grpc 1.38.0 → 1.39.0.pre1

data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c

@@ -192,7 +192,8 @@ static int pkcs7_bundle_certificates_cb(CBB *out, const void *arg) {
     }
   }
 
-  return CBB_flush(out);
+  // |certificates| is a implicitly-tagged SET OF.
+  return CBB_flush_asn1_set_of(&certificates) && CBB_flush(out);
 }
 
 int PKCS7_bundle_certificates(CBB *out, const STACK_OF(X509) *certs) {
@@ -222,7 +223,8 @@ static int pkcs7_bundle_crls_cb(CBB *out, const void *arg) {
     }
   }
 
-  return CBB_flush(out);
+  // |crl_data| is a implicitly-tagged SET OF.
+  return CBB_flush_asn1_set_of(&crl_data) && CBB_flush(out);
 }
 
 int PKCS7_bundle_CRLs(CBB *out, const STACK_OF(X509_CRL) *crls) {

data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c

@@ -15,7 +15,7 @@
 #include <openssl/base.h>
 #include "../fipsmodule/rand/internal.h"
 
-#if defined(BORINGSSL_FIPS_PASSIVE_ENTROPY)
+#if defined(BORINGSSL_FIPS)
 
 // RAND_need_entropy is called by the FIPS module when it has blocked because of
 // a lack of entropy. This signal is used as an indication to feed it more.
@@ -31,4 +31,4 @@ void RAND_need_entropy(size_t bytes_needed) {
   RAND_load_entropy(buf, todo, used_cpu);
 }
 
-#endif  // BORINGSSL_FIPS_PASSIVE_ENTROPY
+#endif  // FIPS

data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_asn1.c

@@ -102,8 +102,7 @@ RSA *RSA_parse_public_key(CBS *cbs) {
     return NULL;
   }
 
-  if (!BN_is_odd(ret->e) ||
-      BN_num_bits(ret->e) < 2) {
+  if (!RSA_check_key(ret)) {
     OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_RSA_PARAMETERS);
     RSA_free(ret);
     return NULL;

data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h

@@ -1,16 +1,60 @@
-/* Copyright (c) 2016, Google Inc.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2013.
+ */
+/* ====================================================================
+ * Copyright (c) 2013 The OpenSSL Project.  All rights reserved.
  *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
  *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
 #ifndef OPENSSL_HEADER_X509_INTERNAL_H
 #define OPENSSL_HEADER_X509_INTERNAL_H
@@ -42,6 +86,52 @@ struct x509_attributes_st {
   STACK_OF(ASN1_TYPE) *set;
 } /* X509_ATTRIBUTE */;
 
+struct x509_cert_aux_st {
+  STACK_OF(ASN1_OBJECT) *trust;   // trusted uses
+  STACK_OF(ASN1_OBJECT) *reject;  // rejected uses
+  ASN1_UTF8STRING *alias;         // "friendly name"
+  ASN1_OCTET_STRING *keyid;       // key id of private key
+  STACK_OF(X509_ALGOR) *other;    // other unspecified info
+} /* X509_CERT_AUX */;
+
+typedef struct {
+  ASN1_ENCODING enc;
+  ASN1_INTEGER *version;
+  X509_NAME *subject;
+  X509_PUBKEY *pubkey;
+  //  d=2 hl=2 l=  0 cons: cont: 00
+  STACK_OF(X509_ATTRIBUTE) *attributes;  // [ 0 ]
+} X509_REQ_INFO;
+
+DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO)
+
+struct X509_req_st {
+  X509_REQ_INFO *req_info;
+  X509_ALGOR *sig_alg;
+  ASN1_BIT_STRING *signature;
+  CRYPTO_refcount_t references;
+} /* X509_REQ */;
+
+struct X509_VERIFY_PARAM_st {
+  char *name;
+  time_t check_time;                // Time to use
+  unsigned long inh_flags;          // Inheritance flags
+  unsigned long flags;              // Various verify flags
+  int purpose;                      // purpose to check untrusted certificates
+  int trust;                        // trust setting to check
+  int depth;                        // Verify depth
+  STACK_OF(ASN1_OBJECT) *policies;  // Permissible policies
+  // The following fields specify acceptable peer identities.
+  STACK_OF(OPENSSL_STRING) *hosts;  // Set of acceptable names
+  unsigned int hostflags;           // Flags to control matching features
+  char *peername;                   // Matching hostname in peer certificate
+  char *email;                      // If not NULL email address to match
+  size_t emaillen;
+  unsigned char *ip;     // If not NULL IP address to match
+  size_t iplen;          // Length of IP address
+  unsigned char poison;  // Fail all verifications at name checking
+} /* X509_VERIFY_PARAM */;
+
 
 /* RSA-PSS functions. */
 

data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509a.c

@@ -60,6 +60,9 @@
 #include <openssl/obj.h>
 #include <openssl/x509.h>
 
+#include "internal.h"
+
+
 /* X509_CERT_AUX and string set routines */
 
 int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent)

data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c

@@ -384,7 +384,7 @@ int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain,
     } else
         i = 0;
 
-    if (X509_get_version(x) != X509V3_VERSION) {
+    if (X509_get_version(x) != X509_VERSION_3) {
         rv = X509_V_ERR_SUITE_B_INVALID_VERSION;
         /* Correct error depth */
         i = 0;
@@ -402,7 +402,7 @@ int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain,
     for (; i < sk_X509_num(chain); i++) {
         sign_nid = X509_get_signature_nid(x);
         x = sk_X509_value(chain, i);
-        if (X509_get_version(x) != X509V3_VERSION) {
+        if (X509_get_version(x) != X509_VERSION_3) {
             rv = X509_V_ERR_SUITE_B_INVALID_VERSION;
             goto end;
         }

data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c

@@ -65,6 +65,9 @@
 #include <openssl/pem.h>
 #include <openssl/x509.h>
 
+#include "internal.h"
+
+
 X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
 {
     X509_REQ *ret;

data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c

@@ -67,7 +67,7 @@ long X509_get_version(const X509 *x509)
 {
     // The default version is v1(0).
     if (x509->cert_info->version == NULL) {
-        return X509V1_VERSION;
+        return X509_VERSION_1;
     }
     return ASN1_INTEGER_get(x509->cert_info->version);
 }

data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c

@@ -60,6 +60,8 @@
 #include <openssl/x509v3.h>
 
 #include "../x509v3/internal.h"
+#include "internal.h"
+
 
 static int tr_cmp(const X509_TRUST **a, const X509_TRUST **b);
 static void trtable_free(X509_TRUST *p);

data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c

@@ -67,7 +67,7 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
-#include "vpm_int.h"
+#include "internal.h"
 #include "../internal.h"
 #include "../x509v3/internal.h"
 
@@ -835,20 +835,20 @@ static int check_id_error(X509_STORE_CTX *ctx, int errcode)
     return ctx->verify_cb(0, ctx);
 }
 
-static int check_hosts(X509 *x, X509_VERIFY_PARAM_ID *id)
+static int check_hosts(X509 *x, X509_VERIFY_PARAM *param)
 {
     size_t i;
-    size_t n = sk_OPENSSL_STRING_num(id->hosts);
+    size_t n = sk_OPENSSL_STRING_num(param->hosts);
     char *name;
 
-    if (id->peername != NULL) {
-        OPENSSL_free(id->peername);
-        id->peername = NULL;
+    if (param->peername != NULL) {
+        OPENSSL_free(param->peername);
+        param->peername = NULL;
     }
     for (i = 0; i < n; ++i) {
-        name = sk_OPENSSL_STRING_value(id->hosts, i);
-        if (X509_check_host(x, name, strlen(name), id->hostflags,
-                            &id->peername) > 0)
+        name = sk_OPENSSL_STRING_value(param->hosts, i);
+        if (X509_check_host(x, name, strlen(name), param->hostflags,
+                            &param->peername) > 0)
             return 1;
     }
     return n == 0;
@@ -857,21 +857,20 @@ static int check_hosts(X509 *x, X509_VERIFY_PARAM_ID *id)
 static int check_id(X509_STORE_CTX *ctx)
 {
     X509_VERIFY_PARAM *vpm = ctx->param;
-    X509_VERIFY_PARAM_ID *id = vpm->id;
     X509 *x = ctx->cert;
-    if (id->poison) {
+    if (vpm->poison) {
         if (!check_id_error(ctx, X509_V_ERR_INVALID_CALL))
             return 0;
     }
-    if (id->hosts && check_hosts(x, id) <= 0) {
+    if (vpm->hosts && check_hosts(x, vpm) <= 0) {
         if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH))
             return 0;
     }
-    if (id->email && X509_check_email(x, id->email, id->emaillen, 0) <= 0) {
+    if (vpm->email && X509_check_email(x, vpm->email, vpm->emaillen, 0) <= 0) {
         if (!check_id_error(ctx, X509_V_ERR_EMAIL_MISMATCH))
             return 0;
     }
-    if (id->ip && X509_check_ip(x, id->ip, id->iplen, 0) <= 0) {
+    if (vpm->ip && X509_check_ip(x, vpm->ip, vpm->iplen, 0) <= 0) {
         if (!check_id_error(ctx, X509_V_ERR_IP_ADDRESS_MISMATCH))
             return 0;
     }
@@ -2052,7 +2051,7 @@ X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
     }
     /* Create new CRL */
     crl = X509_CRL_new();
-    if (!crl || !X509_CRL_set_version(crl, X509V2_VERSION))
+    if (!crl || !X509_CRL_set_version(crl, X509_CRL_VERSION_2))
         goto memerr;
     /* Set issuer name */
     if (!X509_CRL_set_issuer_name(crl, X509_CRL_get_issuer(newer)))

data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c

@@ -62,8 +62,9 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
-#include "vpm_int.h"
+#include "internal.h"
 #include "../internal.h"
+#include "../x509v3/internal.h"
 
 
 /* X509_VERIFY_PARAM functions */
@@ -83,7 +84,7 @@ static void str_free(char *s)
 
 #define string_stack_free(sk) sk_OPENSSL_STRING_pop_free(sk, str_free)
 
-static int int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode,
+static int int_x509_param_set_hosts(X509_VERIFY_PARAM *param, int mode,
                                     const char *name, size_t namelen)
 {
     char *copy;
@@ -100,26 +101,26 @@ static int int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode,
     if (name && OPENSSL_memchr(name, '\0', namelen))
         return 0;
 
-    if (mode == SET_HOST && id->hosts) {
-        string_stack_free(id->hosts);
-        id->hosts = NULL;
+    if (mode == SET_HOST && param->hosts) {
+        string_stack_free(param->hosts);
+        param->hosts = NULL;
     }
 
     copy = OPENSSL_strndup(name, namelen);
     if (copy == NULL)
         return 0;
 
-    if (id->hosts == NULL &&
-        (id->hosts = sk_OPENSSL_STRING_new_null()) == NULL) {
+    if (param->hosts == NULL &&
+        (param->hosts = sk_OPENSSL_STRING_new_null()) == NULL) {
         OPENSSL_free(copy);
         return 0;
     }
 
-    if (!sk_OPENSSL_STRING_push(id->hosts, copy)) {
+    if (!sk_OPENSSL_STRING_push(param->hosts, copy)) {
         OPENSSL_free(copy);
-        if (sk_OPENSSL_STRING_num(id->hosts) == 0) {
-            sk_OPENSSL_STRING_free(id->hosts);
-            id->hosts = NULL;
+        if (sk_OPENSSL_STRING_num(param->hosts) == 0) {
+            sk_OPENSSL_STRING_free(param->hosts);
+            param->hosts = NULL;
         }
         return 0;
     }
@@ -129,7 +130,6 @@ static int int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode,
 
 static void x509_verify_param_zero(X509_VERIFY_PARAM *param)
 {
-    X509_VERIFY_PARAM_ID *paramid;
     if (!param)
         return;
     param->name = NULL;
@@ -145,43 +145,34 @@ static void x509_verify_param_zero(X509_VERIFY_PARAM *param)
         sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
         param->policies = NULL;
     }
-    paramid = param->id;
-    if (paramid->hosts) {
-        string_stack_free(paramid->hosts);
-        paramid->hosts = NULL;
+    if (param->hosts) {
+        string_stack_free(param->hosts);
+        param->hosts = NULL;
     }
-    if (paramid->peername) {
-        OPENSSL_free(paramid->peername);
-        paramid->peername = NULL;
+    if (param->peername) {
+        OPENSSL_free(param->peername);
+        param->peername = NULL;
     }
-    if (paramid->email) {
-        OPENSSL_free(paramid->email);
-        paramid->email = NULL;
-        paramid->emaillen = 0;
+    if (param->email) {
+        OPENSSL_free(param->email);
+        param->email = NULL;
+        param->emaillen = 0;
     }
-    if (paramid->ip) {
-        OPENSSL_free(paramid->ip);
-        paramid->ip = NULL;
-        paramid->iplen = 0;
+    if (param->ip) {
+        OPENSSL_free(param->ip);
+        param->ip = NULL;
+        param->iplen = 0;
     }
-    paramid->poison = 0;
+    param->poison = 0;
 }
 
 X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
 {
     X509_VERIFY_PARAM *param;
-    X509_VERIFY_PARAM_ID *paramid;
     param = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM));
     if (!param)
         return NULL;
-    paramid = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM_ID));
-    if (!paramid) {
-        OPENSSL_free(param);
-        return NULL;
-    }
     OPENSSL_memset(param, 0, sizeof(X509_VERIFY_PARAM));
-    OPENSSL_memset(paramid, 0, sizeof(X509_VERIFY_PARAM_ID));
-    param->id = paramid;
     x509_verify_param_zero(param);
     return param;
 }
@@ -191,7 +182,6 @@ void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param)
     if (param == NULL)
         return;
     x509_verify_param_zero(param);
-    OPENSSL_free(param->id);
     OPENSSL_free(param);
 }
 
@@ -233,11 +223,6 @@ void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param)
   (to_overwrite ||                              \
    ((src->field != (def)) && (to_default || (dest->field == (def)))))
 
-/* As above but for ID fields */
-
-#define test_x509_verify_param_copy_id(idf, def) \
-        test_x509_verify_param_copy(id->idf, def)
-
 /* Macro to test and copy a field if necessary */
 
 #define x509_verify_param_copy(field, def) \
@@ -249,10 +234,8 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
 {
     unsigned long inh_flags;
     int to_default, to_overwrite;
-    X509_VERIFY_PARAM_ID *id;
     if (!src)
         return 1;
-    id = src->id;
     inh_flags = dest->inh_flags | src->inh_flags;
 
     if (inh_flags & X509_VP_FLAG_ONCE)
@@ -294,31 +277,31 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
     }
 
     /* Copy the host flags if and only if we're copying the host list */
-    if (test_x509_verify_param_copy_id(hosts, NULL)) {
-        if (dest->id->hosts) {
-            string_stack_free(dest->id->hosts);
-            dest->id->hosts = NULL;
+    if (test_x509_verify_param_copy(hosts, NULL)) {
+        if (dest->hosts) {
+            string_stack_free(dest->hosts);
+            dest->hosts = NULL;
         }
-        if (id->hosts) {
-            dest->id->hosts =
-                sk_OPENSSL_STRING_deep_copy(id->hosts, str_copy, str_free);
-            if (dest->id->hosts == NULL)
+        if (src->hosts) {
+            dest->hosts =
+                sk_OPENSSL_STRING_deep_copy(src->hosts, str_copy, str_free);
+            if (dest->hosts == NULL)
                 return 0;
-            dest->id->hostflags = id->hostflags;
+            dest->hostflags = src->hostflags;
         }
     }
 
-    if (test_x509_verify_param_copy_id(email, NULL)) {
-        if (!X509_VERIFY_PARAM_set1_email(dest, id->email, id->emaillen))
+    if (test_x509_verify_param_copy(email, NULL)) {
+        if (!X509_VERIFY_PARAM_set1_email(dest, src->email, src->emaillen))
             return 0;
     }
 
-    if (test_x509_verify_param_copy_id(ip, NULL)) {
-        if (!X509_VERIFY_PARAM_set1_ip(dest, id->ip, id->iplen))
+    if (test_x509_verify_param_copy(ip, NULL)) {
+        if (!X509_VERIFY_PARAM_set1_ip(dest, src->ip, src->iplen))
             return 0;
     }
 
-    dest->id->poison = src->id->poison;
+    dest->poison = src->poison;
 
     return 1;
 }
@@ -457,8 +440,8 @@ int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
 int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
                                 const char *name, size_t namelen)
 {
-    if (!int_x509_param_set_hosts(param->id, SET_HOST, name, namelen)) {
-        param->id->poison = 1;
+    if (!int_x509_param_set_hosts(param, SET_HOST, name, namelen)) {
+        param->poison = 1;
         return 0;
     }
     return 1;
@@ -467,8 +450,8 @@ int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
 int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
                                 const char *name, size_t namelen)
 {
-    if (!int_x509_param_set_hosts(param->id, ADD_HOST, name, namelen)) {
-        param->id->poison = 1;
+    if (!int_x509_param_set_hosts(param, ADD_HOST, name, namelen)) {
+        param->poison = 1;
         return 0;
     }
     return 1;
@@ -477,21 +460,21 @@ int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
 void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
                                      unsigned int flags)
 {
-    param->id->hostflags = flags;
+    param->hostflags = flags;
 }
 
 char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param)
 {
-    return param->id->peername;
+    return param->peername;
 }
 
 int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
                                  const char *email, size_t emaillen)
 {
     if (OPENSSL_memchr(email, '\0', emaillen) != NULL ||
-        !int_x509_param_set1(&param->id->email, &param->id->emaillen,
+        !int_x509_param_set1(&param->email, &param->emaillen,
                                email, emaillen)) {
-        param->id->poison = 1;
+        param->poison = 1;
         return 0;
     }
 
@@ -502,9 +485,9 @@ int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
                               const unsigned char *ip, size_t iplen)
 {
     if ((iplen != 4 && iplen != 16) ||
-        !int_x509_param_set1((char **)&param->id->ip, &param->id->iplen,
+        !int_x509_param_set1((char **)&param->ip, &param->iplen,
                              (char *)ip, iplen)) {
-        param->id->poison = 1;
+        param->poison = 1;
         return 0;
     }
 
@@ -516,7 +499,7 @@ int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc)
     unsigned char ipout[16];
     size_t iplen;
 
-    iplen = (size_t)a2i_ipadd(ipout, ipasc);
+    iplen = (size_t)x509v3_a2i_ipadd(ipout, ipasc);
     if (iplen == 0)
         return 0;
     return X509_VERIFY_PARAM_set1_ip(param, ipout, iplen);
@@ -532,10 +515,7 @@ const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param)
     return param->name;
 }
 
-static const X509_VERIFY_PARAM_ID _empty_id =
-    { NULL, 0U, NULL, NULL, 0, NULL, 0, 0 };
-
-#define vpm_empty_id ((X509_VERIFY_PARAM_ID *)&_empty_id)
+#define vpm_empty_id NULL, 0U, NULL, NULL, 0, NULL, 0, 0
 
 /*
  * Default verify parameters: these are used for various applications and can