RubyGems - grpc - Versions diffs - 1.41.0 → 1.42.0 - Mend

grpc 1.41.0 → 1.42.0

Potentially problematic release.

This version of grpc might be problematic. Click here for more details.

Files changed (519) hide show

data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c CHANGED Viewed

@@ -56,98 +56,68 @@
 #include <openssl/asn1.h>
-#include <stdlib.h>             /* For bsearch */
+#include <assert.h>
+#include <stdlib.h>
 #include <string.h>
 #include <openssl/err.h>
 #include <openssl/mem.h>
 #include <openssl/obj.h>
-#include <openssl/stack.h>
-DEFINE_STACK_OF(ASN1_STRING_TABLE)
+#include "../internal.h"
+#include "../lhash/internal.h"
+#include "internal.h"
-static STACK_OF(ASN1_STRING_TABLE) *stable = NULL;
-static void st_free(ASN1_STRING_TABLE *tbl);
-/*
- * This is the global mask for the mbstring functions: this is use to mask
- * out certain types (such as BMPString and UTF8String) because certain
- * software (e.g. Netscape) has problems with them.
- */
+DEFINE_LHASH_OF(ASN1_STRING_TABLE)
-static unsigned long global_mask = B_ASN1_UTF8STRING;
+static LHASH_OF(ASN1_STRING_TABLE) *string_tables = NULL;
+static struct CRYPTO_STATIC_MUTEX string_tables_lock = CRYPTO_STATIC_MUTEX_INIT;
 void ASN1_STRING_set_default_mask(unsigned long mask)
 {
-    global_mask = mask;
 }
 unsigned long ASN1_STRING_get_default_mask(void)
 {
-    return global_mask;
+    return B_ASN1_UTF8STRING;
 }
-/*
- * This function sets the default to various "flavours" of configuration.
- * based on an ASCII string. Currently this is: MASK:XXXX : a numerical mask
- * value. nobmp : Don't use BMPStrings (just Printable, T61). pkix : PKIX
- * recommendation in RFC2459. utf8only : only use UTF8Strings (RFC2459
- * recommendation for 2004). default: the default value, Printable, T61, BMP.
- */
 int ASN1_STRING_set_default_mask_asc(const char *p)
 {
-    unsigned long mask;
-    char *end;
-    if (!strncmp(p, "MASK:", 5)) {
-        if (!p[5])
-            return 0;
-        mask = strtoul(p + 5, &end, 0);
-        if (*end)
-            return 0;
-    } else if (!strcmp(p, "nombstr"))
-        mask = ~((unsigned long)(B_ASN1_BMPSTRING | B_ASN1_UTF8STRING));
-    else if (!strcmp(p, "pkix"))
-        mask = ~((unsigned long)B_ASN1_T61STRING);
-    else if (!strcmp(p, "utf8only"))
-        mask = B_ASN1_UTF8STRING;
-    else if (!strcmp(p, "default"))
-        mask = 0xFFFFFFFFL;
-    else
-        return 0;
-    ASN1_STRING_set_default_mask(mask);
     return 1;
 }
+static const ASN1_STRING_TABLE *asn1_string_table_get(int nid);
 /*
  * The following function generates an ASN1_STRING based on limits in a
  * table. Frequently the types and length of an ASN1_STRING are restricted by
  * a corresponding OID. For example certificates and certificate requests.
  */
-ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out,
-                                    const unsigned char *in, int inlen,
-                                    int inform, int nid)
+ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in,
+                                    int len, int inform, int nid)
 {
-    ASN1_STRING_TABLE *tbl;
     ASN1_STRING *str = NULL;
-    unsigned long mask;
     int ret;
-    if (!out)
+    if (!out) {
         out = &str;
-    tbl = ASN1_STRING_TABLE_get(nid);
-    if (tbl) {
-        mask = tbl->mask;
-        if (!(tbl->flags & STABLE_NO_MASK))
-            mask &= global_mask;
-        ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask,
-                                  tbl->minsize, tbl->maxsize);
-    } else
-        ret =
-            ASN1_mbstring_copy(out, in, inlen, inform,
-                               DIRSTRING_TYPE & global_mask);
-    if (ret <= 0)
+    }
+    const ASN1_STRING_TABLE *tbl = asn1_string_table_get(nid);
+    if (tbl != NULL) {
+        unsigned long mask = tbl->mask;
+        if (!(tbl->flags & STABLE_NO_MASK)) {
+            mask &= B_ASN1_UTF8STRING;
+        }
+        ret = ASN1_mbstring_ncopy(out, in, len, inform, mask, tbl->minsize,
+                                  tbl->maxsize);
+    } else {
+        ret = ASN1_mbstring_copy(out, in, len, inform, B_ASN1_UTF8STRING);
+    }
+    if (ret <= 0) {
         return NULL;
+    }
     return *out;
 }
@@ -155,15 +125,13 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out,
  * Now the tables and helper functions for the string table:
  */
-/* size limits: this stuff is taken straight from RFC3280 */
+/* See RFC 5280. */
 #define ub_name                         32768
 #define ub_common_name                  64
 #define ub_locality_name                128
 #define ub_state_name                   128
 #define ub_organization_name            64
 #define ub_organization_unit_name       64
-#define ub_title                        64
 #define ub_email_address                128
 #define ub_serial_number                64
@@ -194,120 +162,105 @@ static const ASN1_STRING_TABLE tbl_standard[] = {
     {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}
 };
-static int sk_table_cmp(const ASN1_STRING_TABLE **a,
-                        const ASN1_STRING_TABLE **b)
+static int table_cmp(const ASN1_STRING_TABLE *a, const ASN1_STRING_TABLE *b)
 {
-    return (*a)->nid - (*b)->nid;
+    if (a->nid < b->nid) {
+        return -1;
+    }
+    if (a->nid > b->nid) {
+        return 1;
+    }
+    return 0;
 }
-static int table_cmp(const void *in_a, const void *in_b)
+static int table_cmp_void(const void *a, const void *b)
 {
-    const ASN1_STRING_TABLE *a = in_a;
-    const ASN1_STRING_TABLE *b = in_b;
-    return a->nid - b->nid;
+    return table_cmp(a, b);
 }
-ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid)
+static uint32_t table_hash(const ASN1_STRING_TABLE *tbl)
 {
-    int found;
-    size_t idx;
-    ASN1_STRING_TABLE *ttmp;
-    ASN1_STRING_TABLE fnd;
-    fnd.nid = nid;
-    ttmp =
-        bsearch(&fnd, tbl_standard,
-                sizeof(tbl_standard) / sizeof(ASN1_STRING_TABLE),
-                sizeof(ASN1_STRING_TABLE), table_cmp);
-    if (ttmp)
-        return ttmp;
-    if (!stable)
-        return NULL;
-    sk_ASN1_STRING_TABLE_sort(stable);
-    found = sk_ASN1_STRING_TABLE_find(stable, &idx, &fnd);
-    if (!found)
-        return NULL;
-    return sk_ASN1_STRING_TABLE_value(stable, idx);
+    return OPENSSL_hash32(&tbl->nid, sizeof(tbl->nid));
 }
-int ASN1_STRING_TABLE_add(int nid,
-                          long minsize, long maxsize, unsigned long mask,
-                          unsigned long flags)
+static const ASN1_STRING_TABLE *asn1_string_table_get(int nid)
 {
-    ASN1_STRING_TABLE *tmp;
-    char new_nid = 0;
-    flags &= ~STABLE_FLAGS_MALLOC;
-    if (!stable)
-        stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp);
-    if (!stable) {
-        OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
-        return 0;
+    ASN1_STRING_TABLE key;
+    key.nid = nid;
+    const ASN1_STRING_TABLE *tbl =
+        bsearch(&key, tbl_standard, OPENSSL_ARRAY_SIZE(tbl_standard),
+                sizeof(ASN1_STRING_TABLE), table_cmp_void);
+    if (tbl != NULL) {
+        return tbl;
     }
-    if (!(tmp = ASN1_STRING_TABLE_get(nid))) {
-        tmp = OPENSSL_malloc(sizeof(ASN1_STRING_TABLE));
-        if (!tmp) {
-            OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
-            return 0;
-        }
-        tmp->flags = flags | STABLE_FLAGS_MALLOC;
-        tmp->nid = nid;
-        tmp->minsize = tmp->maxsize = -1;
-        new_nid = 1;
-    } else
-        tmp->flags = (tmp->flags & STABLE_FLAGS_MALLOC) | flags;
-    if (minsize != -1)
-        tmp->minsize = minsize;
-    if (maxsize != -1)
-        tmp->maxsize = maxsize;
-    tmp->mask = mask;
-    if (new_nid)
-        sk_ASN1_STRING_TABLE_push(stable, tmp);
-    return 1;
-}
-void ASN1_STRING_TABLE_cleanup(void)
-{
-    STACK_OF(ASN1_STRING_TABLE) *tmp;
-    tmp = stable;
-    if (!tmp)
-        return;
-    stable = NULL;
-    sk_ASN1_STRING_TABLE_pop_free(tmp, st_free);
+    CRYPTO_STATIC_MUTEX_lock_read(&string_tables_lock);
+    if (string_tables != NULL) {
+        tbl = lh_ASN1_STRING_TABLE_retrieve(string_tables, &key);
+    }
+    CRYPTO_STATIC_MUTEX_unlock_read(&string_tables_lock);
+    /* Note returning |tbl| without the lock is only safe because
+     * |ASN1_STRING_TABLE_add| cannot modify or delete existing entries. If we
+     * wish to support that, this function must copy the result under a lock. */
+    return tbl;
 }
-static void st_free(ASN1_STRING_TABLE *tbl)
+int ASN1_STRING_TABLE_add(int nid, long minsize, long maxsize,
+                          unsigned long mask, unsigned long flags)
 {
-    if (tbl->flags & STABLE_FLAGS_MALLOC)
-        OPENSSL_free(tbl);
-}
+    /* Existing entries cannot be overwritten. */
+    if (asn1_string_table_get(nid) != NULL) {
+        OPENSSL_PUT_ERROR(ASN1, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
-#ifdef STRING_TABLE_TEST
+    int ret = 0;
+    CRYPTO_STATIC_MUTEX_lock_write(&string_tables_lock);
-int main(void)
-{
-    ASN1_STRING_TABLE *tmp;
-    int i, last_nid = -1;
-    for (tmp = tbl_standard, i = 0;
-         i < sizeof(tbl_standard) / sizeof(ASN1_STRING_TABLE); i++, tmp++) {
-        if (tmp->nid < last_nid) {
-            last_nid = 0;
-            break;
+    if (string_tables == NULL) {
+        string_tables = lh_ASN1_STRING_TABLE_new(table_hash, table_cmp);
+        if (string_tables == NULL) {
+            goto err;
+        }
+    } else {
+        /* Check again for an existing entry. One may have been added while
+         * unlocked. */
+        ASN1_STRING_TABLE key;
+        key.nid = nid;
+        if (lh_ASN1_STRING_TABLE_retrieve(string_tables, &key) != NULL) {
+            OPENSSL_PUT_ERROR(ASN1, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+            goto err;
         }
-        last_nid = tmp->nid;
     }
-    if (last_nid != 0) {
-        printf("Table order OK\n");
-        exit(0);
+    ASN1_STRING_TABLE *tbl = OPENSSL_malloc(sizeof(ASN1_STRING_TABLE));
+    if (tbl == NULL) {
+        goto err;
     }
+    tbl->nid = nid;
+    tbl->flags = flags;
+    tbl->minsize = minsize;
+    tbl->maxsize = maxsize;
+    tbl->mask = mask;
+    ASN1_STRING_TABLE *old_tbl;
+    if (!lh_ASN1_STRING_TABLE_insert(string_tables, &old_tbl, tbl)) {
+        OPENSSL_free(tbl);
+        goto err;
+    }
+    assert(old_tbl == NULL);
+    ret = 1;
-    for (tmp = tbl_standard, i = 0;
-         i < sizeof(tbl_standard) / sizeof(ASN1_STRING_TABLE); i++, tmp++)
-        printf("Index %d, NID %d, Name=%s\n", i, tmp->nid,
-               OBJ_nid2ln(tmp->nid));
+err:
+    CRYPTO_STATIC_MUTEX_unlock_write(&string_tables_lock);
+    return ret;
+}
-    return 0;
+void ASN1_STRING_TABLE_cleanup(void)
+{
 }
-#endif
+void asn1_get_string_table_for_testing(const ASN1_STRING_TABLE **out_ptr,
+                                       size_t *out_len) {
+    *out_ptr = tbl_standard;
+    *out_len = OPENSSL_ARRAY_SIZE(tbl_standard);
+}

data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c CHANGED Viewed

@@ -200,7 +200,7 @@ static int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *t)
     return 0;
 }
-int ASN1_TIME_diff(int *pday, int *psec,
+int ASN1_TIME_diff(int *out_days, int *out_seconds,
                    const ASN1_TIME *from, const ASN1_TIME *to)
 {
     struct tm tm_from, tm_to;
@@ -208,5 +208,5 @@ int ASN1_TIME_diff(int *pday, int *psec,
         return 0;
     if (!asn1_time_to_tm(&tm_to, to))
         return 0;
-    return OPENSSL_gmtime_diff(pday, psec, &tm_from, &tm_to);
+    return OPENSSL_gmtime_diff(out_days, out_seconds, &tm_from, &tm_to);
 }

data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c CHANGED Viewed

@@ -262,42 +262,3 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
         return -1;
     return 0;
 }
-#if 0
-time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s)
-{
-    struct tm tm;
-    int offset;
-    OPENSSL_memset(&tm, '\0', sizeof tm);
-# define g2(p) (((p)[0]-'0')*10+(p)[1]-'0')
-    tm.tm_year = g2(s->data);
-    if (tm.tm_year < 50)
-        tm.tm_year += 100;
-    tm.tm_mon = g2(s->data + 2) - 1;
-    tm.tm_mday = g2(s->data + 4);
-    tm.tm_hour = g2(s->data + 6);
-    tm.tm_min = g2(s->data + 8);
-    tm.tm_sec = g2(s->data + 10);
-    if (s->data[12] == 'Z')
-        offset = 0;
-    else {
-        offset = g2(s->data + 13) * 60 + g2(s->data + 15);
-        if (s->data[12] == '-')
-            offset = -offset;
-    }
-# undef g2
-    return mktime(&tm) - offset * 60; /* FIXME: mktime assumes the current
-                                       * timezone instead of UTC, and unless
-                                       * we rewrite OpenSSL in Lisp we cannot
-                                       * locally change the timezone without
-                                       * possibly interfering with other
-                                       * parts of the program. timegm, which
-                                       * uses UTC, is non-standard. Also
-                                       * time_t is inappropriate for general
-                                       * UTC times because it may a 32 bit
-                                       * type. */
-}
-#endif

data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_par.c CHANGED Viewed

@@ -72,7 +72,7 @@ const char *ASN1_tag2str(int tag)
     };
     if ((tag == V_ASN1_NEG_INTEGER) || (tag == V_ASN1_NEG_ENUMERATED))
-        tag &= ~0x100;
+        tag &= ~V_ASN1_NEG;
     if (tag < 0 || tag > 30)
         return "(unknown)";

data/third_party/boringssl-with-bazel/src/crypto/{x509 → asn1}/charmap.h RENAMED Viewed

File without changes

data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h CHANGED Viewed

@@ -123,15 +123,31 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
                      const ASN1_ITEM *it, int tag, int aclass, char opt,
                      ASN1_TLC *ctx);
+/* ASN1_item_ex_i2d encodes |*pval| as a value of type |it| to |out| under the
+ * i2d output convention. It returns a non-zero length on success and -1 on
+ * error. If |tag| is -1. the tag and class come from |it|. Otherwise, the tag
+ * number is |tag| and the class is |aclass|. This is used for implicit tagging.
+ * This function treats a missing value as an error, not an optional field. */
 int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
                      const ASN1_ITEM *it, int tag, int aclass);
 void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+/* asn1_get_choice_selector returns the CHOICE selector value for |*pval|, which
+ * must of type |it|. */
 int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it);
 int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it);
+/* asn1_get_field_ptr returns a pointer to the field in |*pval| corresponding to
+ * |tt|. */
 ASN1_VALUE **asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+/* asn1_do_adb returns the |ASN1_TEMPLATE| for the ANY DEFINED BY field |tt|,
+ * based on the selector INTEGER or OID in |*pval|. If |tt| is not an ADB field,
+ * it returns |tt|. If the selector does not match any value, it returns NULL.
+ * If |nullerr| is non-zero, it will additionally push an error to the error
+ * queue when there is no match. */
 const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt,
                                  int nullerr);
@@ -140,8 +156,13 @@ int asn1_refcount_dec_and_test_zero(ASN1_VALUE **pval, const ASN1_ITEM *it);
 void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it);
 void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+/* asn1_enc_restore, if |*pval| has a saved encoding, writes it to |out| under
+ * the i2d output convention, sets |*len| to the length, and returns one. If it
+ * has no saved encoding, it returns zero. */
 int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval,
                      const ASN1_ITEM *it);
 int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen,
                   const ASN1_ITEM *it);
@@ -150,6 +171,23 @@ int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen,
  * a pointer. */
 const void *asn1_type_value_as_pointer(const ASN1_TYPE *a);
+/* asn1_is_printable returns one if |value| is a valid Unicode codepoint for an
+ * ASN.1 PrintableString, and zero otherwise. */
+int asn1_is_printable(uint32_t value);
+typedef struct {
+  int nid;
+  long minsize;
+  long maxsize;
+  unsigned long mask;
+  unsigned long flags;
+} ASN1_STRING_TABLE;
+/* asn1_get_string_table_for_testing sets |*out_ptr| and |*out_len| to the table
+ * of built-in |ASN1_STRING_TABLE| values. It is exported for testing. */
+OPENSSL_EXPORT void asn1_get_string_table_for_testing(
+    const ASN1_STRING_TABLE **out_ptr, size_t *out_len);
 #if defined(__cplusplus)
 }  /* extern C */

data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c CHANGED Viewed

@@ -170,8 +170,6 @@ static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in,
 {
     const ASN1_TEMPLATE *tt, *errtt = NULL;
     const ASN1_EXTERN_FUNCS *ef;
-    const ASN1_AUX *aux = it->funcs;
-    ASN1_aux_cb *asn1_cb;
     const unsigned char *p = NULL, *q;
     unsigned char oclass;
     char seq_eoc, seq_nolen, cst, isopt;
@@ -183,10 +181,6 @@ static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in,
     aclass &= ~ASN1_TFLG_COMBINE;
     if (!pval)
         return 0;
-    if (aux && aux->asn1_cb)
-        asn1_cb = aux->asn1_cb;
-    else
-        asn1_cb = 0;
     /*
      * Bound |len| to comfortably fit in an int. Lengths in this module often
@@ -264,7 +258,7 @@ static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in,
         ef = it->funcs;
         return ef->asn1_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx);
-    case ASN1_ITYPE_CHOICE:
+    case ASN1_ITYPE_CHOICE: {
         /*
          * It never makes sense for CHOICE types to have implicit tagging, so if
          * tag != -1, then this looks like an error in the template.
@@ -274,6 +268,8 @@ static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in,
             goto err;
         }
+        const ASN1_AUX *aux = it->funcs;
+        ASN1_aux_cb *asn1_cb = aux != NULL ? aux->asn1_cb : NULL;
         if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
             goto auxerr;
@@ -327,8 +323,9 @@ static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in,
             goto auxerr;
         *in = p;
         return 1;
+    }
-    case ASN1_ITYPE_SEQUENCE:
+    case ASN1_ITYPE_SEQUENCE: {
         p = *in;
         /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
@@ -356,6 +353,8 @@ static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in,
             goto err;
         }
+        const ASN1_AUX *aux = it->funcs;
+        ASN1_aux_cb *asn1_cb = aux != NULL ? aux->asn1_cb : NULL;
         if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
             goto auxerr;
@@ -462,6 +461,7 @@ static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in,
             goto auxerr;
         *in = p;
         return 1;
+    }
     default:
         return 0;