RubyGems - grpc - Versions diffs - 1.30.0 → 1.31.1 - Mend

grpc 1.30.0 → 1.31.1

Potentially problematic release.

This version of grpc might be problematic. Click here for more details.

Files changed (383) hide show

data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c CHANGED

@@ -27,21 +27,6 @@
 // protocol for issuing and redeeming tokens built on top of the PMBTokens
 // construction.
-const TRUST_TOKEN_METHOD *TRUST_TOKEN_experiment_v0(void) {
-  static const TRUST_TOKEN_METHOD kMethod = {
-      pmbtoken_exp0_generate_key,
-      pmbtoken_exp0_client_key_from_bytes,
-      pmbtoken_exp0_issuer_key_from_bytes,
-      pmbtoken_exp0_blind,
-      pmbtoken_exp0_sign,
-      pmbtoken_exp0_unblind,
-      pmbtoken_exp0_read,
-      0 /* don't use token hash */,
-      0 /* don't use batched proof */,
-  };
-  return &kMethod;
-}
 const TRUST_TOKEN_METHOD *TRUST_TOKEN_experiment_v1(void) {
   static const TRUST_TOKEN_METHOD kMethod = {
       pmbtoken_exp1_generate_key,
@@ -51,8 +36,6 @@ const TRUST_TOKEN_METHOD *TRUST_TOKEN_experiment_v1(void) {
       pmbtoken_exp1_sign,
       pmbtoken_exp1_unblind,
       pmbtoken_exp1_read,
-      1 /* use token hash */,
-      1 /* use batched proof */,
   };
   return &kMethod;
 }
@@ -597,16 +580,8 @@ int TRUST_TOKEN_ISSUER_redeem(const TRUST_TOKEN_ISSUER *ctx, uint8_t **out,
   SHA256_Update(&sha_ctx, CBS_data(&token_copy), CBS_len(&token_copy));
   SHA256_Final(token_hash, &sha_ctx);
-  uint8_t metadata_obfuscator;
-  if (ctx->method->use_token_hash) {
-    metadata_obfuscator =
-        get_metadata_obfuscator(ctx->metadata_key, ctx->metadata_key_len,
-                                token_hash, sizeof(token_hash));
-  } else {
-    metadata_obfuscator =
-        get_metadata_obfuscator(ctx->metadata_key, ctx->metadata_key_len,
-                                CBS_data(&client_data), CBS_len(&client_data));
-  }
+  uint8_t metadata_obfuscator = get_metadata_obfuscator(
+      ctx->metadata_key, ctx->metadata_key_len, token_hash, sizeof(token_hash));
   // The SRR is constructed as per the format described in
   // https://docs.google.com/document/d/1TNnya6B8pyomDK2F1R9CL3dY10OAmqWlnCxsWyOBDVQ/edit#heading=h.7mkzvhpqb8l5
@@ -625,10 +600,7 @@ int TRUST_TOKEN_ISSUER_redeem(const TRUST_TOKEN_ISSUER *ctx, uint8_t **out,
   assert(strlen(kClientDataLabel) < strlen(kExpiryTimestampLabel));
   assert(strlen(kPublicLabel) < strlen(kPrivateLabel));
-  size_t map_entries = 3;
-  if (ctx->method->use_token_hash) {
-    map_entries = 4;
-  }
+  size_t map_entries = 4;
   if (!CBB_init(&srr, 0) ||
       !add_cbor_map(&srr, map_entries) ||  // SRR map
@@ -637,20 +609,10 @@ int TRUST_TOKEN_ISSUER_redeem(const TRUST_TOKEN_ISSUER *ctx, uint8_t **out,
       !add_cbor_text(&srr, kPublicLabel, strlen(kPublicLabel)) ||
       !add_cbor_int(&srr, public_metadata) ||
       !add_cbor_text(&srr, kPrivateLabel, strlen(kPrivateLabel)) ||
-      !add_cbor_int(&srr, private_metadata ^ metadata_obfuscator)) {
-    OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
-    goto err;
-  }
-  if (ctx->method->use_token_hash) {
-    if (!add_cbor_text(&srr, kTokenHashLabel, strlen(kTokenHashLabel)) ||
-        !add_cbor_bytes(&srr, token_hash, sizeof(token_hash))) {
-      OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
-      goto err;
-    }
-  }
-  if (!add_cbor_text(&srr, kClientDataLabel, strlen(kClientDataLabel)) ||
+      !add_cbor_int(&srr, private_metadata ^ metadata_obfuscator) ||
+      !add_cbor_text(&srr, kTokenHashLabel, strlen(kTokenHashLabel)) ||
+      !add_cbor_bytes(&srr, token_hash, sizeof(token_hash)) ||
+      !add_cbor_text(&srr, kClientDataLabel, strlen(kClientDataLabel)) ||
       !CBB_add_bytes(&srr, CBS_data(&client_data), CBS_len(&client_data)) ||
       !add_cbor_text(&srr, kExpiryTimestampLabel,
                      strlen(kExpiryTimestampLabel)) ||

data/third_party/boringssl-with-bazel/src/crypto/x509/a_strex.c CHANGED

@@ -296,7 +296,7 @@ static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf,
  */
 static int do_dump(unsigned long lflags, char_io *io_ch, void *arg,
-                   ASN1_STRING *str)
+                   const ASN1_STRING *str)
 {
     /*
      * Placing the ASN1_STRING in a temp ASN1_TYPE allows the DER encoding to
@@ -354,7 +354,7 @@ static const signed char tag2nbyte[] = {
  */
 static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags,
-                       ASN1_STRING *str)
+                       const ASN1_STRING *str)
 {
     int outlen, len;
     int type;
@@ -610,13 +610,13 @@ int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent,
 }
 #endif
-int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags)
+int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags)
 {
     return do_print_ex(send_bio_chars, out, flags, str);
 }
 #ifndef OPENSSL_NO_FP_API
-int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags)
+int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags)
 {
     return do_print_ex(send_fp_chars, fp, flags, str);
 }

data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c CHANGED

@@ -142,6 +142,14 @@ int x509_digest_verify_init(EVP_MD_CTX *ctx, X509_ALGOR *sigalg,
     return 0;
   }
+  /* RSA signature algorithms include an explicit NULL parameter but we also
+   * accept omitted values for compatibility. Other algorithms must omit it. */
+  if (sigalg->parameter != NULL && (pkey_nid != EVP_PKEY_RSA ||
+                                    sigalg->parameter->type != V_ASN1_NULL)) {
+    OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PARAMETER);
+    return 0;
+  }
   /* Otherwise, initialize with the digest from the OID. */
   const EVP_MD *digest = EVP_get_digestbynid(digest_nid);
   if (digest == NULL) {

data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c CHANGED

@@ -123,7 +123,7 @@ typedef struct {
     int exp_count;
 } tag_exp_arg;
-static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth,
+static ASN1_TYPE *generate_v3(const char *str, X509V3_CTX *cnf, int depth,
                               int *perr);
 static int bitstr_cb(const char *elem, int len, void *bitstr);
 static int asn1_cb(const char *elem, int len, void *bitstr);
@@ -136,7 +136,7 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf,
 static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype);
 static int asn1_str2tag(const char *tagstr, int len);
-ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf)
+ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf)
 {
     X509V3_CTX cnf;
@@ -147,7 +147,7 @@ ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf)
     return ASN1_generate_v3(str, &cnf);
 }
-ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
+ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf)
 {
     int err = 0;
     ASN1_TYPE *ret = generate_v3(str, cnf, 0, &err);
@@ -156,7 +156,7 @@ ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
     return ret;
 }
-static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth,
+static ASN1_TYPE *generate_v3(const char *str, X509V3_CTX *cnf, int depth,
                               int *perr)
 {
     ASN1_TYPE *ret;

data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c CHANGED

@@ -65,73 +65,6 @@
  * it to avoid downstream churn. */
 OPENSSL_DECLARE_ERROR_REASON(X509, UNSUPPORTED_ALGORITHM)
-int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, int version,
-                    int ptype, void *pval, uint8_t *penc, int penclen) {
-  uint8_t **ppenc = NULL;
-  if (version >= 0) {
-    if (!ASN1_INTEGER_set(priv->version, version)) {
-      return 0;
-    }
-  }
-  if (penc) {
-    int pmtype;
-    ASN1_OCTET_STRING *oct;
-    oct = ASN1_OCTET_STRING_new();
-    if (!oct) {
-      return 0;
-    }
-    oct->data = penc;
-    ppenc = &oct->data;
-    oct->length = penclen;
-    if (priv->broken == PKCS8_NO_OCTET) {
-      pmtype = V_ASN1_SEQUENCE;
-    } else {
-      pmtype = V_ASN1_OCTET_STRING;
-    }
-    ASN1_TYPE_set(priv->pkey, pmtype, oct);
-  }
-  if (!X509_ALGOR_set0(priv->pkeyalg, aobj, ptype, pval)) {
-    /* If call fails do not swallow 'enc' */
-    if (ppenc) {
-      *ppenc = NULL;
-    }
-    return 0;
-  }
-  return 1;
-}
-int PKCS8_pkey_get0(ASN1_OBJECT **ppkalg, const uint8_t **pk, int *ppklen,
-                    X509_ALGOR **pa, PKCS8_PRIV_KEY_INFO *p8) {
-  if (ppkalg) {
-    *ppkalg = p8->pkeyalg->algorithm;
-  }
-  if (p8->pkey->type == V_ASN1_OCTET_STRING) {
-    p8->broken = PKCS8_OK;
-    if (pk) {
-      *pk = p8->pkey->value.octet_string->data;
-      *ppklen = p8->pkey->value.octet_string->length;
-    }
-  } else if (p8->pkey->type == V_ASN1_SEQUENCE) {
-    p8->broken = PKCS8_NO_OCTET;
-    if (pk) {
-      *pk = p8->pkey->value.sequence->data;
-      *ppklen = p8->pkey->value.sequence->length;
-    }
-  } else {
-    return 0;
-  }
-  if (pa) {
-    *pa = p8->pkeyalg;
-  }
-  return 1;
-}
 int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent) {
   const uint8_t *s;
   int i, n;

data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c CHANGED

@@ -67,6 +67,7 @@
 #include <openssl/x509v3.h>
 #include "../internal.h"
+#include "../x509v3/internal.h"
 int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
@@ -175,12 +176,18 @@ unsigned long X509_subject_name_hash_old(X509 *x)
  */
 int X509_cmp(const X509 *a, const X509 *b)
 {
-    int rv;
-    /* ensure hash is valid */
-    X509_check_purpose((X509 *)a, -1, 0);
-    X509_check_purpose((X509 *)b, -1, 0);
-    rv = OPENSSL_memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
+    /* Fill in the |sha1_hash| fields.
+     *
+     * TODO(davidben): This may fail, in which case the the hash will be all
+     * zeros. This produces a consistent comparison (failures are sticky), but
+     * not a good one. OpenSSL now returns -2, but this is not a consistent
+     * comparison and may cause misbehaving sorts by transitivity. For now, we
+     * retain the old OpenSSL behavior, which was to ignore the error. See
+     * https://crbug.com/boringssl/355. */
+    x509v3_cache_extensions((X509 *)a);
+    x509v3_cache_extensions((X509 *)b);
+    int rv = OPENSSL_memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
     if (rv)
         return rv;
     /* Check for match against stored encoding too */

data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c CHANGED

@@ -107,6 +107,16 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
     return (NULL);
 }
+long X509_REQ_get_version(const X509_REQ *req)
+{
+    return ASN1_INTEGER_get(req->req_info->version);
+}
+X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req)
+{
+    return req->req_info->subject;
+}
 EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req)
 {
     if ((req == NULL) || (req->req_info == NULL))

data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c CHANGED

@@ -60,6 +60,16 @@
 #include <openssl/obj.h>
 #include <openssl/x509.h>
+long X509_get_version(const X509 *x509)
+{
+    return ASN1_INTEGER_get(x509->cert_info->version);
+}
+X509_CINF *X509_get_cert_info(const X509 *x509)
+{
+    return x509->cert_info;
+}
 int X509_set_version(X509 *x, long version)
 {
     if (x == NULL)
@@ -137,6 +147,14 @@ ASN1_TIME *X509_getm_notBefore(X509 *x)
     return x->cert_info->validity->notBefore;
 }
+ASN1_TIME *X509_get_notBefore(const X509 *x509)
+{
+    // In OpenSSL, this function is an alias for |X509_getm_notBefore|, but our
+    // |X509_getm_notBefore| is const-correct. |X509_get_notBefore| was
+    // originally a macro, so it needs to capture both get0 and getm use cases.
+    return x509->cert_info->validity->notBefore;
+}
 int X509_set_notAfter(X509 *x, const ASN1_TIME *tm)
 {
     ASN1_TIME *in;
@@ -167,6 +185,14 @@ ASN1_TIME *X509_getm_notAfter(X509 *x)
     return x->cert_info->validity->notAfter;
 }
+ASN1_TIME *X509_get_notAfter(const X509 *x509)
+{
+    // In OpenSSL, this function is an alias for |X509_getm_notAfter|, but our
+    // |X509_getm_notAfter| is const-correct. |X509_get_notAfter| was
+    // originally a macro, so it needs to capture both get0 and getm use cases.
+    return x509->cert_info->validity->notAfter;
+}
 int X509_set_pubkey(X509 *x, EVP_PKEY *pkey)
 {
     if ((x == NULL) || (x->cert_info == NULL))
@@ -183,3 +209,18 @@ const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x)
 {
     return x->cert_info->signature;
 }
+void X509_CINF_set_modified(X509_CINF *cinf)
+{
+    cinf->enc.modified = 1;
+}
+const X509_ALGOR *X509_CINF_get_signature(const X509_CINF *cinf)
+{
+    return cinf->signature;
+}
+X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x509)
+{
+    return x509->cert_info->key;
+}

data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c CHANGED

@@ -59,6 +59,8 @@
 #include <openssl/obj.h>
 #include <openssl/x509v3.h>
+#include "../x509v3/internal.h"
 static int tr_cmp(const X509_TRUST **a, const X509_TRUST **b);
 static void trtable_free(X509_TRUST *p);
@@ -293,7 +295,8 @@ static int trust_1oid(X509_TRUST *trust, X509 *x, int flags)
 static int trust_compat(X509_TRUST *trust, X509 *x, int flags)
 {
-    X509_check_purpose(x, -1, 0);
+    if (!x509v3_cache_extensions(x))
+        return X509_TRUST_UNTRUSTED;
     if (x->ex_flags & EXFLAG_SS)
         return X509_TRUST_TRUSTED;
     else

data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c CHANGED

@@ -146,14 +146,16 @@ static int null_callback(int ok, X509_STORE_CTX *e)
     return ok;
 }
-/* Return 1 is a certificate is self signed */
-static int cert_self_signed(X509 *x)
+/* cert_self_signed checks if |x| is self-signed. If |x| is valid, it returns
+ * one and sets |*out_is_self_signed| to the result. If |x| is invalid, it
+ * returns zero. */
+static int cert_self_signed(X509 *x, int *out_is_self_signed)
 {
-    X509_check_purpose(x, -1, 0);
-    if (x->ex_flags & EXFLAG_SS)
-        return 1;
-    else
+    if (!x509v3_cache_extensions(x)) {
         return 0;
+    }
+    *out_is_self_signed = (x->ex_flags & EXFLAG_SS) != 0;
+    return 1;
 }
 /* Given a certificate try and find an exact match in the store */
@@ -263,8 +265,14 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
                                  * X509_V_ERR_CERT_CHAIN_TOO_LONG error code
                                  * later. */
+        int is_self_signed;
+        if (!cert_self_signed(x, &is_self_signed)) {
+            ctx->error = X509_V_ERR_INVALID_EXTENSION;
+            goto end;
+        }
         /* If we are self signed, we break */
-        if (cert_self_signed(x))
+        if (is_self_signed)
             break;
         /*
          * If asked see if we can find issuer in trusted store first
@@ -323,7 +331,14 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
          */
         i = sk_X509_num(ctx->chain);
         x = sk_X509_value(ctx->chain, i - 1);
-        if (cert_self_signed(x)) {
+        int is_self_signed;
+        if (!cert_self_signed(x, &is_self_signed)) {
+            ctx->error = X509_V_ERR_INVALID_EXTENSION;
+            goto end;
+        }
+        if (is_self_signed) {
             /* we have a self signed certificate */
             if (sk_X509_num(ctx->chain) == 1) {
                 /*
@@ -368,8 +383,12 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
             /* If we have enough, we break */
             if (depth < num)
                 break;
+            if (!cert_self_signed(x, &is_self_signed)) {
+                ctx->error = X509_V_ERR_INVALID_EXTENSION;
+                goto end;
+            }
             /* If we are self signed, we break */
-            if (cert_self_signed(x))
+            if (is_self_signed)
                 break;
             ok = ctx->get_issuer(&xtmp, ctx, x);

data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c CHANGED

@@ -135,6 +135,11 @@ int X509_CRL_up_ref(X509_CRL *crl)
     return 1;
 }
+long X509_CRL_get_version(const X509_CRL *crl)
+{
+    return ASN1_INTEGER_get(crl->crl->version);
+}
 const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl)
 {
     return crl->crl->lastUpdate;
@@ -145,6 +150,26 @@ const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl)
     return crl->crl->nextUpdate;
 }
+ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl)
+{
+    return crl->crl->lastUpdate;
+}
+ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl)
+{
+    return crl->crl->nextUpdate;
+}
+X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl)
+{
+    return crl->crl->issuer;
+}
+STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl)
+{
+    return crl->crl->revoked;
+}
 void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,
                              const X509_ALGOR **palg)
 {