |BIGNUM| object in
+ * |group| that specifies the order of the group. */
+OPENSSL_EXPORT const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group);
/* EC_GROUP_get_cofactor sets |*cofactor| to the cofactor of |group| using
* |ctx|, if it's not NULL. It returns one on success and zero otherwise. */
@@ -230,6 +239,13 @@
point_conversion_form_t form,
uint8_t *buf, size_t len, BN_CTX *ctx);
+/* EC_POINT_point2cbb behaves like |EC_POINT_point2oct| but appends the
+ * serialised point to |cbb|. It returns one on success and zero on error. */
+OPENSSL_EXPORT int EC_POINT_point2cbb(CBB *out, const EC_GROUP *group,
+ const EC_POINT *point,
+ point_conversion_form_t form,
+ BN_CTX *ctx);
+
/* EC_POINT_oct2point sets |point| from |len| bytes of X9.62 format
* serialisation in |buf|. It returns one on success and zero otherwise. The
* |ctx| argument may be used if not NULL. */
@@ -272,24 +288,22 @@
/* Deprecated functions. */
-/* EC_GROUP_new_curve_GFp creates a new, arbitrary elliptic curve group based
- * on the equation y² = x³ + a·x + b. It returns the new group or NULL on
- * error.
+/* EC_GROUP_new_arbitrary creates a new, arbitrary elliptic curve group based on
+ * the equation y² = x³ + a·x + b. The generator is set to (gx, gy) which must
+ * have the given order and cofactor. It returns the new group or NULL on error.
*
* |EC_GROUP|s returned by this function will always compare as unequal via
* |EC_GROUP_cmp| (even to themselves). |EC_GROUP_get_curve_name| will always
* return |NID_undef|. */
-OPENSSL_EXPORT EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p,
- const BIGNUM *a,
- const BIGNUM *b, BN_CTX *ctx);
-
-/* EC_GROUP_set_generator sets the generator for |group| to |generator|, which
- * must have the given order and cofactor. This should only be used with
- * |EC_GROUP| objects returned by |EC_GROUP_new_curve_GFp|. */
-OPENSSL_EXPORT int EC_GROUP_set_generator(EC_GROUP *group,
- const EC_POINT *generator,
- const BIGNUM *order,
- const BIGNUM *cofactor);
+OPENSSL_EXPORT EC_GROUP *EC_GROUP_new_arbitrary(
+ const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, const BIGNUM *gx,
+ const BIGNUM *gy, const BIGNUM *order, const BIGNUM *cofactor);
+
+/* EC_GROUP_get_order sets |*order| to the order of |group|, if it's not
+ * NULL. It returns one on success and zero otherwise. |ctx| is ignored. Use
+ * |EC_GROUP_get0_order| instead. */
+OPENSSL_EXPORT int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order,
+ BN_CTX *ctx);
/* EC_GROUP_set_asn1_flag does nothing. */
OPENSSL_EXPORT void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag);
@@ -309,6 +323,19 @@
OPENSSL_EXPORT void EC_GROUP_set_point_conversion_form(
EC_GROUP *group, point_conversion_form_t form);
+/* EC_builtin_curve describes a supported elliptic curve. */
+typedef struct {
+ int nid;
+ const char *comment;
+} EC_builtin_curve;
+
+/* EC_get_builtin_curves writes at most |max_num_curves| elements to
+ * |out_curves| and returns the total number that it would have written, had
+ * |max_num_curves| been large enough.
+ *
+ * The |EC_builtin_curve| items describe the supported elliptic curves. */
+OPENSSL_EXPORT size_t EC_get_builtin_curves(EC_builtin_curve *out_curves,
+ size_t max_num_curves);
/* Old code expects to get EC_KEY from ec.h. */
#include <openssl/ec_key.h>
@@ -346,5 +373,8 @@
#define EC_R_WRONG_ORDER 125
#define EC_R_BIGNUM_OUT_OF_RANGE 126
#define EC_R_WRONG_CURVE_PARAMETERS 127
+#define EC_R_DECODE_ERROR 128
+#define EC_R_ENCODE_ERROR 129
+#define EC_R_GROUP_MISMATCH 130
#endif /* OPENSSL_HEADER_EC_H */
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/include/openssl/ec_key.h
^
|
| @@ -177,48 +177,26 @@
/* Serialisation. */
-/* d2i_ECPrivateKey parses an ASN.1, DER-encoded, private key from |len| bytes
- * at |*inp|. If |out_key| is not NULL then, on exit, a pointer to the result
- * is in |*out_key|. If |*out_key| is already non-NULL on entry then the result
- * is written directly into |*out_key|, otherwise a fresh |EC_KEY| is
- * allocated. On successful exit, |*inp| is advanced past the DER structure. It
- * returns the result or NULL on error. */
-OPENSSL_EXPORT EC_KEY *d2i_ECPrivateKey(EC_KEY **out_key, const uint8_t **inp,
- long len);
-
-/* i2d_ECPrivateKey marshals an EC private key from |key| to an ASN.1, DER
- * structure. If |outp| is not NULL then the result is written to |*outp| and
- * |*outp| is advanced just past the output. It returns the number of bytes in
- * the result, whether written or not, or a negative value on error. */
-OPENSSL_EXPORT int i2d_ECPrivateKey(const EC_KEY *key, uint8_t **outp);
-
-/* d2i_ECParameters parses an ASN.1, DER-encoded, set of EC parameters from
- * |len| bytes at |*inp|. If |out_key| is not NULL then, on exit, a pointer to
- * the result is in |*out_key|. If |*out_key| is already non-NULL on entry then
- * the result is written directly into |*out_key|, otherwise a fresh |EC_KEY|
- * is allocated. On successful exit, |*inp| is advanced past the DER structure.
- * It returns the result or NULL on error. */
-OPENSSL_EXPORT EC_KEY *d2i_ECParameters(EC_KEY **out_key, const uint8_t **inp,
- long len);
-
-/* i2d_ECParameters marshals EC parameters from |key| to an ASN.1, DER
- * structure. If |outp| is not NULL then the result is written to |*outp| and
- * |*outp| is advanced just past the output. It returns the number of bytes in
- * the result, whether written or not, or a negative value on error. */
-OPENSSL_EXPORT int i2d_ECParameters(const EC_KEY *key, uint8_t **outp);
-
-/* o2i_ECPublicKey parses an EC point from |len| bytes at |*inp| into
- * |*out_key|. Note that this differs from the d2i format in that |*out_key|
- * must be non-NULL with a group set. On successful exit, |*inp| is advanced by
- * |len| bytes. It returns |*out_key| or NULL on error. */
-OPENSSL_EXPORT EC_KEY *o2i_ECPublicKey(EC_KEY **out_key, const uint8_t **inp,
- long len);
-
-/* i2o_ECPublicKey marshals an EC point from |key|. If |outp| is not NULL then
- * the result is written to |*outp| and |*outp| is advanced just past the
- * output. It returns the number of bytes in the result, whether written or
- * not, or a negative value on error. */
-OPENSSL_EXPORT int i2o_ECPublicKey(const EC_KEY *key, unsigned char **outp);
+/* EC_KEY_parse_private_key parses a DER-encoded ECPrivateKey structure (RFC
+ * 5915) from |cbs| and advances |cbs|. It returns a newly-allocated |EC_KEY| or
+ * NULL on error. If |group| is non-null, the parameters field of the
+ * ECPrivateKey may be omitted (but must match |group| if present). Otherwise,
+ * the parameters field is required. */
+OPENSSL_EXPORT EC_KEY *EC_KEY_parse_private_key(CBS *cbs,
+ const EC_GROUP *group);
+
+/* EC_KEY_marshal_private_key marshals |key| as a DER-encoded ECPrivateKey
+ * structure (RFC 5915) and appends the result to |cbb|. It returns one on
+ * success and zero on failure. |enc_flags| is a combination of |EC_PKEY_*|
+ * values and controls whether corresponding fields are omitted. */
+OPENSSL_EXPORT int EC_KEY_marshal_private_key(CBB *cbb, const EC_KEY *key,
+ unsigned enc_flags);
+
+/* EC_KEY_parse_parameters parses a DER-encoded ECParameters structure (RFC
+ * 5480) from |cbs| and advances |cbs|. It returns a newly-allocated |EC_GROUP|
+ * or NULL on error. It supports the namedCurve and specifiedCurve options, but
+ * use of specifiedCurve is deprecated. */
+OPENSSL_EXPORT EC_GROUP *EC_KEY_parse_parameters(CBS *cbs);
/* ex_data functions.
@@ -226,7 +204,7 @@
* These functions are wrappers. See |ex_data.h| for details. */
OPENSSL_EXPORT int EC_KEY_get_ex_new_index(long argl, void *argp,
- CRYPTO_EX_new *new_func,
+ CRYPTO_EX_unused *unused,
CRYPTO_EX_dup *dup_func,
CRYPTO_EX_free *free_func);
OPENSSL_EXPORT int EC_KEY_set_ex_data(EC_KEY *r, int idx, void *arg);
@@ -272,6 +250,64 @@
/* EC_KEY_set_asn1_flag does nothing. */
OPENSSL_EXPORT void EC_KEY_set_asn1_flag(EC_KEY *key, int flag);
+/* d2i_ECPrivateKey parses an ASN.1, DER-encoded, private key from |len| bytes
+ * at |*inp|. If |out_key| is not NULL then, on exit, a pointer to the result
+ * is in |*out_key|. Note that, even if |*out_key| is already non-NULL on entry,
+ * it * will not be written to. Rather, a fresh |EC_KEY| is allocated and the
+ * previous * one is freed. On successful exit, |*inp| is advanced past the DER
+ * structure. It returns the result or NULL on error.
+ *
+ * On input, if |*out_key| is non-NULL and has a group configured, the
+ * parameters field may be omitted but must match that group if present.
+ *
+ * Use |EC_KEY_parse_private_key| instead. */
+OPENSSL_EXPORT EC_KEY *d2i_ECPrivateKey(EC_KEY **out_key, const uint8_t **inp,
+ long len);
+
+/* i2d_ECPrivateKey marshals an EC private key from |key| to an ASN.1, DER
+ * structure. If |outp| is not NULL then the result is written to |*outp| and
+ * |*outp| is advanced just past the output. It returns the number of bytes in
+ * the result, whether written or not, or a negative value on error.
+ *
+ * Use |EC_KEY_marshal_private_key| instead. */
+OPENSSL_EXPORT int i2d_ECPrivateKey(const EC_KEY *key, uint8_t **outp);
+
+/* d2i_ECParameters parses an ASN.1, DER-encoded, set of EC parameters from
+ * |len| bytes at |*inp|. If |out_key| is not NULL then, on exit, a pointer to
+ * the result is in |*out_key|. Note that, even if |*out_key| is already
+ * non-NULL on entry, it will not be written to. Rather, a fresh |EC_KEY| is
+ * allocated and the previous one is freed. On successful exit, |*inp| is
+ * advanced past the DER structure. It returns the result or NULL on error.
+ *
+ * Use EC_KEY_parse_parameters instead. */
+OPENSSL_EXPORT EC_KEY *d2i_ECParameters(EC_KEY **out_key, const uint8_t **inp,
+ long len);
+
+/* i2d_ECParameters marshals EC parameters from |key| to an ASN.1, DER
+ * structure. If |outp| is not NULL then the result is written to |*outp| and
+ * |*outp| is advanced just past the output. It returns the number of bytes in
+ * the result, whether written or not, or a negative value on error.
+ *
+ * Use |OBJ_nid2cbb| and |EC_GROUP_get_curve_name| instead. */
+OPENSSL_EXPORT int i2d_ECParameters(const EC_KEY *key, uint8_t **outp);
+
+/* o2i_ECPublicKey parses an EC point from |len| bytes at |*inp| into
+ * |*out_key|. Note that this differs from the d2i format in that |*out_key|
+ * must be non-NULL with a group set. On successful exit, |*inp| is advanced by
+ * |len| bytes. It returns |*out_key| or NULL on error.
+ *
+ * Use |EC_POINT_oct2point| instead. */
+OPENSSL_EXPORT EC_KEY *o2i_ECPublicKey(EC_KEY **out_key, const uint8_t **inp,
+ long len);
+
+/* i2o_ECPublicKey marshals an EC point from |key|. If |outp| is not NULL then
+ * the result is written to |*outp| and |*outp| is advanced just past the
+ * output. It returns the number of bytes in the result, whether written or
+ * not, or a negative value on error.
+ *
+ * Use |EC_POINT_point2cbb| instead. */
+OPENSSL_EXPORT int i2o_ECPublicKey(const EC_KEY *key, unsigned char **outp);
+
#if defined(__cplusplus)
} /* extern C */
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/include/openssl/ecdsa.h
^
|
| @@ -178,10 +178,10 @@
/* d2i_ECDSA_SIG parses an ASN.1, DER-encoded, signature from |len| bytes at
* |*inp|. If |out| is not NULL then, on exit, a pointer to the result is in
- * |*out|. If |*out| is already non-NULL on entry then the result is written
- * directly into |*out|, otherwise a fresh |ECDSA_SIG| is allocated. On
- * successful exit, |*inp| is advanced past the DER structure. It returns the
- * result or NULL on error. */
+ * |*out|. Note that, even if |*out| is already non-NULL on entry, it will not
+ * be written to. Rather, a fresh |ECDSA_SIG| is allocated and the previous one
+ * is freed. On successful exit, |*inp| is advanced past the DER structure. It
+ * returns the result or NULL on error. */
OPENSSL_EXPORT ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **out, const uint8_t **inp,
long len);
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/include/openssl/err.h
^
|
| @@ -317,7 +317,8 @@
/* ERR_add_error_dataf takes a printf-style format and arguments, and sets the
* result as the data on the most recent error. */
-OPENSSL_EXPORT void ERR_add_error_dataf(const char *format, ...);
+OPENSSL_EXPORT void ERR_add_error_dataf(const char *format, ...)
+ OPENSSL_PRINTF_FORMAT_FUNC(1, 2);
/* ERR_set_mark "marks" the most recent error for use with |ERR_pop_to_mark|.
* It returns one if an error was marked and zero if there are no errors. */
@@ -367,7 +368,7 @@
/* ERR_NUM_ERRORS is the limit of the number of errors in the queue. */
#define ERR_NUM_ERRORS 16
-/* ERR_STATE contains the per-thread, error queue. */
+/* err_state_st (aka |ERR_STATE|) contains the per-thread, error queue. */
typedef struct err_state_st {
/* errors contains the ERR_NUM_ERRORS most recent errors, organised as a ring
* buffer. */
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/include/openssl/evp.h
^
|
| @@ -133,8 +133,8 @@
* values. */
OPENSSL_EXPORT int EVP_PKEY_id(const EVP_PKEY *pkey);
-/* EVP_PKEY_type returns a canonicalised form of |NID|. For example,
- * |EVP_PKEY_RSA2| will be turned into |EVP_PKEY_RSA|. */
+/* EVP_PKEY_type returns |nid| if |nid| is a known key type and |NID_undef|
+ * otherwise. */
OPENSSL_EXPORT int EVP_PKEY_type(int nid);
@@ -163,16 +163,9 @@
OPENSSL_EXPORT EC_KEY *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey);
OPENSSL_EXPORT EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
-OPENSSL_EXPORT int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key);
-OPENSSL_EXPORT int EVP_PKEY_assign_DH(EVP_PKEY *pkey, DH *key);
-OPENSSL_EXPORT DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
-
#define EVP_PKEY_NONE NID_undef
#define EVP_PKEY_RSA NID_rsaEncryption
-#define EVP_PKEY_RSA2 NID_rsa
#define EVP_PKEY_DSA NID_dsa
-#define EVP_PKEY_DH NID_dhKeyAgreement
-#define EVP_PKEY_DHX NID_dhpublicnumber
#define EVP_PKEY_EC NID_X9_62_id_ecPublicKey
/* EVP_PKEY_assign sets the underlying key of |pkey| to |key|, which must be of
@@ -195,34 +188,37 @@
/* ASN.1 functions */
-/* d2i_PrivateKey parses an ASN.1, DER-encoded, private key from |len| bytes at
- * |*inp|. If |out| is not NULL then, on exit, a pointer to the result is in
- * |*out|. If |*out| is already non-NULL on entry then the result is written
- * directly into |*out|, otherwise a fresh |EVP_PKEY| is allocated. On
- * successful exit, |*inp| is advanced past the DER structure. It returns the
- * result or NULL on error. */
-OPENSSL_EXPORT EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **out,
- const uint8_t **inp, long len);
+/* EVP_parse_public_key decodes a DER-encoded SubjectPublicKeyInfo structure
+ * (RFC 5280) from |cbs| and advances |cbs|. It returns a newly-allocated
+ * |EVP_PKEY| or NULL on error.
+ *
+ * The caller must check the type of the parsed public key to ensure it is
+ * suitable and validate other desired key properties such as RSA modulus size
+ * or EC curve. */
+OPENSSL_EXPORT EVP_PKEY *EVP_parse_public_key(CBS *cbs);
-/* d2i_AutoPrivateKey acts the same as |d2i_PrivateKey|, but detects the type
- * of the private key. */
-OPENSSL_EXPORT EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **out, const uint8_t **inp,
- long len);
+/* EVP_marshal_public_key marshals |key| as a DER-encoded SubjectPublicKeyInfo
+ * structure (RFC 5280) and appends the result to |cbb|. It returns one on
+ * success and zero on error. */
+OPENSSL_EXPORT int EVP_marshal_public_key(CBB *cbb, const EVP_PKEY *key);
-/* i2d_PrivateKey marshals a private key from |key| to an ASN.1, DER
- * structure. If |outp| is not NULL then the result is written to |*outp| and
- * |*outp| is advanced just past the output. It returns the number of bytes in
- * the result, whether written or not, or a negative value on error. */
-OPENSSL_EXPORT int i2d_PrivateKey(const EVP_PKEY *key, uint8_t **outp);
+/* EVP_parse_private_key decodes a DER-encoded PrivateKeyInfo structure (RFC
+ * 5208) from |cbs| and advances |cbs|. It returns a newly-allocated |EVP_PKEY|
+ * or NULL on error.
+ *
+ * The caller must check the type of the parsed private key to ensure it is
+ * suitable and validate other desired key properties such as RSA modulus size
+ * or EC curve.
+ *
+ * A PrivateKeyInfo ends with an optional set of attributes. These are not
+ * processed and so this function will silently ignore any trailing data in the
+ * structure. */
+OPENSSL_EXPORT EVP_PKEY *EVP_parse_private_key(CBS *cbs);
-/* i2d_PublicKey marshals a public key from |key| to a type-specific format.
- * If |outp| is not NULL then the result is written to |*outp| and
- * |*outp| is advanced just past the output. It returns the number of bytes in
- * the result, whether written or not, or a negative value on error.
- *
- * RSA keys are serialized as a DER-encoded RSAPublicKey (RFC 3447) structure.
- * EC keys are serialized as an EC point per SEC 1. */
-OPENSSL_EXPORT int i2d_PublicKey(EVP_PKEY *key, uint8_t **outp);
+/* EVP_marshal_private_key marshals |key| as a DER-encoded PrivateKeyInfo
+ * structure (RFC 5208) and appends the result to |cbb|. It returns one on
+ * success and zero on error. */
+OPENSSL_EXPORT int EVP_marshal_private_key(CBB *cbb, const EVP_PKEY *key);
/* Signing */
@@ -433,14 +429,6 @@
/* EVP_PKEY_CTX_get0_pkey returns the |EVP_PKEY| associated with |ctx|. */
OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx);
-/* EVP_PKEY_CTX_set_app_data sets an opaque pointer on |ctx|. */
-OPENSSL_EXPORT void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data);
-
-/* EVP_PKEY_CTX_get_app_data returns the opaque pointer from |ctx| that was
- * previously set with |EVP_PKEY_CTX_set_app_data|, or NULL if none has been
- * set. */
-OPENSSL_EXPORT void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx);
-
/* EVP_PKEY_sign_init initialises an |EVP_PKEY_CTX| for a signing operation. It
* should be called before |EVP_PKEY_sign|.
*
@@ -516,6 +504,34 @@
size_t *out_len, const uint8_t *in,
size_t in_len);
+/* EVP_PKEY_verify_recover_init initialises an |EVP_PKEY_CTX| for a public-key
+ * decryption operation. It should be called before |EVP_PKEY_verify_recover|.
+ *
+ * Public-key decryption is a very obscure operation that is only implemented
+ * by RSA keys. It is effectively a signature verification operation that
+ * returns the signed message directly. It is almost certainly not what you
+ * want.
+ *
+ * It returns one on success or zero on error. */
+OPENSSL_EXPORT int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx);
+
+/* EVP_PKEY_verify_recover decrypts |sig_len| bytes from |sig|. If |out| is
+ * NULL, the maximum size of the plaintext is written to |out_len|. Otherwise,
+ * |*out_len| must contain the number of bytes of space available at |out|. If
+ * sufficient, the ciphertext will be written to |out| and |*out_len| updated
+ * with the true length.
+ *
+ * WARNING: Setting |out| to NULL only gives the maximum size of the
+ * plaintext. The actual plaintext may be smaller.
+ *
+ * See the warning about this operation in |EVP_PKEY_verify_recover_init|. It
+ * is probably not what you want.
+ *
+ * It returns one on success or zero on error. */
+OPENSSL_EXPORT int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, uint8_t *out,
+ size_t *out_len, const uint8_t *sig,
+ size_t siglen);
+
/* EVP_PKEY_derive_init initialises an |EVP_PKEY_CTX| for a key derivation
* operation. It should be called before |EVP_PKEY_derive_set_peer| and
* |EVP_PKEY_derive|.
@@ -634,7 +650,7 @@
*
* Returns one on success or zero on error. */
OPENSSL_EXPORT int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx,
- const uint8_t *label,
+ uint8_t *label,
size_t label_len);
/* EVP_PKEY_CTX_get0_rsa_oaep_label sets |*out_label| to point to the internal
@@ -648,6 +664,14 @@
/* Deprecated functions. */
+/* EVP_PKEY_DH is defined for compatibility, but it is impossible to create an
+ * |EVP_PKEY| of that type. */
+#define EVP_PKEY_DH NID_dhKeyAgreement
+
+/* EVP_PKEY_RSA2 was historically an alternate form for RSA public keys (OID
+ * 2.5.8.1.1), but is no longer accepted. */
+#define EVP_PKEY_RSA2 NID_rsa
+
/* OpenSSL_add_all_algorithms does nothing. */
OPENSSL_EXPORT void OpenSSL_add_all_algorithms(void);
@@ -660,6 +684,62 @@
/* EVP_cleanup does nothing. */
OPENSSL_EXPORT void EVP_cleanup(void);
+OPENSSL_EXPORT void EVP_CIPHER_do_all_sorted(
+ void (*callback)(const EVP_CIPHER *cipher, const char *name,
+ const char *unused, void *arg),
+ void *arg);
+
+OPENSSL_EXPORT void EVP_MD_do_all_sorted(void (*callback)(const EVP_MD *cipher,
+ const char *name,
+ const char *unused,
+ void *arg),
+ void *arg);
+
+/* i2d_PrivateKey marshals a private key from |key| to an ASN.1, DER
+ * structure. If |outp| is not NULL then the result is written to |*outp| and
+ * |*outp| is advanced just past the output. It returns the number of bytes in
+ * the result, whether written or not, or a negative value on error.
+ *
+ * RSA keys are serialized as a DER-encoded RSAPublicKey (RFC 3447) structure.
+ * EC keys are serialized as a DER-encoded ECPrivateKey (RFC 5915) structure.
+ *
+ * Use |RSA_marshal_private_key| or |EC_marshal_private_key| instead. */
+OPENSSL_EXPORT int i2d_PrivateKey(const EVP_PKEY *key, uint8_t **outp);
+
+/* i2d_PublicKey marshals a public key from |key| to a type-specific format.
+ * If |outp| is not NULL then the result is written to |*outp| and
+ * |*outp| is advanced just past the output. It returns the number of bytes in
+ * the result, whether written or not, or a negative value on error.
+ *
+ * RSA keys are serialized as a DER-encoded RSAPublicKey (RFC 3447) structure.
+ * EC keys are serialized as an EC point per SEC 1.
+ *
+ * Use |RSA_marshal_public_key| or |EC_POINT_point2cbb| instead. */
+OPENSSL_EXPORT int i2d_PublicKey(EVP_PKEY *key, uint8_t **outp);
+
+/* d2i_PrivateKey parses an ASN.1, DER-encoded, private key from |len| bytes at
+ * |*inp|. If |out| is not NULL then, on exit, a pointer to the result is in
+ * |*out|. If |*out| is already non-NULL on entry then the result is written
+ * directly into |*out|, otherwise a fresh |EVP_PKEY| is allocated. However,
+ * one should not depend on writing into |*out| because this behaviour is
+ * likely to change in the future. On successful exit, |*inp| is advanced past
+ * the DER structure. It returns the result or NULL on error.
+ *
+ * This function tries to detect one of several formats. Instead, use
+ * |EVP_parse_private_key| for a PrivateKeyInfo, |RSA_parse_private_key| for an
+ * RSAPrivateKey, and |EC_parse_private_key| for an ECPrivateKey. */
+OPENSSL_EXPORT EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **out,
+ const uint8_t **inp, long len);
+
+/* d2i_AutoPrivateKey acts the same as |d2i_PrivateKey|, but detects the type
+ * of the private key.
+ *
+ * This function tries to detect one of several formats. Instead, use
+ * |EVP_parse_private_key| for a PrivateKeyInfo, |RSA_parse_private_key| for an
+ * RSAPrivateKey, and |EC_parse_private_key| for an ECPrivateKey. */
+OPENSSL_EXPORT EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **out, const uint8_t **inp,
+ long len);
+
/* Private functions */
@@ -748,5 +828,6 @@
#define EVP_R_PARAMETER_ENCODING_ERROR 152
#define EVP_R_UNSUPPORTED_PUBLIC_KEY_TYPE 153
#define EVP_R_UNSUPPORTED_SIGNATURE_TYPE 154
+#define EVP_R_ENCODE_ERROR 155
#endif /* OPENSSL_HEADER_EVP_H */
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/include/openssl/ex_data.h
^
|
| @@ -121,8 +121,8 @@
/* ex_data is a mechanism for associating arbitrary extra data with objects.
* For each type of object that supports ex_data, different users can be
* assigned indexes in which to store their data. Each index has callback
- * functions that are called when a new object of that type is created, freed
- * and duplicated. */
+ * functions that are called when an object of that type is freed or
+ * duplicated. */
typedef struct crypto_ex_data_st CRYPTO_EX_DATA;
@@ -142,7 +142,7 @@
*
* TODO(fork): this should follow the standard calling convention. */
OPENSSL_EXPORT int TYPE_get_ex_new_index(long argl, void *argp,
- CRYPTO_EX_new *new_func,
+ CRYPTO_EX_unused *unused,
CRYPTO_EX_dup *dup_func,
CRYPTO_EX_free *free_func);
@@ -160,27 +160,19 @@
/* Callback types. */
-/* CRYPTO_EX_new is the type of a callback function that is called whenever a
- * new object of a given class is created. For example, if this callback has
- * been passed to |SSL_get_ex_new_index| then it'll be called each time an SSL*
- * is created.
+/* CRYPTO_EX_free is a callback function that is called when an object of the
+ * class with extra data pointers is being destroyed. For example, if this
+ * callback has been passed to |SSL_get_ex_new_index| then it may be called each
+ * time an |SSL*| is destroyed.
*
- * The callback is passed the new object (i.e. the SSL*) in |parent|. The
+ * The callback is passed the new object (i.e. the |SSL*|) in |parent|. The
* arguments |argl| and |argp| contain opaque values that were given to
* |CRYPTO_get_ex_new_index|. The callback should return one on success, but
* the value is ignored.
*
- * TODO(fork): the |ptr| argument is always NULL, no? */
-typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
- int index, long argl, void *argp);
-
-/* CRYPTO_EX_free is a callback function that is called when an object of the
- * class is being destroyed. See |CRYPTO_EX_new| for a discussion of the
- * arguments.
- *
- * If |CRYPTO_get_ex_new_index| was called after the creation of objects of the
- * class that this applies to then, when those those objects are destroyed,
- * this callback will be called with a NULL value for |ptr|. */
+ * This callback may be called with a NULL value for |ptr| if |parent| has no
+ * value set for this index. However, the callbacks may also be skipped entirely
+ * if no extra data pointers are set on |parent| at all. */
typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
int index, long argl, void *argp);
@@ -190,9 +182,9 @@
* original object. When the callback returns, |*from_d| will be set as the
* data for this index in |to|.
*
- * If |CRYPTO_get_ex_new_index| was called after the creation of objects of the
- * class that this applies to then, when those those objects are copies, this
- * callback will be called with a NULL value for |*from_d|. */
+ * This callback may be called with a NULL value for |*from_d| if |from| has no
+ * value set for this index. However, the callbacks may also be skipped entirely
+ * if no extra data pointers are set on |from| at all. */
typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
void **from_d, int index, long argl, void *argp);
@@ -202,6 +194,13 @@
/* CRYPTO_cleanup_all_ex_data does nothing. */
OPENSSL_EXPORT void CRYPTO_cleanup_all_ex_data(void);
+
+/* Private structures. */
+
+/* CRYPTO_EX_unused is a placeholder for an unused callback. It is aliased to
+ * int to ensure non-NULL callers fail to compile rather than fail silently. */
+typedef int CRYPTO_EX_unused;
+
struct crypto_ex_data_st {
STACK_OF(void) *sk;
};
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/include/openssl/md4.h
^
|
| @@ -90,8 +90,8 @@
struct md4_state_st {
uint32_t h[4];
uint32_t Nl, Nh;
- uint32_t data[16];
- unsigned int num;
+ uint8_t data[MD4_CBLOCK];
+ unsigned num;
};
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/include/openssl/md5.h
^
|
| @@ -95,8 +95,8 @@
struct md5_state_st {
uint32_t h[4];
uint32_t Nl, Nh;
- uint32_t data[16];
- unsigned int num;
+ uint8_t data[MD5_CBLOCK];
+ unsigned num;
};
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/include/openssl/mem.h
^
|
| @@ -114,23 +114,14 @@
* representation of the given type. */
#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1)
-/* Printf functions.
- *
- * These functions are either OpenSSL wrappers for standard functions (i.e.
- * |BIO_snprintf| and |BIO_vsnprintf|) which don't exist in C89, or are
- * versions of printf functions that output to a BIO rather than a FILE. */
-#ifdef __GNUC__
-#define __bio_h__attr__ __attribute__
-#else
-#define __bio_h__attr__(x)
-#endif
+/* BIO_snprintf has the same behavior as snprintf(3). */
OPENSSL_EXPORT int BIO_snprintf(char *buf, size_t n, const char *format, ...)
- __bio_h__attr__((__format__(__printf__, 3, 4)));
+ OPENSSL_PRINTF_FORMAT_FUNC(3, 4);
+/* BIO_vsnprintf has the same behavior as vsnprintf(3). */
OPENSSL_EXPORT int BIO_vsnprintf(char *buf, size_t n, const char *format,
va_list args)
- __bio_h__attr__((__format__(__printf__, 3, 0)));
-#undef __bio_h__attr__
+ OPENSSL_PRINTF_FORMAT_FUNC(3, 0);
#if defined(__cplusplus)
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/include/openssl/obj_mac.h
^
|
| @@ -4138,3 +4138,7 @@
#define SN_dh_cofactor_kdf "dh-cofactor-kdf"
#define NID_dh_cofactor_kdf 947
+#define SN_x25519 "X25519"
+#define LN_x25519 "x25519"
+#define NID_x25519 948
+
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/include/openssl/pem.h
^
|
| @@ -125,13 +125,10 @@
#define PEM_STRING_PKCS8 "ENCRYPTED PRIVATE KEY"
#define PEM_STRING_PKCS8INF "PRIVATE KEY"
#define PEM_STRING_DHPARAMS "DH PARAMETERS"
-#define PEM_STRING_DHXPARAMS "X9.42 DH PARAMETERS"
#define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS"
#define PEM_STRING_DSAPARAMS "DSA PARAMETERS"
#define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY"
-#define PEM_STRING_ECPARAMETERS "EC PARAMETERS"
#define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
-#define PEM_STRING_PARAMETERS "PARAMETERS"
#define PEM_STRING_CMS "CMS"
/* Note that this structure is initialised by PEM_SealInit and cleaned up
@@ -454,13 +451,11 @@
#endif
-DECLARE_PEM_rw_const(ECPKParameters, EC_GROUP)
DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY)
DECLARE_PEM_rw(EC_PUBKEY, EC_KEY)
DECLARE_PEM_rw_const(DHparams, DH)
-DECLARE_PEM_write_const(DHxparams, DH)
DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY)
@@ -481,10 +476,6 @@
OPENSSL_EXPORT int PEM_write_PKCS8PrivateKey(FILE *fp,EVP_PKEY *x,const EVP_CIPHER *enc, char *kstr,int klen, pem_password_cb *cd, void *u);
-OPENSSL_EXPORT EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x);
-OPENSSL_EXPORT int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x);
-
-
OPENSSL_EXPORT EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length);
OPENSSL_EXPORT EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length);
OPENSSL_EXPORT EVP_PKEY *b2i_PrivateKey_bio(BIO *in);
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/include/openssl/pkcs8.h
^
|
| @@ -139,12 +139,16 @@
OPENSSL_EXPORT void PKCS12_PBE_add(void);
/* d2i_PKCS12 is a dummy function that copies |*ber_bytes| into a
- * |PKCS12| structure. The |out_p12| argument must be NULL. On exit,
+ * |PKCS12| structure. The |out_p12| argument should be NULL(✝). On exit,
* |*ber_bytes| will be advanced by |ber_len|. It returns a fresh |PKCS12|
* structure or NULL on error.
*
* Note: unlike other d2i functions, |d2i_PKCS12| will always consume |ber_len|
- * bytes.*/
+ * bytes.
+ *
+ * (✝) If |out_p12| is not NULL and the function is successful, |*out_p12| will
+ * be freed if not NULL itself and the result will be written to |*out_p12|.
+ * New code should not depend on this. */
OPENSSL_EXPORT PKCS12 *d2i_PKCS12(PKCS12 **out_p12, const uint8_t **ber_bytes,
size_t ber_len);
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/include/openssl/rand.h
^
|
| @@ -75,6 +75,9 @@
/* RAND_load_file returns a nonnegative number. */
OPENSSL_EXPORT int RAND_load_file(const char *path, long num);
+/* RAND_file_name returns NULL. */
+OPENSSL_EXPORT const char *RAND_file_name(char *buf, size_t num);
+
/* RAND_add does nothing. */
OPENSSL_EXPORT void RAND_add(const void *buf, int num, double entropy);
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/include/openssl/rsa.h
^
|
| @@ -124,8 +124,8 @@
* It returns 1 on success or zero on error.
*
* The |padding| argument must be one of the |RSA_*_PADDING| values. If in
- * doubt, |RSA_PKCS1_PADDING| is the most common but |RSA_PKCS1_OAEP_PADDING|
- * is the most secure. */
+ * doubt, use |RSA_PKCS1_OAEP_PADDING| for new protocols but
+ * |RSA_PKCS1_PADDING| is most common. */
OPENSSL_EXPORT int RSA_encrypt(RSA *rsa, size_t *out_len, uint8_t *out,
size_t max_out, const uint8_t *in, size_t in_len,
int padding);
@@ -137,8 +137,14 @@
* It returns 1 on success or zero on error.
*
* The |padding| argument must be one of the |RSA_*_PADDING| values. If in
- * doubt, |RSA_PKCS1_PADDING| is the most common but |RSA_PKCS1_OAEP_PADDING|
- * is the most secure. */
+ * doubt, use |RSA_PKCS1_OAEP_PADDING| for new protocols.
+ *
+ * Passing |RSA_PKCS1_PADDING| into this function is deprecated and insecure. If
+ * implementing a protocol using RSAES-PKCS1-V1_5, use |RSA_NO_PADDING| and then
+ * check padding in constant-time combined with a swap to a random session key
+ * or other mitigation. See "Chosen Ciphertext Attacks Against Protocols Based
+ * on the RSA Encryption Standard PKCS #1", Daniel Bleichenbacher, Advances in
+ * Cryptology (Crypto '98). */
OPENSSL_EXPORT int RSA_decrypt(RSA *rsa, size_t *out_len, uint8_t *out,
size_t max_out, const uint8_t *in, size_t in_len,
int padding);
@@ -147,8 +153,8 @@
* |rsa| and writes the encrypted data to |to|. The |to| buffer must have at
* least |RSA_size| bytes of space. It returns the number of bytes written, or
* -1 on error. The |padding| argument must be one of the |RSA_*_PADDING|
- * values. If in doubt, |RSA_PKCS1_PADDING| is the most common but
- * |RSA_PKCS1_OAEP_PADDING| is the most secure.
+ * values. If in doubt, use |RSA_PKCS1_OAEP_PADDING| for new protocols but
+ * |RSA_PKCS1_PADDING| is most common.
*
* WARNING: this function is dangerous because it breaks the usual return value
* convention. Use |RSA_encrypt| instead. */
@@ -156,37 +162,25 @@
uint8_t *to, RSA *rsa, int padding);
/* RSA_private_decrypt decrypts |flen| bytes from |from| with the public key in
- * |rsa| and writes the plaintext to |to|. The |to| buffer must have at
- * least |RSA_size| bytes of space. It returns the number of bytes written, or
- * -1 on error. The |padding| argument must be one of the |RSA_*_PADDING|
- * values. If in doubt, |RSA_PKCS1_PADDING| is the most common but
- * |RSA_PKCS1_OAEP_PADDING| is the most secure.
+ * |rsa| and writes the plaintext to |to|. The |to| buffer must have at least
+ * |RSA_size| bytes of space. It returns the number of bytes written, or -1 on
+ * error. The |padding| argument must be one of the |RSA_*_PADDING| values. If
+ * in doubt, use |RSA_PKCS1_OAEP_PADDING| for new protocols. Passing
+ * |RSA_PKCS1_PADDING| into this function is deprecated and insecure. See
+ * |RSA_decrypt|.
*
* WARNING: this function is dangerous because it breaks the usual return value
* convention. Use |RSA_decrypt| instead. */
OPENSSL_EXPORT int RSA_private_decrypt(size_t flen, const uint8_t *from,
uint8_t *to, RSA *rsa, int padding);
-/* RSA_message_index_PKCS1_type_2 performs the first step of a PKCS #1 padding
- * check for decryption. If the |from_len| bytes pointed to at |from| are a
- * valid PKCS #1 message, it returns one and sets |*out_index| to the start of
- * the unpadded message. The unpadded message is a suffix of the input and has
- * length |from_len - *out_index|. Otherwise, it returns zero and sets
- * |*out_index| to zero. This function runs in time independent of the input
- * data and is intended to be used directly to avoid Bleichenbacher's attack.
- *
- * WARNING: This function behaves differently from the usual OpenSSL convention
- * in that it does NOT put an error on the queue in the error case. */
-OPENSSL_EXPORT int RSA_message_index_PKCS1_type_2(const uint8_t *from,
- size_t from_len,
- size_t *out_index);
-
/* Signing / Verification */
-/* RSA_sign signs |in_len| bytes of digest from |in| with |rsa| and writes, at
- * most, |RSA_size(rsa)| bytes to |out|. On successful return, the actual
- * number of bytes written is written to |*out_len|.
+/* RSA_sign signs |in_len| bytes of digest from |in| with |rsa| using
+ * RSASSA-PKCS1-v1_5. It writes, at most, |RSA_size(rsa)| bytes to |out|. On
+ * successful return, the actual number of bytes written is written to
+ * |*out_len|.
*
* The |hash_nid| argument identifies the hash function used to calculate |in|
* and is embedded in the resulting signature. For example, it might be
@@ -204,13 +198,14 @@
* It returns 1 on success or zero on error.
*
* The |padding| argument must be one of the |RSA_*_PADDING| values. If in
- * doubt, |RSA_PKCS1_PADDING| is the most common. */
+ * doubt, |RSA_PKCS1_PADDING| is the most common but |RSA_PKCS1_PSS_PADDING|
+ * (via the |EVP_PKEY| interface) is preferred for new protocols. */
OPENSSL_EXPORT int RSA_sign_raw(RSA *rsa, size_t *out_len, uint8_t *out,
size_t max_out, const uint8_t *in,
size_t in_len, int padding);
-/* RSA_verify verifies that |sig_len| bytes from |sig| are a valid, PKCS#1
- * signature of |msg_len| bytes at |msg| by |rsa|.
+/* RSA_verify verifies that |sig_len| bytes from |sig| are a valid,
+ * RSASSA-PKCS1-v1_5 signature of |msg_len| bytes at |msg| by |rsa|.
*
* The |hash_nid| argument identifies the hash function used to calculate |in|
* and is embedded in the resulting signature in order to prevent hash
@@ -231,7 +226,8 @@
* It returns 1 on success or zero on error.
*
* The |padding| argument must be one of the |RSA_*_PADDING| values. If in
- * doubt, |RSA_PKCS1_PADDING| is the most common. */
+ * doubt, |RSA_PKCS1_PADDING| is the most common but |RSA_PKCS1_PSS_PADDING|
+ * (via the |EVP_PKEY| interface) is preferred for new protocols. */
OPENSSL_EXPORT int RSA_verify_raw(RSA *rsa, size_t *out_len, uint8_t *out,
size_t max_out, const uint8_t *in,
size_t in_len, int padding);
@@ -240,7 +236,9 @@
* |rsa| and writes the encrypted data to |to|. The |to| buffer must have at
* least |RSA_size| bytes of space. It returns the number of bytes written, or
* -1 on error. The |padding| argument must be one of the |RSA_*_PADDING|
- * values. If in doubt, |RSA_PKCS1_PADDING| is the most common.
+ * values. If in doubt, |RSA_PKCS1_PADDING| is the most common but
+ * |RSA_PKCS1_PSS_PADDING| (via the |EVP_PKEY| interface) is preferred for new
+ * protocols.
*
* WARNING: this function is dangerous because it breaks the usual return value
* convention. Use |RSA_sign_raw| instead. */
@@ -251,7 +249,9 @@
* public key in |rsa| and writes the plaintext to |to|. The |to| buffer must
* have at least |RSA_size| bytes of space. It returns the number of bytes
* written, or -1 on error. The |padding| argument must be one of the
- * |RSA_*_PADDING| values. If in doubt, |RSA_PKCS1_PADDING| is the most common.
+ * |RSA_*_PADDING| values. If in doubt, |RSA_PKCS1_PADDING| is the most common
+ * but |RSA_PKCS1_PSS_PADDING| (via the |EVP_PKEY| interface) is preferred for
+ * new protocols.
*
* WARNING: this function is dangerous because it breaks the usual return value
* convention. Use |RSA_verify_raw| instead. */
@@ -386,7 +386,7 @@
* See |ex_data.h| for details. */
OPENSSL_EXPORT int RSA_get_ex_new_index(long argl, void *argp,
- CRYPTO_EX_new *new_func,
+ CRYPTO_EX_unused *unused,
CRYPTO_EX_dup *dup_func,
CRYPTO_EX_free *free_func);
OPENSSL_EXPORT int RSA_set_ex_data(RSA *r, int idx, void *arg);
@@ -441,10 +441,10 @@
/* d2i_RSAPublicKey parses an ASN.1, DER-encoded, RSA public key from |len|
* bytes at |*inp|. If |out| is not NULL then, on exit, a pointer to the result
- * is in |*out|. If |*out| is already non-NULL on entry then the result is
- * written directly into |*out|, otherwise a fresh |RSA| is allocated. On
- * successful exit, |*inp| is advanced past the DER structure. It returns the
- * result or NULL on error. */
+ * is in |*out|. Note that, even if |*out| is already non-NULL on entry, it
+ * will not be written to. Rather, a fresh |RSA| is allocated and the previous
+ * one is freed. On successful exit, |*inp| is advanced past the DER structure.
+ * It returns the result or NULL on error. */
OPENSSL_EXPORT RSA *d2i_RSAPublicKey(RSA **out, const uint8_t **inp, long len);
/* i2d_RSAPublicKey marshals |in| to an ASN.1, DER structure. If |outp| is not
@@ -455,10 +455,10 @@
/* d2i_RSAPrivateKey parses an ASN.1, DER-encoded, RSA private key from |len|
* bytes at |*inp|. If |out| is not NULL then, on exit, a pointer to the result
- * is in |*out|. If |*out| is already non-NULL on entry then the result is
- * written directly into |*out|, otherwise a fresh |RSA| is allocated. On
- * successful exit, |*inp| is advanced past the DER structure. It returns the
- * result or NULL on error. */
+ * is in |*out|. Note that, even if |*out| is already non-NULL on entry, it
+ * will not be written to. Rather, a fresh |RSA| is allocated and the previous
+ * one is freed. On successful exit, |*inp| is advanced past the DER structure.
+ * It returns the result or NULL on error. */
OPENSSL_EXPORT RSA *d2i_RSAPrivateKey(RSA **out, const uint8_t **inp, long len);
/* i2d_RSAPrivateKey marshals |in| to an ASN.1, DER structure. If |outp| is not
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/include/openssl/sha.h
^
|
| @@ -98,7 +98,7 @@
OPENSSL_EXPORT void SHA1_Transform(SHA_CTX *sha, const uint8_t *block);
struct sha_state_st {
-#if !defined(ANDROID)
+#if defined(OPENSSL_WINDOWS)
uint32_t h[5];
#else
/* wpa_supplicant accesses |h0|..|h4| so we must support those names
@@ -115,8 +115,8 @@
};
#endif
uint32_t Nl, Nh;
- uint32_t data[16];
- unsigned int num;
+ uint8_t data[SHA_CBLOCK];
+ unsigned num;
};
@@ -176,8 +176,8 @@
struct sha256_state_st {
uint32_t h[8];
uint32_t Nl, Nh;
- uint32_t data[16];
- unsigned int num, md_len;
+ uint8_t data[SHA256_CBLOCK];
+ unsigned num, md_len;
};
@@ -245,7 +245,7 @@
uint64_t d[16];
uint8_t p[128];
} u;
- unsigned int num, md_len;
+ unsigned num, md_len;
};
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/include/openssl/ssl.h
^
|
| @@ -542,23 +542,6 @@
*
* Options configure protocol behavior. */
-/* SSL_OP_LEGACY_SERVER_CONNECT allows initial connections to servers that don't
- * support the renegotiation_info extension (RFC 5746). It is on by default. */
-#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L
-
-/* SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER allows for record sizes |SSL3_RT_MAX_EXTRA|
- * bytes above the maximum record size. */
-#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
-
-/* SSL_OP_TLS_D5_BUG accepts an RSAClientKeyExchange in TLS encoded as in SSL3
- * (i.e. without a length prefix). */
-#define SSL_OP_TLS_D5_BUG 0x00000100L
-
-/* SSL_OP_ALL enables the above bug workarounds that are enabled by many
- * consumers.
- * TODO(davidben): Determine which of the remaining may be removed now. */
-#define SSL_OP_ALL 0x00000BFFL
-
/* SSL_OP_NO_QUERY_MTU, in DTLS, disables querying the MTU from the underlying
* |BIO|. Instead, the MTU is configured with |SSL_set_mtu|. */
#define SSL_OP_NO_QUERY_MTU 0x00001000L
@@ -1061,7 +1044,9 @@
OPENSSL_EXPORT int SSL_CIPHER_is_AES256CBC(const SSL_CIPHER *cipher);
/* SSL_CIPHER_is_CHACHA20POLY1305 returns one if |cipher| uses
- * CHACHA20_POLY1305. */
+ * CHACHA20_POLY1305. Note this includes both the
+ * draft-ietf-tls-chacha20-poly1305-04 and draft-agl-tls-chacha20poly1305-04
+ * versions. */
OPENSSL_EXPORT int SSL_CIPHER_is_CHACHA20POLY1305(const SSL_CIPHER *cipher);
/* SSL_CIPHER_is_NULL returns one if |cipher| does not encrypt. */
@@ -1076,6 +1061,9 @@
/* SSL_CIPHER_is_ECDSA returns one if |cipher| uses ECDSA. */
OPENSSL_EXPORT int SSL_CIPHER_is_ECDSA(const SSL_CIPHER *cipher);
+/* SSL_CIPHER_is_ECDHE returns one if |cipher| uses ECDHE. */
+OPENSSL_EXPORT int SSL_CIPHER_is_ECDHE(const SSL_CIPHER *cipher);
+
/* SSL_CIPHER_get_min_version returns the minimum protocol version required
* for |cipher|. */
OPENSSL_EXPORT uint16_t SSL_CIPHER_get_min_version(const SSL_CIPHER *cipher);
@@ -1808,48 +1796,6 @@
OPENSSL_EXPORT int SSL_set1_curves(SSL *ssl, const int *curves,
size_t curves_len);
-/* SSL_CTX_set_tmp_ecdh configures |ctx| to use the curve from |ecdh| as the
- * curve for ephemeral ECDH keys. For historical reasons, this API expects an
- * |EC_KEY|, but only the curve is used. It returns one on success and zero on
- * error. If unset, an appropriate curve will be chosen based on curve
- * preferences. (This is recommended.) */
-OPENSSL_EXPORT int SSL_CTX_set_tmp_ecdh(SSL_CTX *ctx, const EC_KEY *ec_key);
-
-/* SSL_set_tmp_ecdh configures |ssl| to use the curve from |ecdh| as the curve
- * for ephemeral ECDH keys. For historical reasons, this API expects an
- * |EC_KEY|, but only the curve is used. It returns one on success and zero on
- * error. If unset, an appropriate curve will be chosen based on curve
- * preferences. (This is recommended.) */
-OPENSSL_EXPORT int SSL_set_tmp_ecdh(SSL *ssl, const EC_KEY *ec_key);
-
-/* SSL_CTX_set_tmp_ecdh_callback configures |ctx| to use |callback| to determine
- * the curve for ephemeral ECDH keys. |callback| should ignore |is_export| and
- * |keylength| and return an |EC_KEY| of the selected curve or NULL on
- * error. Only the curve is used, so the |EC_KEY| needn't have a generated
- * keypair.
- *
- * If the callback is unset, an appropriate curve will be chosen based on curve
- * preferences. (This is recommended.)
- *
- * WARNING: The caller does not take ownership of the resulting |EC_KEY|, so
- * |callback| must save and release the object elsewhere. */
-OPENSSL_EXPORT void SSL_CTX_set_tmp_ecdh_callback(
- SSL_CTX *ctx, EC_KEY *(*callback)(SSL *ssl, int is_export, int keylength));
-
-/* SSL_set_tmp_ecdh_callback configures |ssl| to use |callback| to determine the
- * curve for ephemeral ECDH keys. |callback| should ignore |is_export| and
- * |keylength| and return an |EC_KEY| of the selected curve or NULL on
- * error. Only the curve is used, so the |EC_KEY| needn't have a generated
- * keypair.
- *
- * If the callback is unset, an appropriate curve will be chosen based on curve
- * preferences. (This is recommended.)
- *
- * WARNING: The caller does not take ownership of the resulting |EC_KEY|, so
- * |callback| must save and release the object elsewhere. */
-OPENSSL_EXPORT void SSL_set_tmp_ecdh_callback(
- SSL *ssl, EC_KEY *(*callback)(SSL *ssl, int is_export, int keylength));
-
/* SSL_get_curve_name returns a human-readable name for the elliptic curve
* specified by the given TLS curve id, or NULL if the curve if unknown. */
OPENSSL_EXPORT const char *SSL_get_curve_name(uint16_t curve_id);
@@ -2413,8 +2359,8 @@
*
* See RFC 5764. */
-/* An SRTP_PROTECTION_PROFILE is an SRTP profile for use with the use_srtp
- * extension. */
+/* srtp_protection_profile_st (aka |SRTP_PROTECTION_PROFILE|) is an SRTP
+ * profile for use with the use_srtp extension. */
struct srtp_protection_profile_st {
const char *name;
unsigned long id;
@@ -2429,6 +2375,8 @@
#define SRTP_AES128_F8_SHA1_32 0x0004
#define SRTP_NULL_SHA1_80 0x0005
#define SRTP_NULL_SHA1_32 0x0006
+#define SRTP_AEAD_AES_128_GCM 0x0007
+#define SRTP_AEAD_AES_256_GCM 0x0008
/* SSL_CTX_set_srtp_profiles enables SRTP for all SSL objects created from
* |ctx|. |profile| contains a colon-separated list of profile names. It returns
@@ -2605,7 +2553,7 @@
OPENSSL_EXPORT int SSL_set_ex_data(SSL *ssl, int idx, void *data);
OPENSSL_EXPORT void *SSL_get_ex_data(const SSL *ssl, int idx);
OPENSSL_EXPORT int SSL_get_ex_new_index(long argl, void *argp,
- CRYPTO_EX_new *new_func,
+ CRYPTO_EX_unused *unused,
CRYPTO_EX_dup *dup_func,
CRYPTO_EX_free *free_func);
@@ -2614,19 +2562,19 @@
OPENSSL_EXPORT void *SSL_SESSION_get_ex_data(const SSL_SESSION *session,
int idx);
OPENSSL_EXPORT int SSL_SESSION_get_ex_new_index(long argl, void *argp,
- CRYPTO_EX_new *new_func,
+ CRYPTO_EX_unused *unused,
CRYPTO_EX_dup *dup_func,
CRYPTO_EX_free *free_func);
OPENSSL_EXPORT int SSL_CTX_set_ex_data(SSL_CTX *ctx, int idx, void *data);
OPENSSL_EXPORT void *SSL_CTX_get_ex_data(const SSL_CTX *ctx, int idx);
OPENSSL_EXPORT int SSL_CTX_get_ex_new_index(long argl, void *argp,
- CRYPTO_EX_new *new_func,
+ CRYPTO_EX_unused *unused,
CRYPTO_EX_dup *dup_func,
CRYPTO_EX_free *free_func);
-/* Obscure functions. */
+/* Low-level record-layer state. */
/* SSL_get_rc4_state sets |*read_key| and |*write_key| to the RC4 states for
* the read and write directions. It returns one on success or zero if |ssl|
@@ -2644,6 +2592,28 @@
const uint8_t **out_write_iv,
size_t *out_iv_len);
+/* SSL_get_key_block_len returns the length of |ssl|'s key block. */
+OPENSSL_EXPORT size_t SSL_get_key_block_len(const SSL *ssl);
+
+/* SSL_generate_key_block generates |out_len| bytes of key material for |ssl|'s
+ * current connection state. */
+OPENSSL_EXPORT int SSL_generate_key_block(const SSL *ssl, uint8_t *out,
+ size_t out_len);
+
+/* SSL_get_read_sequence returns, in TLS, the expected sequence number of the
+ * next incoming record in the current epoch. In DTLS, it returns the maximum
+ * sequence number received in the current epoch and includes the epoch number
+ * in the two most significant bytes. */
+OPENSSL_EXPORT uint64_t SSL_get_read_sequence(const SSL *ssl);
+
+/* SSL_get_write_sequence returns the sequence number of the next outgoing
+ * record in the current epoch. In DTLS, it includes the epoch number in the
+ * two most significant bytes. */
+OPENSSL_EXPORT uint64_t SSL_get_write_sequence(const SSL *ssl);
+
+
+/* Obscure functions. */
+
/* SSL_get_structure_sizes returns the sizes of the SSL, SSL_CTX and
* SSL_SESSION structures so that a test can ensure that outside code agrees on
* these values. */
@@ -2748,29 +2718,17 @@
/* SSL_CTX_set_max_send_fragment sets the maximum length, in bytes, of records
* sent by |ctx|. Beyond this length, handshake messages and application data
- * will be split into multiple records. */
-OPENSSL_EXPORT void SSL_CTX_set_max_send_fragment(SSL_CTX *ctx,
- size_t max_send_fragment);
-
-/* SSL_set_max_send_fragment sets the maximum length, in bytes, of records
- * sent by |ssl|. Beyond this length, handshake messages and application data
- * will be split into multiple records. */
-OPENSSL_EXPORT void SSL_set_max_send_fragment(SSL *ssl,
- size_t max_send_fragment);
-
-/* OPENSSL_get_big_buffer_use_count returns the total number of invalid TLS
- * records that were accepted because of |SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER|.
- *
- * TODO(davidben): Remove this when (hopefully!) the quirk is demonstrated to be
- * unnecessary. */
-OPENSSL_EXPORT uint64_t OPENSSL_get_big_buffer_use_count(void);
-
-/* OPENSSL_get_d5_bug_use_count returns the total number of invalid RSA
- * ClientKeyExchanges that were accepted because of |SSL_OP_TLS_D5_BUG|.
- *
- * TODO(davidben): Remove this when (hopefully!) the quirk is demonstrated to be
- * unnecessary. */
-OPENSSL_EXPORT uint64_t OPENSSL_get_d5_bug_use_count(void);
+ * will be split into multiple records. It returns one on success or zero on
+ * error. */
+OPENSSL_EXPORT int SSL_CTX_set_max_send_fragment(SSL_CTX *ctx,
+ size_t max_send_fragment);
+
+/* SSL_set_max_send_fragment sets the maximum length, in bytes, of records sent
+ * by |ssl|. Beyond this length, handshake messages and application data will
+ * be split into multiple records. It returns one on success or zero on
+ * error. */
+OPENSSL_EXPORT int SSL_set_max_send_fragment(SSL *ssl,
+ size_t max_send_fragment);
/* ssl_early_callback_ctx is passed to certain callbacks that are called very
* early on during the server handshake. At this point, much of the SSL* hasn't
@@ -2926,6 +2884,30 @@
* |TLSEXT_hash_none|. */
OPENSSL_EXPORT uint8_t SSL_get_server_key_exchange_hash(const SSL *ssl);
+/* SSL_get_client_random writes up to |max_out| bytes of the most recent
+ * handshake's client_random to |out| and returns the number of bytes written.
+ * If |max_out| is zero, it returns the size of the client_random. */
+OPENSSL_EXPORT size_t SSL_get_client_random(const SSL *ssl, uint8_t *out,
+ size_t max_out);
+
+/* SSL_get_server_random writes up to |max_out| bytes of the most recent
+ * handshake's server_random to |out| and returns the number of bytes written.
+ * If |max_out| is zero, it returns the size of the server_random. */
+OPENSSL_EXPORT size_t SSL_get_server_random(const SSL *ssl, uint8_t *out,
+ size_t max_out);
+
+/* SSL_get_pending_cipher returns the cipher suite for the current handshake or
+ * NULL if one has not been negotiated yet or there is no pending handshake. */
+OPENSSL_EXPORT const SSL_CIPHER *SSL_get_pending_cipher(const SSL *ssl);
+
+/* SSL_CTX_set_retain_only_sha256_of_client_certs, on a server, sets whether
+ * only the SHA-256 hash of peer's certificate should be saved in memory and in
+ * the session. This can save memory, ticket size and session cache space. If
+ * enabled, |SSL_get_peer_certificate| will return NULL after the handshake
+ * completes. See the |peer_sha256| field of |SSL_SESSION| for the hash. */
+OPENSSL_EXPORT void SSL_CTX_set_retain_only_sha256_of_client_certs(SSL_CTX *ctx,
+ int enable);
+
/* Deprecated functions. */
@@ -3187,9 +3169,12 @@
#define SSL_MODE_RELEASE_BUFFERS 0
#define SSL_MODE_SEND_CLIENTHELLO_TIME 0
#define SSL_MODE_SEND_SERVERHELLO_TIME 0
+#define SSL_OP_ALL 0
#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0
#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0
#define SSL_OP_EPHEMERAL_RSA 0
+#define SSL_OP_LEGACY_SERVER_CONNECT 0
+#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0
#define SSL_OP_MICROSOFT_SESS_ID_BUG 0
#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0
#define SSL_OP_NETSCAPE_CA_DN_BUG 0
@@ -3206,6 +3191,7 @@
#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0
#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0
#define SSL_OP_TLS_BLOCK_PADDING_BUG 0
+#define SSL_OP_TLS_D5_BUG 0
#define SSL_OP_TLS_ROLLBACK_BUG 0
#define SSL_VERIFY_CLIENT_ONCE 0
@@ -3357,6 +3343,14 @@
* Use |SSL_CTX_set_quiet_shutdown| instead. */
OPENSSL_EXPORT void SSL_set_shutdown(SSL *ssl, int mode);
+/* SSL_CTX_set_tmp_ecdh calls |SSL_CTX_set1_curves| with a one-element list
+ * containing |ec_key|'s curve. */
+OPENSSL_EXPORT int SSL_CTX_set_tmp_ecdh(SSL_CTX *ctx, const EC_KEY *ec_key);
+
+/* SSL_set_tmp_ecdh calls |SSL_set1_curves| with a one-element list containing
+ * |ec_key|'s curve. */
+OPENSSL_EXPORT int SSL_set_tmp_ecdh(SSL *ssl, const EC_KEY *ec_key);
+
/* Private structures.
*
@@ -3381,6 +3375,12 @@
uint32_t algorithm_prf;
};
+typedef struct ssl_ecdh_method_st SSL_ECDH_METHOD;
+typedef struct ssl_ecdh_ctx_st {
+ const SSL_ECDH_METHOD *method;
+ void *data;
+} SSL_ECDH_CTX;
+
#define SSL_MAX_SSL_SESSION_ID_LENGTH 32
#define SSL_MAX_SID_CTX_LENGTH 32
#define SSL_MAX_MASTER_KEY_LENGTH 48
@@ -3511,6 +3511,8 @@
uint8_t *in_group_flags;
};
+/* ssl_ctx_st (aka |SSL_CTX|) contains configuration common to several SSL
+ * connections. */
struct ssl_ctx_st {
const SSL_PROTOCOL_METHOD *method;
@@ -3675,7 +3677,7 @@
/* retain_only_sha256_of_client_certs is true if we should compute the SHA256
- * hash of the peer's certifiate and then discard it to save memory and
+ * hash of the peer's certificate and then discard it to save memory and
* session space. Only effective on the server side. */
char retain_only_sha256_of_client_certs;
@@ -3754,6 +3756,11 @@
* means that we'll accept Channel IDs from clients. For a client, means that
* we'll advertise support. */
unsigned tlsext_channel_id_enabled:1;
+
+ /* extra_certs is a dummy value included for compatibility.
+ * TODO(agl): remove once node.js no longer references this. */
+ STACK_OF(X509)* extra_certs;
+ int freelist_max_len;
};
struct ssl_st {
@@ -3772,10 +3779,6 @@
* TLS). */
const SSL_PROTOCOL_METHOD *method;
- /* enc_method is the method table corresponding to the current protocol
- * version. */
- const SSL3_ENC_METHOD *enc_method;
-
/* There are 2 BIO's even though they are normally both the same. This is so
* data can be read and written to different handlers */
@@ -3823,9 +3826,6 @@
struct ssl_cipher_preference_list_st *cipher_list;
STACK_OF(SSL_CIPHER) *cipher_list_by_id;
- SSL_AEAD_CTX *aead_read_ctx;
- SSL_AEAD_CTX *aead_write_ctx;
-
/* session info */
/* client cert? */
@@ -3884,15 +3884,6 @@
SSL_CTX *initial_ctx; /* initial ctx, used to store sessions */
- /* Next protocol negotiation. For the client, this is the protocol that we
- * sent in NextProtocol and is set when handling ServerHello extensions.
- *
- * For a server, this is the client's selected_protocol from NextProtocol and
- * is set when handling the NextProtocol message, before the Finished
- * message. */
- uint8_t *next_proto_negotiated;
- size_t next_proto_negotiated_len;
-
/* srtp_profiles is the list of configured SRTP protection profiles for
* DTLS-SRTP. */
STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
@@ -3948,17 +3939,17 @@
* means that we'll accept Channel IDs from clients. For a client, means that
* we'll advertise support. */
unsigned tlsext_channel_id_enabled:1;
+
+ /* TODO(agl): remove once node.js not longer references this. */
+ int tlsext_status_type;
};
typedef struct ssl3_record_st {
/* type is the record type. */
uint8_t type;
- /* length is the number of unconsumed bytes of |data|. */
+ /* length is the number of unconsumed bytes in the record. */
uint16_t length;
- /* off is the number of consumed bytes of |data|. */
- uint16_t off;
- /* data is a non-owning pointer to the record contents. The total length of
- * the buffer is |off| + |length|. */
+ /* data is a non-owning pointer to the first unconsumed byte of the record. */
uint8_t *data;
} SSL3_RECORD;
@@ -3973,26 +3964,13 @@
uint16_t cap;
} SSL3_BUFFER;
-/* TODO(davidben): This flag can probably be merged into s3->change_cipher_spec
- * to something tri-state. (Normal / Expect CCS / Between CCS and Finished). */
-#define SSL3_FLAGS_EXPECT_CCS 0x0080
-
typedef struct ssl3_state_st {
- long flags;
-
uint8_t read_sequence[8];
- int read_mac_secret_size;
- uint8_t read_mac_secret[EVP_MAX_MD_SIZE];
uint8_t write_sequence[8];
- int write_mac_secret_size;
- uint8_t write_mac_secret[EVP_MAX_MD_SIZE];
uint8_t server_random[SSL3_RANDOM_SIZE];
uint8_t client_random[SSL3_RANDOM_SIZE];
- /* flags for countermeasure against known-IV weakness */
- int need_record_splitting;
-
/* have_version is true if the connection's final version is known. Otherwise
* the version has not been negotiated yet. */
char have_version;
@@ -4008,10 +3986,9 @@
SSL3_RECORD rrec; /* each decoded record goes in here */
- /* storage for Handshake protocol data received but not yet processed by
- * ssl3_read_bytes: */
- uint8_t handshake_fragment[4];
- unsigned int handshake_fragment_len;
+ /* hello_request_len is the number of bytes of HelloRequest received, possibly
+ * split over multiple records. */
+ uint8_t hello_request_len;
/* partial write - check the numbers match */
unsigned int wnum; /* number of bytes sent so far */
@@ -4029,10 +4006,6 @@
* the handshake hash for TLS 1.1 and below. */
EVP_MD_CTX handshake_md5;
- /* this is set whenerver we see a change_cipher_spec message come in when we
- * are not looking for one */
- int change_cipher_spec;
-
int warn_alert;
int fatal_alert;
/* we allow one fatal and one warning alert to be outstanding, send close
@@ -4049,16 +4022,25 @@
* received. */
uint8_t warning_alert_count;
+ /* aead_read_ctx is the current read cipher state. */
+ SSL_AEAD_CTX *aead_read_ctx;
+
+ /* aead_write_ctx is the current write cipher state. */
+ SSL_AEAD_CTX *aead_write_ctx;
+
+ /* enc_method is the method table corresponding to the current protocol
+ * version. */
+ const SSL3_ENC_METHOD *enc_method;
+
/* State pertaining to the pending handshake.
*
* TODO(davidben): State is current spread all over the place. Move
* pending handshake state here so it can be managed separately from
* established connection state in case of renegotiations. */
struct {
- /* actually only need to be 16+20 for SSLv3 and 12 for TLS */
- uint8_t finish_md[EVP_MAX_MD_SIZE * 2];
+ uint8_t finish_md[EVP_MAX_MD_SIZE];
int finish_md_len;
- uint8_t peer_finish_md[EVP_MAX_MD_SIZE * 2];
+ uint8_t peer_finish_md[EVP_MAX_MD_SIZE];
int peer_finish_md_len;
unsigned long message_size;
@@ -4066,9 +4048,6 @@
/* used to hold the new cipher we are going to use */
const SSL_CIPHER *new_cipher;
- DH *dh;
-
- EC_KEY *ecdh; /* holds short lived ECDH key */
/* used when SSL_ST_FLUSH_DATA is entered */
int next_state;
@@ -4118,13 +4097,12 @@
uint8_t *certificate_types;
size_t num_certificate_types;
- int key_block_length;
uint8_t *key_block;
+ uint8_t key_block_length;
- const EVP_AEAD *new_aead;
uint8_t new_mac_secret_len;
+ uint8_t new_key_len;
uint8_t new_fixed_iv_len;
- uint8_t new_variable_iv_len;
/* Server-only: cert_request is true if a client certificate was
* requested. */
@@ -4169,11 +4147,12 @@
* |TLSEXT_hash_none|. */
uint8_t server_key_exchange_hash;
- /* peer_dh_tmp, on a client, is the server's DHE public key. */
- DH *peer_dh_tmp;
+ /* ecdh_ctx is the current ECDH instance. */
+ SSL_ECDH_CTX ecdh_ctx;
- /* peer_ecdh_tmp, on a client, is the server's ECDHE public key. */
- EC_KEY *peer_ecdh_tmp;
+ /* peer_key is the peer's ECDH key. */
+ uint8_t *peer_key;
+ uint16_t peer_key_len;
} tmp;
/* Connection binding to prevent renegotiation attacks */
@@ -4186,6 +4165,15 @@
/* Set if we saw the Next Protocol Negotiation extension from our peer. */
int next_proto_neg_seen;
+ /* Next protocol negotiation. For the client, this is the protocol that we
+ * sent in NextProtocol and is set when handling ServerHello extensions.
+ *
+ * For a server, this is the client's selected_protocol from NextProtocol and
+ * is set when handling the NextProtocol message, before the Finished
+ * message. */
+ uint8_t *next_proto_negotiated;
+ size_t next_proto_negotiated_len;
+
/* ALPN information
* (we are in the process of transitioning from NPN to ALPN.) */
@@ -4223,6 +4211,14 @@
OPENSSL_EXPORT int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method);
+/* Nodejs compatibility section (hidden).
+ *
+ * These defines exist for node.js, with the hope that we can eliminate the
+ * need for them over time. */
+#define SSLerr(function, reason) \
+ ERR_put_error(ERR_LIB_SSL, 0, reason, __FILE__, __LINE__)
+
+
/* Preprocessor compatibility section (hidden).
*
* Historically, a number of APIs were implemented in OpenSSL as macros and
@@ -4369,185 +4365,147 @@
#define SSL_R_BAD_DIGEST_LENGTH 106
#define SSL_R_BAD_ECC_CERT 107
#define SSL_R_BAD_ECPOINT 108
-#define SSL_R_BAD_HANDSHAKE_LENGTH 109
-#define SSL_R_BAD_HANDSHAKE_RECORD 110
-#define SSL_R_BAD_HELLO_REQUEST 111
-#define SSL_R_BAD_LENGTH 112
-#define SSL_R_BAD_PACKET_LENGTH 113
-#define SSL_R_BAD_RSA_ENCRYPT 114
-#define SSL_R_BAD_SIGNATURE 115
-#define SSL_R_BAD_SRTP_MKI_VALUE 116
-#define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 117
-#define SSL_R_BAD_SSL_FILETYPE 118
-#define SSL_R_BAD_WRITE_RETRY 119
-#define SSL_R_BIO_NOT_SET 120
-#define SSL_R_BN_LIB 121
-#define SSL_R_CANNOT_SERIALIZE_PUBLIC_KEY 122
-#define SSL_R_CA_DN_LENGTH_MISMATCH 123
-#define SSL_R_CA_DN_TOO_LONG 124
-#define SSL_R_CCS_RECEIVED_EARLY 125
-#define SSL_R_CERTIFICATE_VERIFY_FAILED 126
-#define SSL_R_CERT_CB_ERROR 127
-#define SSL_R_CERT_LENGTH_MISMATCH 128
-#define SSL_R_CHANNEL_ID_NOT_P256 129
-#define SSL_R_CHANNEL_ID_SIGNATURE_INVALID 130
-#define SSL_R_CIPHER_CODE_WRONG_LENGTH 131
-#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 132
-#define SSL_R_CLIENTHELLO_PARSE_FAILED 133
-#define SSL_R_CLIENTHELLO_TLSEXT 134
-#define SSL_R_CONNECTION_REJECTED 135
-#define SSL_R_CONNECTION_TYPE_NOT_SET 136
-#define SSL_R_COOKIE_MISMATCH 137
-#define SSL_R_D2I_ECDSA_SIG 138
-#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 139
-#define SSL_R_DATA_LENGTH_TOO_LONG 140
-#define SSL_R_DECODE_ERROR 141
-#define SSL_R_DECRYPTION_FAILED 142
-#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 143
-#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 144
-#define SSL_R_DIGEST_CHECK_FAILED 145
-#define SSL_R_DTLS_MESSAGE_TOO_BIG 146
-#define SSL_R_ECC_CERT_NOT_FOR_SIGNING 147
-#define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 148
-#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 149
-#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 150
-#define SSL_R_EVP_DIGESTSIGNFINAL_FAILED 151
-#define SSL_R_EVP_DIGESTSIGNINIT_FAILED 152
-#define SSL_R_EXCESSIVE_MESSAGE_SIZE 153
-#define SSL_R_EXTRA_DATA_IN_MESSAGE 154
-#define SSL_R_GOT_A_FIN_BEFORE_A_CCS 155
-#define SSL_R_GOT_CHANNEL_ID_BEFORE_A_CCS 156
-#define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS 157
-#define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 158
-#define SSL_R_HANDSHAKE_FAILURE_ON_CLIENT_HELLO 159
-#define SSL_R_HANDSHAKE_RECORD_BEFORE_CCS 160
-#define SSL_R_HTTPS_PROXY_REQUEST 161
-#define SSL_R_HTTP_REQUEST 162
-#define SSL_R_INAPPROPRIATE_FALLBACK 163
-#define SSL_R_INVALID_COMMAND 164
-#define SSL_R_INVALID_MESSAGE 165
-#define SSL_R_INVALID_SSL_SESSION 166
-#define SSL_R_INVALID_TICKET_KEYS_LENGTH 167
-#define SSL_R_LENGTH_MISMATCH 168
-#define SSL_R_LIBRARY_HAS_NO_CIPHERS 169
-#define SSL_R_MISSING_DH_KEY 170
-#define SSL_R_MISSING_ECDSA_SIGNING_CERT 171
-#define SSL_R_MISSING_RSA_CERTIFICATE 172
-#define SSL_R_MISSING_RSA_ENCRYPTING_CERT 173
-#define SSL_R_MISSING_RSA_SIGNING_CERT 174
-#define SSL_R_MISSING_TMP_DH_KEY 175
-#define SSL_R_MISSING_TMP_ECDH_KEY 176
-#define SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS 177
-#define SSL_R_MTU_TOO_SMALL 178
-#define SSL_R_NESTED_GROUP 179
-#define SSL_R_NO_CERTIFICATES_RETURNED 180
-#define SSL_R_NO_CERTIFICATE_ASSIGNED 181
-#define SSL_R_NO_CERTIFICATE_SET 182
-#define SSL_R_NO_CIPHERS_AVAILABLE 183
-#define SSL_R_NO_CIPHERS_PASSED 184
-#define SSL_R_NO_CIPHERS_SPECIFIED 185
-#define SSL_R_NO_CIPHER_MATCH 186
-#define SSL_R_NO_COMPRESSION_SPECIFIED 187
-#define SSL_R_NO_METHOD_SPECIFIED 188
-#define SSL_R_NO_P256_SUPPORT 189
-#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190
-#define SSL_R_NO_RENEGOTIATION 191
-#define SSL_R_NO_REQUIRED_DIGEST 192
-#define SSL_R_NO_SHARED_CIPHER 193
-#define SSL_R_NO_SHARED_SIGATURE_ALGORITHMS 194
-#define SSL_R_NO_SRTP_PROFILES 195
-#define SSL_R_NULL_SSL_CTX 196
-#define SSL_R_NULL_SSL_METHOD_PASSED 197
-#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 198
-#define SSL_R_PACKET_LENGTH_TOO_LONG 199
-#define SSL_R_PARSE_TLSEXT 200
-#define SSL_R_PATH_TOO_LONG 201
-#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 202
-#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 203
-#define SSL_R_PROTOCOL_IS_SHUTDOWN 204
-#define SSL_R_PSK_IDENTITY_NOT_FOUND 205
-#define SSL_R_PSK_NO_CLIENT_CB 206
-#define SSL_R_PSK_NO_SERVER_CB 207
-#define SSL_R_READ_BIO_NOT_SET 208
-#define SSL_R_READ_TIMEOUT_EXPIRED 209
-#define SSL_R_RECORD_LENGTH_MISMATCH 210
-#define SSL_R_RECORD_TOO_LARGE 211
-#define SSL_R_RENEGOTIATE_EXT_TOO_LONG 212
-#define SSL_R_RENEGOTIATION_ENCODING_ERR 213
-#define SSL_R_RENEGOTIATION_MISMATCH 214
-#define SSL_R_REQUIRED_CIPHER_MISSING 215
-#define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 216
-#define SSL_R_SERVERHELLO_TLSEXT 217
-#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 218
-#define SSL_R_SESSION_MAY_NOT_BE_CREATED 219
-#define SSL_R_SIGNATURE_ALGORITHMS_ERROR 220
-#define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 221
-#define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 222
-#define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 223
-#define SSL_R_SSL3_EXT_INVALID_SERVERNAME 224
-#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 225
-#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 226
-#define SSL_R_SSL_HANDSHAKE_FAILURE 227
-#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 228
-#define SSL_R_SSL_SESSION_ID_CONFLICT 229
-#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 230
-#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 231
-#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232
-#define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 233
-#define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 234
-#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 235
-#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 236
-#define SSL_R_TOO_MANY_EMPTY_FRAGMENTS 237
-#define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 238
-#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239
-#define SSL_R_UNEXPECTED_GROUP_CLOSE 240
-#define SSL_R_UNEXPECTED_MESSAGE 241
-#define SSL_R_UNEXPECTED_OPERATOR_IN_GROUP 242
-#define SSL_R_UNEXPECTED_RECORD 243
-#define SSL_R_UNINITIALIZED 244
-#define SSL_R_UNKNOWN_ALERT_TYPE 245
-#define SSL_R_UNKNOWN_CERTIFICATE_TYPE 246
-#define SSL_R_UNKNOWN_CIPHER_RETURNED 247
-#define SSL_R_UNKNOWN_CIPHER_TYPE 248
-#define SSL_R_UNKNOWN_DIGEST 249
-#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250
-#define SSL_R_UNKNOWN_PROTOCOL 251
-#define SSL_R_UNKNOWN_SSL_VERSION 252
-#define SSL_R_UNKNOWN_STATE 253
-#define SSL_R_UNPROCESSED_HANDSHAKE_DATA 254
-#define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 255
-#define SSL_R_UNSUPPORTED_CIPHER 256
-#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257
-#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 258
-#define SSL_R_UNSUPPORTED_PROTOCOL 259
-#define SSL_R_UNSUPPORTED_SSL_VERSION 260
-#define SSL_R_USE_SRTP_NOT_NEGOTIATED 261
-#define SSL_R_WRONG_CERTIFICATE_TYPE 262
-#define SSL_R_WRONG_CIPHER_RETURNED 263
-#define SSL_R_WRONG_CURVE 264
-#define SSL_R_WRONG_MESSAGE_TYPE 265
-#define SSL_R_WRONG_SIGNATURE_TYPE 266
-#define SSL_R_WRONG_SSL_VERSION 267
-#define SSL_R_WRONG_VERSION_NUMBER 268
-#define SSL_R_X509_LIB 269
-#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 270
-#define SSL_R_FRAGMENT_MISMATCH 271
-#define SSL_R_BUFFER_TOO_SMALL 272
-#define SSL_R_OLD_SESSION_VERSION_NOT_RETURNED 273
-#define SSL_R_OUTPUT_ALIASES_INPUT 274
-#define SSL_R_RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION 275
-#define SSL_R_EMS_STATE_INCONSISTENT 276
-#define SSL_R_RESUMED_NON_EMS_SESSION_WITH_EMS_EXTENSION 277
-#define SSL_R_TOO_MANY_WARNING_ALERTS 278
-#define SSL_R_UNEXPECTED_EXTENSION 279
-#define SSL_R_SIGNATURE_ALGORITHMS_EXTENSION_SENT_BY_SERVER 280
-#define SSL_R_ERROR_ADDING_EXTENSION 281
-#define SSL_R_ERROR_PARSING_EXTENSION 282
-#define SSL_R_MISSING_EXTENSION 283
-#define SSL_R_CUSTOM_EXTENSION_CONTENTS_TOO_LARGE 284
-#define SSL_R_CUSTOM_EXTENSION_ERROR 285
-#define SSL_R_NEGOTIATED_BOTH_NPN_AND_ALPN 286
-#define SSL_R_DH_P_TOO_LONG 287
+#define SSL_R_BAD_HANDSHAKE_RECORD 109
+#define SSL_R_BAD_HELLO_REQUEST 110
+#define SSL_R_BAD_LENGTH 111
+#define SSL_R_BAD_PACKET_LENGTH 112
+#define SSL_R_BAD_RSA_ENCRYPT 113
+#define SSL_R_BAD_SIGNATURE 114
+#define SSL_R_BAD_SRTP_MKI_VALUE 115
+#define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 116
+#define SSL_R_BAD_SSL_FILETYPE 117
+#define SSL_R_BAD_WRITE_RETRY 118
+#define SSL_R_BIO_NOT_SET 119
+#define SSL_R_BN_LIB 120
+#define SSL_R_BUFFER_TOO_SMALL 121
+#define SSL_R_CA_DN_LENGTH_MISMATCH 122
+#define SSL_R_CA_DN_TOO_LONG 123
+#define SSL_R_CCS_RECEIVED_EARLY 124
+#define SSL_R_CERTIFICATE_VERIFY_FAILED 125
+#define SSL_R_CERT_CB_ERROR 126
+#define SSL_R_CERT_LENGTH_MISMATCH 127
+#define SSL_R_CHANNEL_ID_NOT_P256 128
+#define SSL_R_CHANNEL_ID_SIGNATURE_INVALID 129
+#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 130
+#define SSL_R_CLIENTHELLO_PARSE_FAILED 131
+#define SSL_R_CLIENTHELLO_TLSEXT 132
+#define SSL_R_CONNECTION_REJECTED 133
+#define SSL_R_CONNECTION_TYPE_NOT_SET 134
+#define SSL_R_CUSTOM_EXTENSION_ERROR 135
+#define SSL_R_DATA_LENGTH_TOO_LONG 136
+#define SSL_R_DECODE_ERROR 137
+#define SSL_R_DECRYPTION_FAILED 138
+#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 139
+#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 140
+#define SSL_R_DH_P_TOO_LONG 141
+#define SSL_R_DIGEST_CHECK_FAILED 142
+#define SSL_R_DTLS_MESSAGE_TOO_BIG 143
+#define SSL_R_ECC_CERT_NOT_FOR_SIGNING 144
+#define SSL_R_EMS_STATE_INCONSISTENT 145
+#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 146
+#define SSL_R_ERROR_ADDING_EXTENSION 147
+#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 148
+#define SSL_R_ERROR_PARSING_EXTENSION 149
+#define SSL_R_EXCESSIVE_MESSAGE_SIZE 150
+#define SSL_R_EXTRA_DATA_IN_MESSAGE 151
+#define SSL_R_FRAGMENT_MISMATCH 152
+#define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 153
+#define SSL_R_HANDSHAKE_FAILURE_ON_CLIENT_HELLO 154
+#define SSL_R_HTTPS_PROXY_REQUEST 155
+#define SSL_R_HTTP_REQUEST 156
+#define SSL_R_INAPPROPRIATE_FALLBACK 157
+#define SSL_R_INVALID_COMMAND 158
+#define SSL_R_INVALID_MESSAGE 159
+#define SSL_R_INVALID_SSL_SESSION 160
+#define SSL_R_INVALID_TICKET_KEYS_LENGTH 161
+#define SSL_R_LENGTH_MISMATCH 162
+#define SSL_R_LIBRARY_HAS_NO_CIPHERS 163
+#define SSL_R_MISSING_EXTENSION 164
+#define SSL_R_MISSING_RSA_CERTIFICATE 165
+#define SSL_R_MISSING_TMP_DH_KEY 166
+#define SSL_R_MISSING_TMP_ECDH_KEY 167
+#define SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS 168
+#define SSL_R_MTU_TOO_SMALL 169
+#define SSL_R_NEGOTIATED_BOTH_NPN_AND_ALPN 170
+#define SSL_R_NESTED_GROUP 171
+#define SSL_R_NO_CERTIFICATES_RETURNED 172
+#define SSL_R_NO_CERTIFICATE_ASSIGNED 173
+#define SSL_R_NO_CERTIFICATE_SET 174
+#define SSL_R_NO_CIPHERS_AVAILABLE 175
+#define SSL_R_NO_CIPHERS_PASSED 176
+#define SSL_R_NO_CIPHER_MATCH 177
+#define SSL_R_NO_COMPRESSION_SPECIFIED 178
+#define SSL_R_NO_METHOD_SPECIFIED 179
+#define SSL_R_NO_P256_SUPPORT 180
+#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 181
+#define SSL_R_NO_RENEGOTIATION 182
+#define SSL_R_NO_REQUIRED_DIGEST 183
+#define SSL_R_NO_SHARED_CIPHER 184
+#define SSL_R_NULL_SSL_CTX 185
+#define SSL_R_NULL_SSL_METHOD_PASSED 186
+#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 187
+#define SSL_R_OLD_SESSION_VERSION_NOT_RETURNED 188
+#define SSL_R_OUTPUT_ALIASES_INPUT 189
+#define SSL_R_PARSE_TLSEXT 190
+#define SSL_R_PATH_TOO_LONG 191
+#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 192
+#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 193
+#define SSL_R_PROTOCOL_IS_SHUTDOWN 194
+#define SSL_R_PSK_IDENTITY_NOT_FOUND 195
+#define SSL_R_PSK_NO_CLIENT_CB 196
+#define SSL_R_PSK_NO_SERVER_CB 197
+#define SSL_R_READ_TIMEOUT_EXPIRED 198
+#define SSL_R_RECORD_LENGTH_MISMATCH 199
+#define SSL_R_RECORD_TOO_LARGE 200
+#define SSL_R_RENEGOTIATION_ENCODING_ERR 201
+#define SSL_R_RENEGOTIATION_MISMATCH 202
+#define SSL_R_REQUIRED_CIPHER_MISSING 203
+#define SSL_R_RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION 204
+#define SSL_R_RESUMED_NON_EMS_SESSION_WITH_EMS_EXTENSION 205
+#define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 206
+#define SSL_R_SERVERHELLO_TLSEXT 207
+#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 208
+#define SSL_R_SESSION_MAY_NOT_BE_CREATED 209
+#define SSL_R_SIGNATURE_ALGORITHMS_EXTENSION_SENT_BY_SERVER 210
+#define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 211
+#define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 212
+#define SSL_R_SSL3_EXT_INVALID_SERVERNAME 213
+#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 214
+#define SSL_R_SSL_HANDSHAKE_FAILURE 215
+#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 216
+#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 217
+#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 218
+#define SSL_R_TOO_MANY_EMPTY_FRAGMENTS 219
+#define SSL_R_TOO_MANY_WARNING_ALERTS 220
+#define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 221
+#define SSL_R_UNEXPECTED_EXTENSION 222
+#define SSL_R_UNEXPECTED_MESSAGE 223
+#define SSL_R_UNEXPECTED_OPERATOR_IN_GROUP 224
+#define SSL_R_UNEXPECTED_RECORD 225
+#define SSL_R_UNINITIALIZED 226
+#define SSL_R_UNKNOWN_ALERT_TYPE 227
+#define SSL_R_UNKNOWN_CERTIFICATE_TYPE 228
+#define SSL_R_UNKNOWN_CIPHER_RETURNED 229
+#define SSL_R_UNKNOWN_CIPHER_TYPE 230
+#define SSL_R_UNKNOWN_DIGEST 231
+#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 232
+#define SSL_R_UNKNOWN_PROTOCOL 233
+#define SSL_R_UNKNOWN_SSL_VERSION 234
+#define SSL_R_UNKNOWN_STATE 235
+#define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 236
+#define SSL_R_UNSUPPORTED_CIPHER 237
+#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 238
+#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 239
+#define SSL_R_UNSUPPORTED_PROTOCOL 240
+#define SSL_R_WRONG_CERTIFICATE_TYPE 241
+#define SSL_R_WRONG_CIPHER_RETURNED 242
+#define SSL_R_WRONG_CURVE 243
+#define SSL_R_WRONG_MESSAGE_TYPE 244
+#define SSL_R_WRONG_SIGNATURE_TYPE 245
+#define SSL_R_WRONG_SSL_VERSION 246
+#define SSL_R_WRONG_VERSION_NUMBER 247
+#define SSL_R_X509_LIB 248
+#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 249
#define SSL_R_SSLV3_ALERT_CLOSE_NOTIFY 1000
#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/include/openssl/ssl3.h
^
|
| @@ -231,8 +231,6 @@
#define SSL_RT_MAX_CIPHER_BLOCK_SIZE 16
-#define SSL3_RT_MAX_EXTRA (16384)
-
/* Maximum plaintext length: defined by SSL/TLS standards */
#define SSL3_RT_MAX_PLAIN_LENGTH 16384
/* Maximum compression overhead: defined by SSL/TLS standards */
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/include/openssl/stack.h
^
|
| @@ -134,9 +134,6 @@
* STACK_OF:GENERAL_NAME
* STACK_OF:GENERAL_NAMES
* STACK_OF:GENERAL_SUBTREE
- * STACK_OF:MIME_HEADER
- * STACK_OF:PKCS7_RECIP_INFO
- * STACK_OF:PKCS7_SIGNER_INFO
* STACK_OF:POLICYINFO
* STACK_OF:POLICYQUALINFO
* STACK_OF:POLICY_MAPPING
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/include/openssl/stack_macros.h
^
|
| @@ -1430,262 +1430,6 @@
copy_func), \
CHECKED_CAST(void (*)(void *), void (*)(GENERAL_SUBTREE *), free_func)))
-/* MIME_HEADER */
-#define sk_MIME_HEADER_new(comp) \
- ((STACK_OF(MIME_HEADER) *)sk_new(CHECKED_CAST( \
- stack_cmp_func, int (*)(const MIME_HEADER **a, const MIME_HEADER **b), \
- comp)))
-
-#define sk_MIME_HEADER_new_null() ((STACK_OF(MIME_HEADER) *)sk_new_null())
-
-#define sk_MIME_HEADER_num(sk) \
- sk_num(CHECKED_CAST(_STACK *, STACK_OF(MIME_HEADER) *, sk))
-
-#define sk_MIME_HEADER_zero(sk) \
- sk_zero(CHECKED_CAST(_STACK *, STACK_OF(MIME_HEADER) *, sk));
-
-#define sk_MIME_HEADER_value(sk, i) \
- ((MIME_HEADER *)sk_value( \
- CHECKED_CAST(_STACK *, const STACK_OF(MIME_HEADER) *, sk), (i)))
-
-#define sk_MIME_HEADER_set(sk, i, p) \
- ((MIME_HEADER *)sk_set(CHECKED_CAST(_STACK *, STACK_OF(MIME_HEADER) *, sk), \
- (i), CHECKED_CAST(void *, MIME_HEADER *, p)))
-
-#define sk_MIME_HEADER_free(sk) \
- sk_free(CHECKED_CAST(_STACK *, STACK_OF(MIME_HEADER) *, sk))
-
-#define sk_MIME_HEADER_pop_free(sk, free_func) \
- sk_pop_free( \
- CHECKED_CAST(_STACK *, STACK_OF(MIME_HEADER) *, sk), \
- CHECKED_CAST(void (*)(void *), void (*)(MIME_HEADER *), free_func))
-
-#define sk_MIME_HEADER_insert(sk, p, where) \
- sk_insert(CHECKED_CAST(_STACK *, STACK_OF(MIME_HEADER) *, sk), \
- CHECKED_CAST(void *, MIME_HEADER *, p), (where))
-
-#define sk_MIME_HEADER_delete(sk, where) \
- ((MIME_HEADER *)sk_delete( \
- CHECKED_CAST(_STACK *, STACK_OF(MIME_HEADER) *, sk), (where)))
-
-#define sk_MIME_HEADER_delete_ptr(sk, p) \
- ((MIME_HEADER *)sk_delete_ptr( \
- CHECKED_CAST(_STACK *, STACK_OF(MIME_HEADER) *, sk), \
- CHECKED_CAST(void *, MIME_HEADER *, p)))
-
-#define sk_MIME_HEADER_find(sk, out_index, p) \
- sk_find(CHECKED_CAST(_STACK *, STACK_OF(MIME_HEADER) *, sk), (out_index), \
- CHECKED_CAST(void *, MIME_HEADER *, p))
-
-#define sk_MIME_HEADER_shift(sk) \
- ((MIME_HEADER *)sk_shift(CHECKED_CAST(_STACK *, STACK_OF(MIME_HEADER) *, sk)))
-
-#define sk_MIME_HEADER_push(sk, p) \
- sk_push(CHECKED_CAST(_STACK *, STACK_OF(MIME_HEADER) *, sk), \
- CHECKED_CAST(void *, MIME_HEADER *, p))
-
-#define sk_MIME_HEADER_pop(sk) \
- ((MIME_HEADER *)sk_pop(CHECKED_CAST(_STACK *, STACK_OF(MIME_HEADER) *, sk)))
-
-#define sk_MIME_HEADER_dup(sk) \
- ((STACK_OF(MIME_HEADER) *)sk_dup( \
- CHECKED_CAST(_STACK *, const STACK_OF(MIME_HEADER) *, sk)))
-
-#define sk_MIME_HEADER_sort(sk) \
- sk_sort(CHECKED_CAST(_STACK *, STACK_OF(MIME_HEADER) *, sk))
-
-#define sk_MIME_HEADER_is_sorted(sk) \
- sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(MIME_HEADER) *, sk))
-
-#define sk_MIME_HEADER_set_cmp_func(sk, comp) \
- ((int (*)(const MIME_HEADER **a, const MIME_HEADER **b))sk_set_cmp_func( \
- CHECKED_CAST(_STACK *, STACK_OF(MIME_HEADER) *, sk), \
- CHECKED_CAST(stack_cmp_func, \
- int (*)(const MIME_HEADER **a, const MIME_HEADER **b), \
- comp)))
-
-#define sk_MIME_HEADER_deep_copy(sk, copy_func, free_func) \
- ((STACK_OF(MIME_HEADER) *)sk_deep_copy( \
- CHECKED_CAST(const _STACK *, const STACK_OF(MIME_HEADER) *, sk), \
- CHECKED_CAST(void *(*)(void *), MIME_HEADER *(*)(MIME_HEADER *), \
- copy_func), \
- CHECKED_CAST(void (*)(void *), void (*)(MIME_HEADER *), free_func)))
-
-/* PKCS7_RECIP_INFO */
-#define sk_PKCS7_RECIP_INFO_new(comp) \
- ((STACK_OF(PKCS7_RECIP_INFO) *)sk_new(CHECKED_CAST( \
- stack_cmp_func, \
- int (*)(const PKCS7_RECIP_INFO **a, const PKCS7_RECIP_INFO **b), comp)))
-
-#define sk_PKCS7_RECIP_INFO_new_null() \
- ((STACK_OF(PKCS7_RECIP_INFO) *)sk_new_null())
-
-#define sk_PKCS7_RECIP_INFO_num(sk) \
- sk_num(CHECKED_CAST(_STACK *, STACK_OF(PKCS7_RECIP_INFO) *, sk))
-
-#define sk_PKCS7_RECIP_INFO_zero(sk) \
- sk_zero(CHECKED_CAST(_STACK *, STACK_OF(PKCS7_RECIP_INFO) *, sk));
-
-#define sk_PKCS7_RECIP_INFO_value(sk, i) \
- ((PKCS7_RECIP_INFO *)sk_value( \
- CHECKED_CAST(_STACK *, const STACK_OF(PKCS7_RECIP_INFO) *, sk), (i)))
-
-#define sk_PKCS7_RECIP_INFO_set(sk, i, p) \
- ((PKCS7_RECIP_INFO *)sk_set( \
- CHECKED_CAST(_STACK *, STACK_OF(PKCS7_RECIP_INFO) *, sk), (i), \
- CHECKED_CAST(void *, PKCS7_RECIP_INFO *, p)))
-
-#define sk_PKCS7_RECIP_INFO_free(sk) \
- sk_free(CHECKED_CAST(_STACK *, STACK_OF(PKCS7_RECIP_INFO) *, sk))
-
-#define sk_PKCS7_RECIP_INFO_pop_free(sk, free_func) \
- sk_pop_free( \
- CHECKED_CAST(_STACK *, STACK_OF(PKCS7_RECIP_INFO) *, sk), \
- CHECKED_CAST(void (*)(void *), void (*)(PKCS7_RECIP_INFO *), free_func))
-
-#define sk_PKCS7_RECIP_INFO_insert(sk, p, where) \
- sk_insert(CHECKED_CAST(_STACK *, STACK_OF(PKCS7_RECIP_INFO) *, sk), \
- CHECKED_CAST(void *, PKCS7_RECIP_INFO *, p), (where))
-
-#define sk_PKCS7_RECIP_INFO_delete(sk, where) \
- ((PKCS7_RECIP_INFO *)sk_delete( \
- CHECKED_CAST(_STACK *, STACK_OF(PKCS7_RECIP_INFO) *, sk), (where)))
-
-#define sk_PKCS7_RECIP_INFO_delete_ptr(sk, p) \
- ((PKCS7_RECIP_INFO *)sk_delete_ptr( \
- CHECKED_CAST(_STACK *, STACK_OF(PKCS7_RECIP_INFO) *, sk), \
- CHECKED_CAST(void *, PKCS7_RECIP_INFO *, p)))
-
-#define sk_PKCS7_RECIP_INFO_find(sk, out_index, p) \
- sk_find(CHECKED_CAST(_STACK *, STACK_OF(PKCS7_RECIP_INFO) *, sk), \
- (out_index), CHECKED_CAST(void *, PKCS7_RECIP_INFO *, p))
-
-#define sk_PKCS7_RECIP_INFO_shift(sk) \
- ((PKCS7_RECIP_INFO *)sk_shift( \
- CHECKED_CAST(_STACK *, STACK_OF(PKCS7_RECIP_INFO) *, sk)))
-
-#define sk_PKCS7_RECIP_INFO_push(sk, p) \
- sk_push(CHECKED_CAST(_STACK *, STACK_OF(PKCS7_RECIP_INFO) *, sk), \
- CHECKED_CAST(void *, PKCS7_RECIP_INFO *, p))
-
-#define sk_PKCS7_RECIP_INFO_pop(sk) \
- ((PKCS7_RECIP_INFO *)sk_pop( \
- CHECKED_CAST(_STACK *, STACK_OF(PKCS7_RECIP_INFO) *, sk)))
-
-#define sk_PKCS7_RECIP_INFO_dup(sk) \
- ((STACK_OF(PKCS7_RECIP_INFO) *)sk_dup( \
- CHECKED_CAST(_STACK *, const STACK_OF(PKCS7_RECIP_INFO) *, sk)))
-
-#define sk_PKCS7_RECIP_INFO_sort(sk) \
- sk_sort(CHECKED_CAST(_STACK *, STACK_OF(PKCS7_RECIP_INFO) *, sk))
-
-#define sk_PKCS7_RECIP_INFO_is_sorted(sk) \
- sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(PKCS7_RECIP_INFO) *, sk))
-
-#define sk_PKCS7_RECIP_INFO_set_cmp_func(sk, comp) \
- ((int (*)(const PKCS7_RECIP_INFO **a, const PKCS7_RECIP_INFO **b)) \
- sk_set_cmp_func( \
- CHECKED_CAST(_STACK *, STACK_OF(PKCS7_RECIP_INFO) *, sk), \
- CHECKED_CAST(stack_cmp_func, int (*)(const PKCS7_RECIP_INFO **a, \
- const PKCS7_RECIP_INFO **b), \
- comp)))
-
-#define sk_PKCS7_RECIP_INFO_deep_copy(sk, copy_func, free_func) \
- ((STACK_OF(PKCS7_RECIP_INFO) *)sk_deep_copy( \
- CHECKED_CAST(const _STACK *, const STACK_OF(PKCS7_RECIP_INFO) *, sk), \
- CHECKED_CAST(void *(*)(void *), \
- PKCS7_RECIP_INFO *(*)(PKCS7_RECIP_INFO *), copy_func), \
- CHECKED_CAST(void (*)(void *), void (*)(PKCS7_RECIP_INFO *), \
- free_func)))
-
-/* PKCS7_SIGNER_INFO */
-#define sk_PKCS7_SIGNER_INFO_new(comp) \
- ((STACK_OF(PKCS7_SIGNER_INFO) *)sk_new(CHECKED_CAST( \
- stack_cmp_func, \
- int (*)(const PKCS7_SIGNER_INFO **a, const PKCS7_SIGNER_INFO **b), \
- comp)))
-
-#define sk_PKCS7_SIGNER_INFO_new_null() \
- ((STACK_OF(PKCS7_SIGNER_INFO) *)sk_new_null())
-
-#define sk_PKCS7_SIGNER_INFO_num(sk) \
- sk_num(CHECKED_CAST(_STACK *, STACK_OF(PKCS7_SIGNER_INFO) *, sk))
-
-#define sk_PKCS7_SIGNER_INFO_zero(sk) \
- sk_zero(CHECKED_CAST(_STACK *, STACK_OF(PKCS7_SIGNER_INFO) *, sk));
-
-#define sk_PKCS7_SIGNER_INFO_value(sk, i) \
- ((PKCS7_SIGNER_INFO *)sk_value( \
- CHECKED_CAST(_STACK *, const STACK_OF(PKCS7_SIGNER_INFO) *, sk), (i)))
-
-#define sk_PKCS7_SIGNER_INFO_set(sk, i, p) \
- ((PKCS7_SIGNER_INFO *)sk_set( \
- CHECKED_CAST(_STACK *, STACK_OF(PKCS7_SIGNER_INFO) *, sk), (i), \
- CHECKED_CAST(void *, PKCS7_SIGNER_INFO *, p)))
-
-#define sk_PKCS7_SIGNER_INFO_free(sk) \
- sk_free(CHECKED_CAST(_STACK *, STACK_OF(PKCS7_SIGNER_INFO) *, sk))
-
-#define sk_PKCS7_SIGNER_INFO_pop_free(sk, free_func) \
- sk_pop_free(CHECKED_CAST(_STACK *, STACK_OF(PKCS7_SIGNER_INFO) *, sk), \
- CHECKED_CAST(void (*)(void *), void (*)(PKCS7_SIGNER_INFO *), \
- free_func))
-
-#define sk_PKCS7_SIGNER_INFO_insert(sk, p, where) \
- sk_insert(CHECKED_CAST(_STACK *, STACK_OF(PKCS7_SIGNER_INFO) *, sk), \
- CHECKED_CAST(void *, PKCS7_SIGNER_INFO *, p), (where))
-
-#define sk_PKCS7_SIGNER_INFO_delete(sk, where) \
- ((PKCS7_SIGNER_INFO *)sk_delete( \
- CHECKED_CAST(_STACK *, STACK_OF(PKCS7_SIGNER_INFO) *, sk), (where)))
-
-#define sk_PKCS7_SIGNER_INFO_delete_ptr(sk, p) \
- ((PKCS7_SIGNER_INFO *)sk_delete_ptr( \
- CHECKED_CAST(_STACK *, STACK_OF(PKCS7_SIGNER_INFO) *, sk), \
- CHECKED_CAST(void *, PKCS7_SIGNER_INFO *, p)))
-
-#define sk_PKCS7_SIGNER_INFO_find(sk, out_index, p) \
- sk_find(CHECKED_CAST(_STACK *, STACK_OF(PKCS7_SIGNER_INFO) *, sk), \
- (out_index), CHECKED_CAST(void *, PKCS7_SIGNER_INFO *, p))
-
-#define sk_PKCS7_SIGNER_INFO_shift(sk) \
- ((PKCS7_SIGNER_INFO *)sk_shift( \
- CHECKED_CAST(_STACK *, STACK_OF(PKCS7_SIGNER_INFO) *, sk)))
-
-#define sk_PKCS7_SIGNER_INFO_push(sk, p) \
- sk_push(CHECKED_CAST(_STACK *, STACK_OF(PKCS7_SIGNER_INFO) *, sk), \
- CHECKED_CAST(void *, PKCS7_SIGNER_INFO *, p))
-
-#define sk_PKCS7_SIGNER_INFO_pop(sk) \
- ((PKCS7_SIGNER_INFO *)sk_pop( \
- CHECKED_CAST(_STACK *, STACK_OF(PKCS7_SIGNER_INFO) *, sk)))
-
-#define sk_PKCS7_SIGNER_INFO_dup(sk) \
- ((STACK_OF(PKCS7_SIGNER_INFO) *)sk_dup( \
- CHECKED_CAST(_STACK *, const STACK_OF(PKCS7_SIGNER_INFO) *, sk)))
-
-#define sk_PKCS7_SIGNER_INFO_sort(sk) \
- sk_sort(CHECKED_CAST(_STACK *, STACK_OF(PKCS7_SIGNER_INFO) *, sk))
-
-#define sk_PKCS7_SIGNER_INFO_is_sorted(sk) \
- sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(PKCS7_SIGNER_INFO) *, sk))
-
-#define sk_PKCS7_SIGNER_INFO_set_cmp_func(sk, comp) \
- ((int (*)(const PKCS7_SIGNER_INFO **a, const PKCS7_SIGNER_INFO **b)) \
- sk_set_cmp_func( \
- CHECKED_CAST(_STACK *, STACK_OF(PKCS7_SIGNER_INFO) *, sk), \
- CHECKED_CAST(stack_cmp_func, int (*)(const PKCS7_SIGNER_INFO **a, \
- const PKCS7_SIGNER_INFO **b), \
- comp)))
-
-#define sk_PKCS7_SIGNER_INFO_deep_copy(sk, copy_func, free_func) \
- ((STACK_OF(PKCS7_SIGNER_INFO) *)sk_deep_copy( \
- CHECKED_CAST(const _STACK *, const STACK_OF(PKCS7_SIGNER_INFO) *, sk), \
- CHECKED_CAST(void *(*)(void *), \
- PKCS7_SIGNER_INFO *(*)(PKCS7_SIGNER_INFO *), copy_func), \
- CHECKED_CAST(void (*)(void *), void (*)(PKCS7_SIGNER_INFO *), \
- free_func)))
-
/* POLICYINFO */
#define sk_POLICYINFO_new(comp) \
((STACK_OF(POLICYINFO) *)sk_new(CHECKED_CAST( \
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/include/openssl/tls1.h
^
|
| @@ -218,7 +218,7 @@
/* ExtensionType value from RFC7685 */
#define TLSEXT_TYPE_padding 21
-/* https://tools.ietf.org/html/draft-ietf-tls-session-hash-01 */
+/* ExtensionType value from RFC7627 */
#define TLSEXT_TYPE_extended_master_secret 23
/* ExtensionType value from RFC4507 */
@@ -430,12 +430,14 @@
#define TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD 0x0300CC13
#define TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD 0x0300CC14
-/* TODO(davidben): Remove these once WebRTC is no longer using them, so they
- * may point to the future RFC 7539 variant. */
+#define TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0x0300CCA8
+#define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0x0300CCA9
+#define TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0x0300CCAC
+
+/* TODO(davidben): Remove this. Historically, the CK names for CHACHA20_POLY1305
+ * were missing 'WITH' and 'SHA256'. */
#define TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305 \
- TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD
-#define TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305 \
- TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD
+ TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
/* XXX
* Inconsistency alert:
@@ -597,14 +599,25 @@
#define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 "ECDH-RSA-AES128-GCM-SHA256"
#define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 "ECDH-RSA-AES256-GCM-SHA384"
+/* For convenience, the old and new CHACHA20_POLY1305 ciphers have the same
+ * name. In cipher strings, both will be selected. This is temporary and will be
+ * removed when the pre-standard construction is removed. */
#define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_OLD \
"ECDHE-RSA-CHACHA20-POLY1305"
#define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_OLD \
"ECDHE-ECDSA-CHACHA20-POLY1305"
-/* TODO(davidben): Remove this once QUIC has switched to the '_OLD' name. */
+#define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 \
+ "ECDHE-RSA-CHACHA20-POLY1305"
+#define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 \
+ "ECDHE-ECDSA-CHACHA20-POLY1305"
+#define TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 \
+ "ECDHE-PSK-CHACHA20-POLY1305"
+
+/* TODO(davidben): Remove this. Historically, the TXT names for CHACHA20_POLY1305
+ * were missing 'SHA256'. */
#define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305 \
- TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_OLD
+ TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
#define TLS_CT_RSA_SIGN 1
#define TLS_CT_DSS_SIGN 2
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/include/openssl/x509.h
^
|
| @@ -618,12 +618,10 @@
OPENSSL_EXPORT int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
OPENSSL_EXPORT int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx);
-/* int X509_http_nbio(OCSP_REQ_CTX *rctx, X509 **pcert); */
OPENSSL_EXPORT int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md);
OPENSSL_EXPORT int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx);
OPENSSL_EXPORT int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);
OPENSSL_EXPORT int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx);
-/* int X509_CRL_http_nbio(OCSP_REQ_CTX *rctx, X509_CRL **pcrl); */
OPENSSL_EXPORT int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md);
OPENSSL_EXPORT int X509_pubkey_digest(const X509 *data,const EVP_MD *type,
@@ -787,7 +785,7 @@
* |x|. */
OPENSSL_EXPORT X509 *X509_up_ref(X509 *x);
-OPENSSL_EXPORT int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+OPENSSL_EXPORT int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_unused *unused,
CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
OPENSSL_EXPORT int X509_set_ex_data(X509 *r, int idx, void *arg);
OPENSSL_EXPORT void *X509_get_ex_data(X509 *r, int idx);
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/include/openssl/x509_vfy.h
^
|
| @@ -412,6 +412,11 @@
/* Allow partial chains if at least one certificate is in trusted store */
#define X509_V_FLAG_PARTIAL_CHAIN 0x80000
+/* If the initial chain is not trusted, do not attempt to build an alternative
+ * chain. Alternate chain checking was introduced in 1.0.2b. Setting this flag
+ * will force the behaviour to match that of previous versions. */
+#define X509_V_FLAG_NO_ALT_CHAINS 0x100000
+
#define X509_VP_FLAG_DEFAULT 0x1
#define X509_VP_FLAG_OVERWRITE 0x2
#define X509_VP_FLAG_RESET_FLAGS 0x4
@@ -498,7 +503,7 @@
OPENSSL_EXPORT int X509_STORE_set_default_paths(X509_STORE *ctx);
#endif
-OPENSSL_EXPORT int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+OPENSSL_EXPORT int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_unused *unused,
CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
OPENSSL_EXPORT int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx,int idx,void *data);
OPENSSL_EXPORT void * X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx,int idx);
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/ssl/internal.h
^
|
| @@ -155,7 +155,7 @@
#include <winsock2.h>
#pragma warning(pop)
#else
-#include <sys/types.h>
+#include <sys/time.h>
#endif
@@ -183,6 +183,7 @@
#define SSL_AES256GCM 0x00000020L
#define SSL_CHACHA20POLY1305_OLD 0x00000040L
#define SSL_eNULL 0x00000080L
+#define SSL_CHACHA20POLY1305 0x00000100L
#define SSL_AES (SSL_AES128 | SSL_AES256 | SSL_AES128GCM | SSL_AES256GCM)
@@ -266,7 +267,7 @@
EVP_AEAD_CTX ctx;
/* fixed_nonce contains any bytes of the nonce that are fixed for all
* records. */
- uint8_t fixed_nonce[8];
+ uint8_t fixed_nonce[12];
uint8_t fixed_nonce_len, variable_nonce_len;
/* variable_nonce_included_in_record is non-zero if the variable nonce
* for a record is included as a prefix before the ciphertext. */
@@ -281,6 +282,9 @@
/* omit_version_in_ad is non-zero if the version should be omitted
* in the AEAD's ad parameter. */
char omit_version_in_ad;
+ /* xor_fixed_nonce is non-zero if the fixed nonce should be XOR'd into the
+ * variable nonce rather than prepended. */
+ char xor_fixed_nonce;
} /* SSL_AEAD_CTX */;
/* SSL_AEAD_CTX_new creates a newly-allocated |SSL_AEAD_CTX| using the supplied
@@ -342,6 +346,10 @@
/* Record layer. */
+/* ssl_record_sequence_update increments the sequence number in |seq|. It
+ * returns one on success and zero on wraparound. */
+int ssl_record_sequence_update(uint8_t *seq, size_t seq_len);
+
/* ssl_record_prefix_len returns the length of the prefix before the ciphertext
* of a record for |ssl|.
*
@@ -428,6 +436,14 @@
uint8_t type, const uint8_t *in, size_t in_len,
enum dtls1_use_epoch_t use_epoch);
+/* ssl_set_read_state sets |ssl|'s read cipher state to |aead_ctx|. It takes
+ * ownership of |aead_ctx|. */
+void ssl_set_read_state(SSL *ssl, SSL_AEAD_CTX *aead_ctx);
+
+/* ssl_set_write_state sets |ssl|'s write cipher state to |aead_ctx|. It takes
+ * ownership of |aead_ctx|. */
+void ssl_set_write_state(SSL *ssl, SSL_AEAD_CTX *aead_ctx);
+
/* Private key operations. */
@@ -503,13 +519,69 @@
void ssl3_free_handshake_buffer(SSL *ssl);
/* ssl3_free_handshake_hash releases the handshake hash. */
-void ssl3_free_handshake_hash(SSL *s);
+void ssl3_free_handshake_hash(SSL *ssl);
/* ssl3_update_handshake_hash adds |in| to the handshake buffer and handshake
* hash, whichever is enabled. It returns one on success and zero on failure. */
int ssl3_update_handshake_hash(SSL *ssl, const uint8_t *in, size_t in_len);
+/* ECDH curves. */
+
+#define SSL_CURVE_SECP256R1 23
+#define SSL_CURVE_SECP384R1 24
+#define SSL_CURVE_SECP521R1 25
+#define SSL_CURVE_X25519 29
+
+/* An SSL_ECDH_METHOD is an implementation of ECDH-like key exchanges for
+ * TLS. */
+struct ssl_ecdh_method_st {
+ int nid;
+ uint16_t curve_id;
+ const char name[8];
+
+ /* cleanup releases state in |ctx|. */
+ void (*cleanup)(SSL_ECDH_CTX *ctx);
+
+ /* generate_keypair generates a keypair and writes the public value to
+ * |out_public_key|. It returns one on success and zero on error. */
+ int (*generate_keypair)(SSL_ECDH_CTX *ctx, CBB *out_public_key);
+
+ /* compute_secret performs a key exchange against |peer_key| and, on
+ * success, returns one and sets |*out_secret| and |*out_secret_len| to
+ * a newly-allocated buffer containing the shared secret. The caller must
+ * release this buffer with |OPENSSL_free|. Otherwise, it returns zero and
+ * sets |*out_alert| to an alert to send to the peer. */
+ int (*compute_secret)(SSL_ECDH_CTX *ctx, uint8_t **out_secret,
+ size_t *out_secret_len, uint8_t *out_alert,
+ const uint8_t *peer_key, size_t peer_key_len);
+} /* SSL_ECDH_METHOD */;
+
+/* ssl_nid_to_curve_id looks up the curve corresponding to |nid|. On success, it
+ * sets |*out_curve_id| to the curve ID and returns one. Otherwise, it returns
+ * zero. */
+int ssl_nid_to_curve_id(uint16_t *out_curve_id, int nid);
+
+/* SSL_ECDH_CTX_init sets up |ctx| for use with curve |curve_id|. It returns one
+ * on success and zero on error. */
+int SSL_ECDH_CTX_init(SSL_ECDH_CTX *ctx, uint16_t curve_id);
+
+/* SSL_ECDH_CTX_init_for_dhe sets up |ctx| for use with legacy DHE-based ciphers
+ * where the server specifies a group. It takes ownership of |params|. */
+void SSL_ECDH_CTX_init_for_dhe(SSL_ECDH_CTX *ctx, DH *params);
+
+/* SSL_ECDH_CTX_cleanup releases memory associated with |ctx|. It is legal to
+ * call it in the zero state. */
+void SSL_ECDH_CTX_cleanup(SSL_ECDH_CTX *ctx);
+
+/* The following functions call the corresponding method of
+ * |SSL_ECDH_METHOD|. */
+int SSL_ECDH_CTX_generate_keypair(SSL_ECDH_CTX *ctx, CBB *out_public_key);
+int SSL_ECDH_CTX_compute_secret(SSL_ECDH_CTX *ctx, uint8_t **out_secret,
+ size_t *out_secret_len, uint8_t *out_alert,
+ const uint8_t *peer_key, size_t peer_key_len);
+
+
/* Transport buffers. */
/* ssl_read_buffer returns a pointer to contents of the read buffer. */
@@ -674,24 +746,9 @@
#define TLSEXT_CHANNEL_ID_SIZE 128
/* Check if an SSL structure is using DTLS */
-#define SSL_IS_DTLS(s) (s->method->is_dtls)
-/* See if we need explicit IV */
-#define SSL_USE_EXPLICIT_IV(s) \
- (s->enc_method->enc_flags & SSL_ENC_FLAG_EXPLICIT_IV)
-/* See if we use signature algorithms extension and signature algorithm before
- * signatures. */
-#define SSL_USE_SIGALGS(s) (s->enc_method->enc_flags & SSL_ENC_FLAG_SIGALGS)
-
-/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
- * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)
- * SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)
- * SSL_kDHE <- RSA_ENC | RSA_SIGN | DSA_SIGN
- * SSL_aRSA <- RSA_ENC | RSA_SIGN
- * SSL_aDSS <- DSA_SIGN */
+#define SSL_IS_DTLS(ssl) (ssl->method->is_dtls)
/* From RFC4492, used in encoding the curve type in ECParameters */
-#define EXPLICIT_PRIME_CURVE_TYPE 1
-#define EXPLICIT_CHAR2_CURVE_TYPE 2
#define NAMED_CURVE_TYPE 3
enum ssl_hash_message_t {
@@ -726,14 +783,6 @@
DH *dh_tmp;
DH *(*dh_tmp_cb)(SSL *ssl, int is_export, int keysize);
- /* ecdh_nid, if not |NID_undef|, is the NID of the curve to use for ephemeral
- * ECDH keys. If unset, |ecdh_tmp_cb| is consulted. */
- int ecdh_nid;
- /* ecdh_tmp_cb is a callback for selecting the curve to use for ephemeral ECDH
- * keys. If NULL, a curve is selected automatically. See
- * |SSL_CTX_set_tmp_ecdh_callback|. */
- EC_KEY *(*ecdh_tmp_cb)(SSL *ssl, int is_export, int keysize);
-
/* peer_sigalgs are the algorithm/hash pairs that the peer supports. These
* are taken from the contents of signature algorithms extension for a server
* or from the CertificateRequest for a client. */
@@ -771,64 +820,50 @@
struct ssl_protocol_method_st {
/* is_dtls is one if the protocol is DTLS and zero otherwise. */
char is_dtls;
- int (*ssl_new)(SSL *s);
- void (*ssl_free)(SSL *s);
- int (*ssl_accept)(SSL *s);
- int (*ssl_connect)(SSL *s);
- long (*ssl_get_message)(SSL *s, int header_state, int body_state,
+ int (*ssl_new)(SSL *ssl);
+ void (*ssl_free)(SSL *ssl);
+ int (*ssl_accept)(SSL *ssl);
+ int (*ssl_connect)(SSL *ssl);
+ long (*ssl_get_message)(SSL *ssl, int header_state, int body_state,
int msg_type, long max,
enum ssl_hash_message_t hash_message, int *ok);
- int (*ssl_read_app_data)(SSL *s, uint8_t *buf, int len, int peek);
- void (*ssl_read_close_notify)(SSL *s);
- int (*ssl_write_app_data)(SSL *s, const void *buf_, int len);
- int (*ssl_dispatch_alert)(SSL *s);
+ int (*ssl_read_app_data)(SSL *ssl, uint8_t *buf, int len, int peek);
+ int (*ssl_read_change_cipher_spec)(SSL *ssl);
+ void (*ssl_read_close_notify)(SSL *ssl);
+ int (*ssl_write_app_data)(SSL *ssl, const void *buf_, int len);
+ int (*ssl_dispatch_alert)(SSL *ssl);
/* supports_cipher returns one if |cipher| is supported by this protocol and
* zero otherwise. */
int (*supports_cipher)(const SSL_CIPHER *cipher);
/* Handshake header length */
unsigned int hhlen;
/* Set the handshake header */
- int (*set_handshake_header)(SSL *s, int type, unsigned long len);
+ int (*set_handshake_header)(SSL *ssl, int type, unsigned long len);
/* Write out handshake message */
- int (*do_write)(SSL *s);
+ int (*do_write)(SSL *ssl);
};
/* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff It is a bit
* of a mess of functions, but hell, think of it as an opaque structure. */
struct ssl3_enc_method {
- int (*prf)(SSL *, uint8_t *, size_t, const uint8_t *, size_t, const char *,
- size_t, const uint8_t *, size_t, const uint8_t *, size_t);
- int (*setup_key_block)(SSL *);
- int (*generate_master_secret)(SSL *, uint8_t *, const uint8_t *, size_t);
- int (*change_cipher_state)(SSL *, int);
- int (*final_finish_mac)(SSL *, const char *, int, uint8_t *);
+ /* prf computes the PRF function for |ssl|. It writes |out_len| bytes to
+ * |out|, using |secret| as the secret and |label| as the label. |seed1| and
+ * |seed2| are concatenated to form the seed parameter. It returns one on
+ * success and zero on failure. */
+ int (*prf)(const SSL *ssl, uint8_t *out, size_t out_len,
+ const uint8_t *secret, size_t secret_len, const char *label,
+ size_t label_len, const uint8_t *seed1, size_t seed1_len,
+ const uint8_t *seed2, size_t seed2_len);
+ int (*final_finish_mac)(SSL *ssl, int from_server, uint8_t *out);
int (*cert_verify_mac)(SSL *, int, uint8_t *);
- const char *client_finished_label;
- int client_finished_label_len;
- const char *server_finished_label;
- int server_finished_label_len;
- int (*alert_value)(int);
- int (*export_keying_material)(SSL *, uint8_t *, size_t, const char *, size_t,
- const uint8_t *, size_t, int use_context);
- /* Various flags indicating protocol version requirements */
- unsigned int enc_flags;
};
-#define SSL_HM_HEADER_LENGTH(s) s->method->hhlen
-#define ssl_handshake_start(s) \
- (((uint8_t *)s->init_buf->data) + s->method->hhlen)
-#define ssl_set_handshake_header(s, htype, len) \
- s->method->set_handshake_header(s, htype, len)
-#define ssl_do_write(s) s->method->do_write(s)
-
-/* Values for enc_flags */
-
-/* Uses explicit IV for CBC mode */
-#define SSL_ENC_FLAG_EXPLICIT_IV 0x1
-/* Uses signature algorithms extension */
-#define SSL_ENC_FLAG_SIGALGS 0x2
-/* Uses SHA256 default PRF */
-#define SSL_ENC_FLAG_SHA256_PRF 0x4
+#define SSL_HM_HEADER_LENGTH(ssl) ssl->method->hhlen
+#define ssl_handshake_start(ssl) \
+ (((uint8_t *)ssl->init_buf->data) + ssl->method->hhlen)
+#define ssl_set_handshake_header(ssl, htype, len) \
+ ssl->method->set_handshake_header(ssl, htype, len)
+#define ssl_do_write(ssl) ssl->method->do_write(ssl)
/* lengths of messages */
#define DTLS1_COOKIE_LENGTH 256
@@ -919,18 +954,13 @@
/* Timeout duration */
unsigned short timeout_duration;
-
- unsigned int change_cipher_spec_ok;
} DTLS1_STATE;
extern const SSL3_ENC_METHOD TLSv1_enc_data;
-extern const SSL3_ENC_METHOD TLSv1_1_enc_data;
-extern const SSL3_ENC_METHOD TLSv1_2_enc_data;
extern const SSL3_ENC_METHOD SSLv3_enc_data;
extern const SRTP_PROTECTION_PROFILE kSRTPProfiles[];
-void ssl_clear_cipher_ctx(SSL *s);
-int ssl_clear_bad_session(SSL *s);
+int ssl_clear_bad_session(SSL *ssl);
CERT *ssl_cert_new(void);
CERT *ssl_cert_dup(CERT *cert);
void ssl_cert_clear_certs(CERT *c);
@@ -953,14 +983,10 @@
SSL *ssl, SSL_SESSION **out_session, int *out_send_ticket,
const struct ssl_early_callback_ctx *ctx);
-STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, const CBS *cbs);
-struct ssl_cipher_preference_list_st *ssl_cipher_preference_list_dup(
- struct ssl_cipher_preference_list_st *cipher_list);
+STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *ssl, const CBS *cbs);
void ssl_cipher_preference_list_free(
struct ssl_cipher_preference_list_st *cipher_list);
-struct ssl_cipher_preference_list_st *ssl_cipher_preference_list_from_ciphers(
- STACK_OF(SSL_CIPHER) *ciphers);
-struct ssl_cipher_preference_list_st *ssl_get_cipher_preferences(SSL *s);
+struct ssl_cipher_preference_list_st *ssl_get_cipher_preferences(SSL *ssl);
int ssl_cert_set0_chain(CERT *cert, STACK_OF(X509) *chain);
int ssl_cert_set1_chain(CERT *cert, STACK_OF(X509) *chain);
@@ -970,42 +996,38 @@
int (*cb)(SSL *ssl, void *arg), void *arg);
int ssl_verify_cert_chain(SSL *ssl, STACK_OF(X509) *cert_chain);
-int ssl_add_cert_chain(SSL *s, unsigned long *l);
+int ssl_add_cert_chain(SSL *ssl, unsigned long *l);
void ssl_update_cache(SSL *ssl, int mode);
/* ssl_get_compatible_server_ciphers determines the key exchange and
* authentication cipher suite masks compatible with the server configuration
- * and current ClientHello parameters of |s|. It sets |*out_mask_k| to the key
+ * and current ClientHello parameters of |ssl|. It sets |*out_mask_k| to the key
* exchange mask and |*out_mask_a| to the authentication mask. */
-void ssl_get_compatible_server_ciphers(SSL *s, uint32_t *out_mask_k,
+void ssl_get_compatible_server_ciphers(SSL *ssl, uint32_t *out_mask_k,
uint32_t *out_mask_a);
-STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
+STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *ssl);
int ssl_verify_alarm_type(long type);
/* ssl_fill_hello_random fills a client_random or server_random field of length
* |len|. It returns one on success and zero on failure. */
int ssl_fill_hello_random(uint8_t *out, size_t len, int is_server);
-int ssl3_send_server_certificate(SSL *s);
-int ssl3_send_new_session_ticket(SSL *s);
-int ssl3_send_certificate_status(SSL *s);
-int ssl3_get_finished(SSL *s, int state_a, int state_b);
-int ssl3_send_change_cipher_spec(SSL *s, int state_a, int state_b);
-int ssl3_prf(SSL *s, uint8_t *out, size_t out_len, const uint8_t *secret,
- size_t secret_len, const char *label, size_t label_len,
- const uint8_t *seed1, size_t seed1_len,
- const uint8_t *seed2, size_t seed2_len);
-void ssl3_cleanup_key_block(SSL *s);
-int ssl3_do_write(SSL *s, int type);
-int ssl3_send_alert(SSL *s, int level, int desc);
-int ssl3_get_req_cert_type(SSL *s, uint8_t *p);
-long ssl3_get_message(SSL *s, int header_state, int body_state, int msg_type,
+int ssl3_send_server_certificate(SSL *ssl);
+int ssl3_send_new_session_ticket(SSL *ssl);
+int ssl3_send_certificate_status(SSL *ssl);
+int ssl3_get_finished(SSL *ssl, int state_a, int state_b);
+int ssl3_send_change_cipher_spec(SSL *ssl, int state_a, int state_b);
+void ssl3_cleanup_key_block(SSL *ssl);
+int ssl3_do_write(SSL *ssl, int type);
+int ssl3_send_alert(SSL *ssl, int level, int desc);
+int ssl3_get_req_cert_type(SSL *ssl, uint8_t *p);
+long ssl3_get_message(SSL *ssl, int header_state, int body_state, int msg_type,
long max, enum ssl_hash_message_t hash_message, int *ok);
/* ssl3_hash_current_message incorporates the current handshake message into the
* handshake hash. It returns one on success and zero on allocation failure. */
-int ssl3_hash_current_message(SSL *s);
+int ssl3_hash_current_message(SSL *ssl);
/* ssl3_cert_verify_hash writes the CertificateVerify hash into the bytes
* pointed to by |out| and writes the number of bytes to |*out_len|. |out| must
@@ -1013,156 +1035,123 @@
* for the hash function, otherwise the hash function depends on |pkey_type|
* and is written to |*out_md|. It returns one on success and zero on
* failure. */
-int ssl3_cert_verify_hash(SSL *s, uint8_t *out, size_t *out_len,
+int ssl3_cert_verify_hash(SSL *ssl, uint8_t *out, size_t *out_len,
const EVP_MD **out_md, int pkey_type);
-int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen);
+int ssl3_send_finished(SSL *ssl, int a, int b);
int ssl3_supports_cipher(const SSL_CIPHER *cipher);
-int ssl3_dispatch_alert(SSL *s);
-int ssl3_expect_change_cipher_spec(SSL *s);
+int ssl3_dispatch_alert(SSL *ssl);
int ssl3_read_app_data(SSL *ssl, uint8_t *buf, int len, int peek);
+int ssl3_read_change_cipher_spec(SSL *ssl);
void ssl3_read_close_notify(SSL *ssl);
-int ssl3_read_bytes(SSL *s, int type, uint8_t *buf, int len, int peek);
+int ssl3_read_bytes(SSL *ssl, int type, uint8_t *buf, int len, int peek);
int ssl3_write_app_data(SSL *ssl, const void *buf, int len);
-int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
-int ssl3_final_finish_mac(SSL *s, const char *sender, int slen, uint8_t *p);
-int ssl3_cert_verify_mac(SSL *s, int md_nid, uint8_t *p);
-int ssl3_output_cert_chain(SSL *s);
+int ssl3_write_bytes(SSL *ssl, int type, const void *buf, int len);
+int ssl3_output_cert_chain(SSL *ssl);
const SSL_CIPHER *ssl3_choose_cipher(
SSL *ssl, STACK_OF(SSL_CIPHER) *clnt,
struct ssl_cipher_preference_list_st *srvr);
-int ssl3_new(SSL *s);
-void ssl3_free(SSL *s);
-int ssl3_accept(SSL *s);
-int ssl3_connect(SSL *s);
-
-/* ssl3_record_sequence_update increments the sequence number in |seq|. It
- * returns one on success and zero on wraparound. */
-int ssl3_record_sequence_update(uint8_t *seq, size_t seq_len);
-
-int ssl3_do_change_cipher_spec(SSL *ssl);
+int ssl3_new(SSL *ssl);
+void ssl3_free(SSL *ssl);
+int ssl3_accept(SSL *ssl);
+int ssl3_connect(SSL *ssl);
-int ssl3_set_handshake_header(SSL *s, int htype, unsigned long len);
-int ssl3_handshake_write(SSL *s);
+int ssl3_set_handshake_header(SSL *ssl, int htype, unsigned long len);
+int ssl3_handshake_write(SSL *ssl);
-int dtls1_do_handshake_write(SSL *s, enum dtls1_use_epoch_t use_epoch);
+int dtls1_do_handshake_write(SSL *ssl, enum dtls1_use_epoch_t use_epoch);
int dtls1_read_app_data(SSL *ssl, uint8_t *buf, int len, int peek);
+int dtls1_read_change_cipher_spec(SSL *ssl);
void dtls1_read_close_notify(SSL *ssl);
-int dtls1_read_bytes(SSL *s, int type, uint8_t *buf, int len, int peek);
-void dtls1_set_message_header(SSL *s, uint8_t mt, unsigned long len,
+int dtls1_read_bytes(SSL *ssl, int type, uint8_t *buf, int len, int peek);
+void dtls1_set_message_header(SSL *ssl, uint8_t mt, unsigned long len,
unsigned short seq_num, unsigned long frag_off,
unsigned long frag_len);
-int dtls1_write_app_data(SSL *s, const void *buf, int len);
-int dtls1_write_bytes(SSL *s, int type, const void *buf, int len,
+int dtls1_write_app_data(SSL *ssl, const void *buf, int len);
+int dtls1_write_bytes(SSL *ssl, int type, const void *buf, int len,
enum dtls1_use_epoch_t use_epoch);
-int dtls1_send_change_cipher_spec(SSL *s, int a, int b);
-int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen);
-int dtls1_read_failed(SSL *s, int code);
-int dtls1_buffer_message(SSL *s);
-int dtls1_retransmit_buffered_messages(SSL *s);
-void dtls1_clear_record_buffer(SSL *s);
+int dtls1_send_change_cipher_spec(SSL *ssl, int a, int b);
+int dtls1_send_finished(SSL *ssl, int a, int b, const char *sender, int slen);
+int dtls1_read_failed(SSL *ssl, int code);
+int dtls1_buffer_message(SSL *ssl);
+int dtls1_retransmit_buffered_messages(SSL *ssl);
+void dtls1_clear_record_buffer(SSL *ssl);
void dtls1_get_message_header(uint8_t *data, struct hm_header_st *msg_hdr);
-int dtls1_check_timeout_num(SSL *s);
-int dtls1_set_handshake_header(SSL *s, int type, unsigned long len);
-int dtls1_handshake_write(SSL *s);
+int dtls1_check_timeout_num(SSL *ssl);
+int dtls1_set_handshake_header(SSL *ssl, int type, unsigned long len);
+int dtls1_handshake_write(SSL *ssl);
int dtls1_supports_cipher(const SSL_CIPHER *cipher);
-void dtls1_start_timer(SSL *s);
-void dtls1_stop_timer(SSL *s);
-int dtls1_is_timer_expired(SSL *s);
-void dtls1_double_timeout(SSL *s);
+void dtls1_start_timer(SSL *ssl);
+void dtls1_stop_timer(SSL *ssl);
+int dtls1_is_timer_expired(SSL *ssl);
+void dtls1_double_timeout(SSL *ssl);
unsigned int dtls1_min_mtu(void);
void dtls1_hm_fragment_free(hm_fragment *frag);
/* some client-only functions */
int ssl3_send_client_hello(SSL *ssl);
-int ssl3_get_server_hello(SSL *s);
-int ssl3_get_certificate_request(SSL *s);
-int ssl3_get_new_session_ticket(SSL *s);
-int ssl3_get_cert_status(SSL *s);
-int ssl3_get_server_done(SSL *s);
-int ssl3_send_cert_verify(SSL *s);
-int ssl3_send_client_certificate(SSL *s);
-int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey);
-int ssl3_send_client_key_exchange(SSL *s);
-int ssl3_get_server_key_exchange(SSL *s);
-int ssl3_get_server_certificate(SSL *s);
+int ssl3_get_server_hello(SSL *ssl);
+int ssl3_get_certificate_request(SSL *ssl);
+int ssl3_get_new_session_ticket(SSL *ssl);
+int ssl3_get_cert_status(SSL *ssl);
+int ssl3_get_server_done(SSL *ssl);
+int ssl3_send_cert_verify(SSL *ssl);
+int ssl3_send_client_certificate(SSL *ssl);
+int ssl_do_client_cert_cb(SSL *ssl, X509 **px509, EVP_PKEY **ppkey);
+int ssl3_send_client_key_exchange(SSL *ssl);
+int ssl3_get_server_key_exchange(SSL *ssl);
+int ssl3_get_server_certificate(SSL *ssl);
int ssl3_send_next_proto(SSL *ssl);
int ssl3_send_channel_id(SSL *ssl);
-int ssl3_verify_server_cert(SSL *s);
+int ssl3_verify_server_cert(SSL *ssl);
/* some server-only functions */
-int ssl3_get_initial_bytes(SSL *s);
-int ssl3_get_v2_client_hello(SSL *s);
-int ssl3_get_client_hello(SSL *s);
+int ssl3_get_initial_bytes(SSL *ssl);
+int ssl3_get_v2_client_hello(SSL *ssl);
+int ssl3_get_client_hello(SSL *ssl);
int ssl3_send_server_hello(SSL *ssl);
-int ssl3_send_server_key_exchange(SSL *s);
-int ssl3_send_certificate_request(SSL *s);
-int ssl3_send_server_done(SSL *s);
-int ssl3_get_client_certificate(SSL *s);
-int ssl3_get_client_key_exchange(SSL *s);
-int ssl3_get_cert_verify(SSL *s);
-int ssl3_get_next_proto(SSL *s);
-int ssl3_get_channel_id(SSL *s);
-
-int dtls1_new(SSL *s);
-int dtls1_accept(SSL *s);
-int dtls1_connect(SSL *s);
-void dtls1_free(SSL *s);
+int ssl3_send_server_key_exchange(SSL *ssl);
+int ssl3_send_certificate_request(SSL *ssl);
+int ssl3_send_server_done(SSL *ssl);
+int ssl3_get_client_certificate(SSL *ssl);
+int ssl3_get_client_key_exchange(SSL *ssl);
+int ssl3_get_cert_verify(SSL *ssl);
+int ssl3_get_next_proto(SSL *ssl);
+int ssl3_get_channel_id(SSL *ssl);
+
+int dtls1_new(SSL *ssl);
+int dtls1_accept(SSL *ssl);
+int dtls1_connect(SSL *ssl);
+void dtls1_free(SSL *ssl);
-long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max,
+long dtls1_get_message(SSL *ssl, int st1, int stn, int mt, long max,
enum ssl_hash_message_t hash_message, int *ok);
-int dtls1_dispatch_alert(SSL *s);
+int dtls1_dispatch_alert(SSL *ssl);
-int ssl_init_wbio_buffer(SSL *s, int push);
-void ssl_free_wbio_buffer(SSL *s);
+int ssl_init_wbio_buffer(SSL *ssl, int push);
+void ssl_free_wbio_buffer(SSL *ssl);
-/* tls1_prf computes the TLS PRF function for |s| as described in RFC 5246,
- * section 5 and RFC 2246 section 5. It writes |out_len| bytes to |out|, using
- * |secret| as the secret and |label| as the label. |seed1| and |seed2| are
- * concatenated to form the seed parameter. It returns one on success and zero
- * on failure. */
-int tls1_prf(SSL *s, uint8_t *out, size_t out_len, const uint8_t *secret,
- size_t secret_len, const char *label, size_t label_len,
- const uint8_t *seed1, size_t seed1_len,
- const uint8_t *seed2, size_t seed2_len);
-
-int tls1_change_cipher_state(SSL *s, int which);
-int tls1_setup_key_block(SSL *s);
-int tls1_handshake_digest(SSL *s, uint8_t *out, size_t out_len);
-int tls1_final_finish_mac(SSL *s, const char *str, int slen, uint8_t *p);
-int tls1_cert_verify_mac(SSL *s, int md_nid, uint8_t *p);
-int tls1_generate_master_secret(SSL *s, uint8_t *out, const uint8_t *premaster,
+int tls1_change_cipher_state(SSL *ssl, int which);
+int tls1_setup_key_block(SSL *ssl);
+int tls1_handshake_digest(SSL *ssl, uint8_t *out, size_t out_len);
+int tls1_generate_master_secret(SSL *ssl, uint8_t *out, const uint8_t *premaster,
size_t premaster_len);
-int tls1_export_keying_material(SSL *s, uint8_t *out, size_t out_len,
- const char *label, size_t label_len,
- const uint8_t *context, size_t context_len,
- int use_context);
-int tls1_alert_code(int code);
-int ssl3_alert_code(int code);
char ssl_early_callback_init(struct ssl_early_callback_ctx *ctx);
-int tls1_ec_curve_id2nid(uint16_t curve_id);
-int tls1_ec_nid2curve_id(uint16_t *out_curve_id, int nid);
-/* tls1_ec_curve_id2name returns a human-readable name for the
- * curve specified by the TLS curve id in |curve_id|. If the
- * curve is unknown, it returns NULL. */
-const char* tls1_ec_curve_id2name(uint16_t curve_id);
-
-/* tls1_check_curve parses ECParameters out of |cbs|, modifying it. It
- * checks the curve is one of our preferences and writes the
- * NamedCurve value to |*out_curve_id|. It returns one on success and
- * zero on error. */
-int tls1_check_curve(SSL *s, CBS *cbs, uint16_t *out_curve_id);
-
-/* tls1_get_shared_curve returns the NID of the first preferred shared curve
- * between client and server preferences. If none can be found, it returns
- * NID_undef. */
-int tls1_get_shared_curve(SSL *s);
+/* tls1_check_curve_id returns one if |curve_id| is consistent with both our
+ * and the peer's curve preferences. Note: if called as the client, only our
+ * preferences are checked; the peer (the server) does not send preferences. */
+int tls1_check_curve_id(SSL *ssl, uint16_t curve_id);
+
+/* tls1_get_shared_curve sets |*out_curve_id| to the first preferred shared
+ * curve between client and server preferences and returns one. If none may be
+ * found, it returns zero. */
+int tls1_get_shared_curve(SSL *ssl, uint16_t *out_curve_id);
/* tls1_set_curves converts the array of |ncurves| NIDs pointed to by |curves|
* into a newly allocated array of TLS curve IDs. On success, the function
@@ -1174,14 +1163,7 @@
/* tls1_check_ec_cert returns one if |x| is an ECC certificate with curve and
* point format compatible with the client's preferences. Otherwise it returns
* zero. */
-int tls1_check_ec_cert(SSL *s, X509 *x);
-
-/* tls1_check_ec_tmp_key returns one if the EC temporary key is compatible with
- * client extensions and zero otherwise. */
-int tls1_check_ec_tmp_key(SSL *s);
-
-int tls1_shared_list(SSL *s, const uint8_t *l1, size_t l1len, const uint8_t *l2,
- size_t l2len, int nmatch);
+int tls1_check_ec_cert(SSL *ssl, X509 *x);
/* ssl_add_clienthello_tlsext writes ClientHello extensions to |out|. It
* returns one on success and zero on failure. The |header_len| argument is the
@@ -1190,25 +1172,26 @@
int ssl_add_clienthello_tlsext(SSL *ssl, CBB *out, size_t header_len);
int ssl_add_serverhello_tlsext(SSL *ssl, CBB *out);
-int ssl_parse_clienthello_tlsext(SSL *s, CBS *cbs);
-int ssl_parse_serverhello_tlsext(SSL *s, CBS *cbs);
+int ssl_parse_clienthello_tlsext(SSL *ssl, CBS *cbs);
+int ssl_parse_serverhello_tlsext(SSL *ssl, CBS *cbs);
#define tlsext_tick_md EVP_sha256
-/* tls_process_ticket processes the session ticket extension. On success, it
- * sets |*out_session| to the decrypted session or NULL if the ticket was
- * rejected. It sets |*out_send_ticket| to whether a new ticket should be sent
- * at the end of the handshake. It returns one on success and zero on fatal
+/* tls_process_ticket processes a session ticket from the client. On success,
+ * it sets |*out_session| to the decrypted session or NULL if the ticket was
+ * rejected. If the ticket was valid, it sets |*out_renew_ticket| to whether
+ * the ticket should be renewed. It returns one on success and zero on fatal
* error. */
int tls_process_ticket(SSL *ssl, SSL_SESSION **out_session,
- int *out_send_ticket, const uint8_t *ticket,
+ int *out_renew_ticket, const uint8_t *ticket,
size_t ticket_len, const uint8_t *session_id,
size_t session_id_len);
-/* tls12_get_sigandhash assembles the SignatureAndHashAlgorithm corresponding to
- * |ssl|'s private key and |md|. The two-byte value is written to |p|. It
+/* tls12_add_sigandhash assembles the SignatureAndHashAlgorithm corresponding to
+ * |ssl|'s private key and |md|. The two-byte value is written to |out|. It
* returns one on success and zero on failure. */
-int tls12_get_sigandhash(SSL *ssl, uint8_t *p, const EVP_MD *md);
+int tls12_add_sigandhash(SSL *ssl, CBB *out, const EVP_MD *md);
+
int tls12_get_sigid(int pkey_type);
const EVP_MD *tls12_get_hash(uint8_t hash_alg);
@@ -1217,7 +1200,7 @@
* one on success and zero on failure. */
int tls1_channel_id_hash(SSL *ssl, uint8_t *out, size_t *out_len);
-int tls1_record_handshake_hashes_for_channel_id(SSL *s);
+int tls1_record_handshake_hashes_for_channel_id(SSL *ssl);
/* ssl_log_rsa_client_key_exchange logs |premaster|, if logging is enabled for
* |ssl|. It returns one on success and zero on failure. The entry is identified
@@ -1235,32 +1218,32 @@
size_t client_random_len, const uint8_t *master,
size_t master_len);
-/* ssl3_can_false_start returns one if |s| is allowed to False Start and zero
+/* ssl3_can_false_start returns one if |ssl| is allowed to False Start and zero
* otherwise. */
-int ssl3_can_false_start(const SSL *s);
+int ssl3_can_false_start(const SSL *ssl);
/* ssl3_get_enc_method returns the SSL3_ENC_METHOD corresponding to
* |version|. */
const SSL3_ENC_METHOD *ssl3_get_enc_method(uint16_t version);
/* ssl3_get_max_server_version returns the maximum SSL/TLS version number
- * supported by |s| as a server, or zero if all versions are disabled. */
-uint16_t ssl3_get_max_server_version(const SSL *s);
+ * supported by |ssl| as a server, or zero if all versions are disabled. */
+uint16_t ssl3_get_max_server_version(const SSL *ssl);
-/* ssl3_get_mutual_version selects the protocol version on |s| for a client
+/* ssl3_get_mutual_version selects the protocol version on |ssl| for a client
* which advertises |client_version|. If no suitable version exists, it returns
* zero. */
-uint16_t ssl3_get_mutual_version(SSL *s, uint16_t client_version);
+uint16_t ssl3_get_mutual_version(SSL *ssl, uint16_t client_version);
/* ssl3_get_max_client_version returns the maximum protocol version configured
* for the client. It is guaranteed that the set of allowed versions at or below
* this maximum version is contiguous. If all versions are disabled, it returns
* zero. */
-uint16_t ssl3_get_max_client_version(SSL *s);
+uint16_t ssl3_get_max_client_version(SSL *ssl);
/* ssl3_is_version_enabled returns one if |version| is an enabled protocol
- * version for |s| and zero otherwise. */
-int ssl3_is_version_enabled(SSL *s, uint16_t version);
+ * version for |ssl| and zero otherwise. */
+int ssl3_is_version_enabled(SSL *ssl, uint16_t version);
/* ssl3_version_from_wire maps |wire_version| to a protocol version. For
* SSLv3/TLS, the version is returned as-is. For DTLS, the corresponding TLS
@@ -1269,16 +1252,20 @@
*
* TODO(davidben): To normalize some DTLS-specific code, move away from using
* the wire version except at API boundaries. */
-uint16_t ssl3_version_from_wire(SSL *s, uint16_t wire_version);
+uint16_t ssl3_version_from_wire(const SSL *ssl, uint16_t wire_version);
+
+/* ssl3_protocol_version returns |ssl|'s protocol version. It is an error to
+ * call this function before the version is determined. */
+uint16_t ssl3_protocol_version(const SSL *ssl);
-uint32_t ssl_get_algorithm_prf(SSL *s);
-int tls1_parse_peer_sigalgs(SSL *s, const CBS *sigalgs);
+uint32_t ssl_get_algorithm_prf(const SSL *ssl);
+int tls1_parse_peer_sigalgs(SSL *ssl, const CBS *sigalgs);
/* tls1_choose_signing_digest returns a digest for use with |ssl|'s private key
* based on the peer's preferences the digests supported. */
const EVP_MD *tls1_choose_signing_digest(SSL *ssl);
-size_t tls12_get_psigalgs(SSL *s, const uint8_t **psigs);
+size_t tls12_get_psigalgs(SSL *ssl, const uint8_t **psigs);
/* tls12_check_peer_sigalg checks that |hash| and |signature| are consistent
* with |pkey| and |ssl|'s sent, supported signature algorithms and, if so,
@@ -1286,6 +1273,6 @@
* returns 0 and writes an alert into |*out_alert|. */
int tls12_check_peer_sigalg(SSL *ssl, const EVP_MD **out_md, int *out_alert,
uint8_t hash, uint8_t signature, EVP_PKEY *pkey);
-void ssl_set_client_disabled(SSL *s);
+void ssl_set_client_disabled(SSL *ssl);
#endif /* OPENSSL_HEADER_SSL_INTERNAL_H */
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/ssl/test/packeted_bio.h
^
|
| @@ -25,7 +25,7 @@
#include <winsock2.h>
#pragma warning(pop)
#else
-#include <sys/types.h>
+#include <sys/time.h>
#endif
|
|
[-]
[+]
|
Changed |
1.11.33.2.tar.gz/include/third_party/boringssl/src/ssl/test/test_config.h
^
|
| @@ -45,7 +45,6 @@
std::string expected_channel_id;
std::string send_channel_id;
bool shim_writes_first = false;
- bool tls_d5_bug = false;
std::string host_name;
std::string advertise_alpn;
std::string expected_alpn;
@@ -77,7 +76,6 @@
std::string export_label;
std::string export_context;
bool use_export_context = false;
- bool no_legacy_server_connect = false;
bool tls_unique = false;
bool expect_ticket_renewal = false;
bool expect_no_session = false;
@@ -90,7 +88,6 @@
std::string ocsp_response;
bool check_close_notify = false;
bool shim_shuts_down = false;
- bool microsoft_big_sslv3_buffer = false;
bool verify_fail = false;
bool verify_peer = false;
bool expect_verify_result = false;
@@ -102,7 +99,9 @@
bool disable_npn = false;
int expect_server_key_exchange_hash = 0;
bool p384_only = false;
+ bool enable_all_curves = false;
bool use_sparse_dh_prime = false;
+ int expect_key_exchange_info = 0;
};
bool ParseConfig(int argc, char **argv, TestConfig *out_config);
|
|
|
Changed |
1.11.33.2.tar.gz/lib/Debug/linux/ia32/pagespeed_automatic.a
^
|
|
|
Changed |
1.11.33.2.tar.gz/lib/Debug/linux/x64/pagespeed_automatic.a
^
|
|
|
Changed |
1.11.33.2.tar.gz/lib/Release/linux/ia32/pagespeed_automatic.a
^
|
|
|
Changed |
1.11.33.2.tar.gz/lib/Release/linux/ia32/pagespeed_js_minify
^
|
|
|
Changed |
1.11.33.2.tar.gz/lib/Release/linux/x64/pagespeed_automatic.a
^
|
|
|
Changed |
1.11.33.2.tar.gz/lib/Release/linux/x64/pagespeed_js_minify
^
|
|
|
Added |
release-1.11.33.2-beta.zip
^
|
