grpc 1.53.0 → 1.54.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of grpc might be problematic. Click here for more details.

Files changed (685) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +80 -66
  3. data/include/grpc/event_engine/event_engine.h +30 -14
  4. data/include/grpc/grpc_security.h +4 -0
  5. data/include/grpc/impl/grpc_types.h +11 -2
  6. data/include/grpc/support/port_platform.h +4 -4
  7. data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +11 -0
  8. data/src/core/ext/filters/client_channel/backend_metric.cc +6 -0
  9. data/src/core/ext/filters/client_channel/backup_poller.cc +2 -11
  10. data/src/core/ext/filters/client_channel/backup_poller.h +0 -3
  11. data/src/core/ext/filters/client_channel/client_channel.cc +848 -813
  12. data/src/core/ext/filters/client_channel/client_channel.h +131 -173
  13. data/src/core/ext/filters/client_channel/client_channel_internal.h +114 -0
  14. data/src/core/ext/filters/client_channel/config_selector.h +4 -3
  15. data/src/core/ext/filters/client_channel/http_proxy.cc +1 -1
  16. data/src/core/ext/filters/client_channel/lb_policy/backend_metric_data.h +6 -1
  17. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +17 -18
  18. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +134 -151
  19. data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +1 -15
  20. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +14 -10
  21. data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/weighted_round_robin.cc +68 -30
  22. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +11 -3
  23. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +8 -1
  24. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +2 -5
  25. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.cc +2 -2
  26. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +30 -38
  27. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +4 -4
  28. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +20 -26
  29. data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +31 -179
  30. data/src/core/ext/filters/client_channel/resolver/polling_resolver.cc +1 -2
  31. data/src/core/ext/filters/client_channel/resolver/polling_resolver.h +1 -2
  32. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +4 -2
  33. data/src/core/ext/filters/client_channel/retry_filter.cc +95 -102
  34. data/src/core/ext/filters/client_channel/subchannel.cc +2 -4
  35. data/src/core/ext/filters/client_channel/subchannel_stream_client.cc +26 -27
  36. data/src/core/ext/filters/client_channel/subchannel_stream_client.h +8 -5
  37. data/src/core/ext/filters/http/client/http_client_filter.cc +3 -3
  38. data/src/core/ext/filters/http/http_filters_plugin.cc +1 -12
  39. data/src/core/ext/filters/http/message_compress/compression_filter.cc +27 -11
  40. data/src/core/ext/filters/message_size/message_size_filter.cc +141 -224
  41. data/src/core/ext/filters/message_size/message_size_filter.h +48 -3
  42. data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +7 -6
  43. data/src/core/ext/gcp/metadata_query.cc +142 -0
  44. data/src/core/ext/gcp/metadata_query.h +82 -0
  45. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +70 -55
  46. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +149 -60
  47. data/src/core/ext/transport/chttp2/transport/flow_control.cc +5 -2
  48. data/src/core/ext/transport/chttp2/transport/flow_control.h +2 -1
  49. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +4 -1
  50. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +42 -23
  51. data/src/core/ext/transport/chttp2/transport/hpack_parser.h +5 -3
  52. data/src/core/ext/transport/chttp2/transport/internal.h +18 -3
  53. data/src/core/ext/transport/chttp2/transport/parsing.cc +9 -2
  54. data/src/core/ext/transport/chttp2/transport/writing.cc +10 -5
  55. data/src/core/ext/transport/inproc/inproc_transport.cc +20 -14
  56. data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +5 -3
  57. data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +22 -0
  58. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +5 -3
  59. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +22 -0
  60. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +23 -5
  61. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +94 -3
  62. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +23 -2
  63. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +120 -0
  64. data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.c +6 -3
  65. data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.h +22 -0
  66. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +24 -6
  67. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +111 -12
  68. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +9 -7
  69. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +27 -9
  70. data/src/core/ext/upb-generated/envoy/config/trace/v3/opentelemetry.upb.c +0 -1
  71. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +11 -7
  72. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +56 -12
  73. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.c +5 -3
  74. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.h +24 -0
  75. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.c +5 -3
  76. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.h +24 -0
  77. data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.c +13 -2
  78. data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.h +49 -0
  79. data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.c +24 -9
  80. data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.h +66 -12
  81. data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +191 -187
  82. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +139 -136
  83. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +31 -15
  84. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.h +5 -0
  85. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +12 -9
  86. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +15 -0
  87. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.c +54 -45
  88. data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c +135 -119
  89. data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h +5 -0
  90. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +100 -97
  91. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opentelemetry.upbdefs.c +15 -18
  92. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +272 -264
  93. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +117 -117
  94. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.c +5 -5
  95. data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +5 -5
  96. data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +5 -5
  97. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.c +12 -9
  98. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.h +5 -0
  99. data/src/core/ext/xds/xds_channel_stack_modifier.cc +1 -2
  100. data/src/core/ext/xds/xds_client_stats.cc +29 -15
  101. data/src/core/ext/xds/xds_client_stats.h +24 -20
  102. data/src/core/ext/xds/xds_endpoint.cc +5 -2
  103. data/src/core/ext/xds/xds_endpoint.h +9 -1
  104. data/src/core/ext/xds/xds_http_rbac_filter.cc +1 -1
  105. data/src/core/ext/xds/xds_lb_policy_registry.cc +13 -0
  106. data/src/core/ext/xds/xds_transport_grpc.cc +1 -1
  107. data/src/core/{ext/filters/client_channel/resolver/dns/dns_resolver_selection.h → lib/backoff/random_early_detection.cc} +14 -12
  108. data/src/core/lib/backoff/random_early_detection.h +59 -0
  109. data/src/core/lib/channel/call_finalization.h +1 -1
  110. data/src/core/lib/channel/call_tracer.cc +51 -0
  111. data/src/core/lib/channel/call_tracer.h +101 -38
  112. data/src/core/lib/channel/connected_channel.cc +483 -1050
  113. data/src/core/lib/channel/context.h +8 -1
  114. data/src/core/lib/channel/promise_based_filter.cc +106 -42
  115. data/src/core/lib/channel/promise_based_filter.h +27 -13
  116. data/src/core/lib/channel/server_call_tracer_filter.cc +110 -0
  117. data/src/core/lib/config/config_vars.cc +151 -0
  118. data/src/core/lib/config/config_vars.h +127 -0
  119. data/src/core/lib/config/config_vars_non_generated.cc +51 -0
  120. data/src/core/lib/config/load_config.cc +66 -0
  121. data/src/core/lib/config/load_config.h +49 -0
  122. data/src/core/lib/debug/trace.cc +5 -6
  123. data/src/core/lib/debug/trace.h +0 -5
  124. data/src/core/lib/event_engine/event_engine.cc +37 -2
  125. data/src/core/lib/event_engine/handle_containers.h +7 -22
  126. data/src/core/lib/event_engine/memory_allocator_factory.h +47 -0
  127. data/src/core/lib/event_engine/posix_engine/ev_poll_posix.cc +0 -4
  128. data/src/core/lib/event_engine/posix_engine/event_poller_posix_default.cc +3 -9
  129. data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +48 -15
  130. data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +8 -8
  131. data/src/core/lib/event_engine/posix_engine/posix_engine.cc +6 -5
  132. data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +6 -3
  133. data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +27 -18
  134. data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +0 -3
  135. data/src/core/lib/event_engine/resolved_address.cc +2 -1
  136. data/src/core/lib/event_engine/windows/win_socket.cc +0 -1
  137. data/src/core/lib/event_engine/windows/windows_endpoint.cc +129 -82
  138. data/src/core/lib/event_engine/windows/windows_endpoint.h +21 -5
  139. data/src/core/lib/event_engine/windows/windows_engine.cc +39 -18
  140. data/src/core/lib/event_engine/windows/windows_engine.h +2 -1
  141. data/src/core/lib/event_engine/windows/windows_listener.cc +370 -0
  142. data/src/core/lib/event_engine/windows/windows_listener.h +155 -0
  143. data/src/core/lib/experiments/config.cc +3 -10
  144. data/src/core/lib/experiments/experiments.cc +7 -0
  145. data/src/core/lib/experiments/experiments.h +9 -1
  146. data/src/core/lib/gpr/log.cc +15 -28
  147. data/src/core/lib/gprpp/fork.cc +8 -14
  148. data/src/core/lib/gprpp/orphanable.h +4 -3
  149. data/src/core/lib/gprpp/per_cpu.h +9 -3
  150. data/src/core/lib/gprpp/{thd_posix.cc → posix/thd.cc} +49 -37
  151. data/src/core/lib/gprpp/ref_counted.h +33 -34
  152. data/src/core/lib/gprpp/thd.h +16 -0
  153. data/src/core/lib/gprpp/time.cc +1 -0
  154. data/src/core/lib/gprpp/time.h +4 -4
  155. data/src/core/lib/gprpp/{thd_windows.cc → windows/thd.cc} +2 -2
  156. data/src/core/lib/iomgr/call_combiner.h +2 -2
  157. data/src/core/lib/iomgr/endpoint_cfstream.cc +4 -2
  158. data/src/core/lib/iomgr/endpoint_pair.h +2 -2
  159. data/src/core/lib/iomgr/endpoint_pair_posix.cc +2 -2
  160. data/src/core/lib/iomgr/endpoint_pair_windows.cc +1 -1
  161. data/src/core/lib/iomgr/ev_posix.cc +13 -53
  162. data/src/core/lib/iomgr/ev_posix.h +0 -3
  163. data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +103 -76
  164. data/src/core/lib/iomgr/iomgr.cc +4 -8
  165. data/src/core/lib/iomgr/iomgr_windows.cc +8 -2
  166. data/src/core/lib/iomgr/pollset_set_windows.cc +9 -9
  167. data/src/core/lib/iomgr/pollset_windows.cc +1 -1
  168. data/src/core/lib/iomgr/socket_utils_common_posix.cc +16 -3
  169. data/src/core/lib/iomgr/tcp_client_windows.cc +2 -2
  170. data/src/core/lib/iomgr/tcp_posix.cc +0 -1
  171. data/src/core/lib/iomgr/tcp_server_posix.cc +5 -16
  172. data/src/core/lib/iomgr/tcp_server_windows.cc +176 -9
  173. data/src/core/lib/iomgr/tcp_windows.cc +12 -8
  174. data/src/core/lib/load_balancing/lb_policy.cc +9 -13
  175. data/src/core/lib/load_balancing/lb_policy.h +4 -2
  176. data/src/core/lib/promise/activity.cc +22 -6
  177. data/src/core/lib/promise/activity.h +61 -24
  178. data/src/core/lib/promise/cancel_callback.h +77 -0
  179. data/src/core/lib/promise/detail/basic_seq.h +1 -1
  180. data/src/core/lib/promise/detail/promise_factory.h +4 -0
  181. data/src/core/lib/promise/for_each.h +176 -0
  182. data/src/core/lib/promise/if.h +9 -0
  183. data/src/core/lib/promise/interceptor_list.h +23 -2
  184. data/src/core/lib/promise/latch.h +89 -3
  185. data/src/core/lib/promise/loop.h +13 -9
  186. data/src/core/lib/promise/map.h +7 -0
  187. data/src/core/lib/promise/party.cc +286 -0
  188. data/src/core/lib/promise/party.h +499 -0
  189. data/src/core/lib/promise/pipe.h +197 -57
  190. data/src/core/lib/promise/poll.h +48 -0
  191. data/src/core/lib/promise/promise.h +2 -2
  192. data/src/core/lib/resource_quota/arena.cc +19 -3
  193. data/src/core/lib/resource_quota/arena.h +119 -5
  194. data/src/core/lib/resource_quota/memory_quota.cc +1 -1
  195. data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +12 -35
  196. data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +1 -0
  197. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +0 -59
  198. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +10 -5
  199. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -1
  200. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +13 -0
  201. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +2 -0
  202. data/src/core/lib/security/security_connector/load_system_roots_supported.cc +5 -9
  203. data/src/core/lib/security/security_connector/ssl_utils.cc +11 -25
  204. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +12 -0
  205. data/src/core/lib/security/transport/secure_endpoint.cc +4 -2
  206. data/src/core/lib/security/transport/server_auth_filter.cc +20 -2
  207. data/src/core/lib/slice/slice.cc +1 -1
  208. data/src/core/lib/surface/builtins.cc +2 -0
  209. data/src/core/lib/surface/call.cc +926 -1024
  210. data/src/core/lib/surface/call.h +10 -0
  211. data/src/core/lib/surface/lame_client.cc +1 -0
  212. data/src/core/lib/surface/version.cc +2 -2
  213. data/src/core/lib/transport/batch_builder.cc +179 -0
  214. data/src/core/lib/transport/batch_builder.h +468 -0
  215. data/src/core/lib/transport/bdp_estimator.cc +7 -7
  216. data/src/core/lib/transport/bdp_estimator.h +10 -6
  217. data/src/core/lib/transport/custom_metadata.h +30 -0
  218. data/src/core/lib/transport/metadata_batch.cc +9 -6
  219. data/src/core/lib/transport/metadata_batch.h +58 -16
  220. data/src/core/lib/transport/parsed_metadata.h +3 -3
  221. data/src/core/lib/transport/timeout_encoding.cc +6 -1
  222. data/src/core/lib/transport/transport.cc +30 -2
  223. data/src/core/lib/transport/transport.h +70 -14
  224. data/src/core/lib/transport/transport_impl.h +7 -0
  225. data/src/core/lib/transport/transport_op_string.cc +52 -42
  226. data/src/core/plugin_registry/grpc_plugin_registry.cc +2 -2
  227. data/src/core/tsi/alts/frame_protector/alts_frame_protector.cc +1 -0
  228. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +21 -4
  229. data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +5 -0
  230. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +1 -1
  231. data/src/core/tsi/ssl_transport_security.cc +4 -2
  232. data/src/ruby/lib/grpc/version.rb +1 -1
  233. data/third_party/abseil-cpp/absl/base/config.h +1 -1
  234. data/third_party/abseil-cpp/absl/flags/commandlineflag.cc +34 -0
  235. data/third_party/abseil-cpp/absl/flags/commandlineflag.h +200 -0
  236. data/third_party/abseil-cpp/absl/flags/config.h +68 -0
  237. data/third_party/abseil-cpp/absl/flags/declare.h +73 -0
  238. data/third_party/abseil-cpp/absl/flags/flag.cc +38 -0
  239. data/third_party/abseil-cpp/absl/flags/flag.h +310 -0
  240. data/{src/core/lib/gprpp/global_config_custom.h → third_party/abseil-cpp/absl/flags/internal/commandlineflag.cc} +11 -14
  241. data/third_party/abseil-cpp/absl/flags/internal/commandlineflag.h +68 -0
  242. data/third_party/abseil-cpp/absl/flags/internal/flag.cc +615 -0
  243. data/third_party/abseil-cpp/absl/flags/internal/flag.h +800 -0
  244. data/third_party/abseil-cpp/absl/flags/internal/flag_msvc.inc +116 -0
  245. data/third_party/abseil-cpp/absl/flags/internal/path_util.h +62 -0
  246. data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.cc +65 -0
  247. data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.h +61 -0
  248. data/third_party/abseil-cpp/absl/flags/internal/program_name.cc +60 -0
  249. data/third_party/abseil-cpp/absl/flags/internal/program_name.h +50 -0
  250. data/third_party/abseil-cpp/absl/flags/internal/registry.h +97 -0
  251. data/third_party/abseil-cpp/absl/flags/internal/sequence_lock.h +187 -0
  252. data/third_party/abseil-cpp/absl/flags/marshalling.cc +241 -0
  253. data/third_party/abseil-cpp/absl/flags/marshalling.h +356 -0
  254. data/third_party/abseil-cpp/absl/flags/reflection.cc +354 -0
  255. data/third_party/abseil-cpp/absl/flags/reflection.h +90 -0
  256. data/third_party/abseil-cpp/absl/flags/usage_config.cc +165 -0
  257. data/third_party/abseil-cpp/absl/flags/usage_config.h +135 -0
  258. data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +12 -8
  259. data/third_party/boringssl-with-bazel/err_data.c +728 -712
  260. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +177 -177
  261. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +28 -55
  262. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_d2i_fp.c +21 -23
  263. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_dup.c +20 -23
  264. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.c +66 -185
  265. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_i2d_fp.c +18 -21
  266. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +356 -311
  267. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +174 -194
  268. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +146 -210
  269. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +6 -9
  270. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strex.c +346 -526
  271. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +110 -131
  272. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +130 -116
  273. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +93 -60
  274. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +93 -181
  275. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +242 -305
  276. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_par.c +41 -18
  277. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +30 -33
  278. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +36 -33
  279. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +29 -26
  280. data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +133 -88
  281. data/third_party/boringssl-with-bazel/src/crypto/asn1/posix_time.c +230 -0
  282. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +791 -791
  283. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +526 -526
  284. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +114 -135
  285. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +201 -207
  286. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +21 -26
  287. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +55 -68
  288. data/third_party/boringssl-with-bazel/src/crypto/base64/base64.c +2 -4
  289. data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +11 -7
  290. data/third_party/boringssl-with-bazel/src/crypto/bio/bio_mem.c +4 -4
  291. data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +15 -9
  292. data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +4 -4
  293. data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +17 -10
  294. data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +1 -3
  295. data/third_party/boringssl-with-bazel/src/crypto/bio/printf.c +0 -13
  296. data/third_party/boringssl-with-bazel/src/crypto/bio/socket.c +3 -6
  297. data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +2 -0
  298. data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +9 -5
  299. data/third_party/boringssl-with-bazel/src/crypto/bn_extra/convert.c +10 -23
  300. data/third_party/boringssl-with-bazel/src/crypto/buf/buf.c +2 -6
  301. data/third_party/boringssl-with-bazel/src/crypto/bytestring/asn1_compat.c +2 -1
  302. data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +29 -28
  303. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbb.c +161 -201
  304. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +254 -39
  305. data/third_party/boringssl-with-bazel/src/crypto/bytestring/internal.h +2 -2
  306. data/third_party/boringssl-with-bazel/src/crypto/chacha/chacha.c +0 -2
  307. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +4 -4
  308. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesctrhmac.c +9 -8
  309. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesgcmsiv.c +37 -75
  310. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +8 -10
  311. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/cipher → cipher_extra}/e_des.c +100 -78
  312. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_null.c +1 -0
  313. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc2.c +1 -0
  314. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc4.c +2 -0
  315. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +6 -12
  316. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +14 -11
  317. data/third_party/boringssl-with-bazel/src/crypto/conf/conf.c +6 -10
  318. data/third_party/boringssl-with-bazel/src/crypto/conf/conf_def.h +0 -1
  319. data/third_party/boringssl-with-bazel/src/crypto/conf/internal.h +12 -0
  320. data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_apple.c +74 -0
  321. data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_freebsd.c +62 -0
  322. data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-fuchsia.c → cpu_aarch64_fuchsia.c} +8 -7
  323. data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-linux.c → cpu_aarch64_linux.c} +6 -4
  324. data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-win.c → cpu_aarch64_win.c} +4 -4
  325. data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm.c → cpu_arm.c} +1 -1
  326. data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_freebsd.c +55 -0
  327. data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.c → cpu_arm_linux.c} +11 -90
  328. data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.h → cpu_arm_linux.h} +0 -38
  329. data/third_party/boringssl-with-bazel/src/crypto/{cpu-intel.c → cpu_intel.c} +1 -2
  330. data/third_party/boringssl-with-bazel/src/crypto/crypto.c +25 -20
  331. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +16 -27
  332. data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +17 -32
  333. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/des.c +232 -232
  334. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/internal.h +1 -1
  335. data/third_party/boringssl-with-bazel/src/crypto/dh_extra/dh_asn1.c +1 -0
  336. data/third_party/boringssl-with-bazel/src/crypto/dh_extra/params.c +232 -29
  337. data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +0 -3
  338. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +39 -16
  339. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa_asn1.c +37 -7
  340. data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +3 -3
  341. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +11 -36
  342. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +214 -99
  343. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +21 -5
  344. data/third_party/boringssl-with-bazel/src/crypto/ecdsa_extra/ecdsa_asn1.c +2 -4
  345. data/third_party/boringssl-with-bazel/src/crypto/err/err.c +83 -60
  346. data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +46 -12
  347. data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +3 -3
  348. data/third_party/boringssl-with-bazel/src/crypto/evp/evp_ctx.c +25 -23
  349. data/third_party/boringssl-with-bazel/src/crypto/evp/internal.h +43 -9
  350. data/third_party/boringssl-with-bazel/src/crypto/evp/p_dsa_asn1.c +75 -44
  351. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec.c +19 -25
  352. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec_asn1.c +96 -45
  353. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519.c +7 -8
  354. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519_asn1.c +26 -23
  355. data/third_party/boringssl-with-bazel/src/crypto/evp/p_hkdf.c +233 -0
  356. data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +5 -5
  357. data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa_asn1.c +42 -25
  358. data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519.c +4 -5
  359. data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519_asn1.c +35 -47
  360. data/third_party/boringssl-with-bazel/src/crypto/evp/print.c +135 -244
  361. data/third_party/boringssl-with-bazel/src/crypto/evp/scrypt.c +2 -4
  362. data/third_party/boringssl-with-bazel/src/crypto/evp/sign.c +15 -10
  363. data/third_party/boringssl-with-bazel/src/crypto/ex_data.c +29 -15
  364. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes.c +0 -2
  365. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +13 -14
  366. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +3 -13
  367. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/key_wrap.c +13 -7
  368. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +9 -7
  369. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +35 -27
  370. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +16 -26
  371. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bytes.c +88 -60
  372. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/cmp.c +4 -3
  373. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/ctx.c +0 -2
  374. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +1 -1
  375. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div_extra.c +1 -1
  376. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +99 -113
  377. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd.c +0 -1
  378. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd_extra.c +5 -3
  379. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/generic.c +112 -168
  380. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +86 -31
  381. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +11 -6
  382. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery_inv.c +4 -5
  383. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +4 -5
  384. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +13 -0
  385. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/random.c +13 -5
  386. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.c +19 -108
  387. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.h +19 -15
  388. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/shift.c +15 -16
  389. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/sqrt.c +22 -21
  390. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/aead.c +3 -0
  391. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +79 -19
  392. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +102 -99
  393. data/third_party/boringssl-with-bazel/src/crypto/{cipher_extra → fipsmodule/cipher}/e_aesccm.c +52 -46
  394. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/internal.h +39 -0
  395. data/third_party/boringssl-with-bazel/src/crypto/{cmac → fipsmodule/cmac}/cmac.c +55 -11
  396. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/check.c +2 -3
  397. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/dh.c +21 -6
  398. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/internal.h +56 -0
  399. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +5 -3
  400. data/third_party/boringssl-with-bazel/src/crypto/{evp → fipsmodule/digestsign}/digestsign.c +51 -15
  401. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +25 -25
  402. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +91 -17
  403. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +5 -5
  404. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +34 -12
  405. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +54 -23
  406. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +44 -60
  407. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64-table.h → p256-nistz-table.h} +1 -1
  408. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.c → p256-nistz.c} +60 -53
  409. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.h → p256-nistz.h} +5 -13
  410. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +48 -36
  411. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +2 -8
  412. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +2 -7
  413. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +2 -3
  414. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +0 -1
  415. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +8 -0
  416. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +42 -14
  417. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +6 -0
  418. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hmac/hmac.c +52 -24
  419. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +9 -15
  420. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cfb.c +1 -4
  421. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +2 -4
  422. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +71 -43
  423. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +14 -16
  424. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +1 -4
  425. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/ctrdrbg.c +31 -13
  426. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +16 -8
  427. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +3 -2
  428. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +2 -2
  429. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +9 -38
  430. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +73 -59
  431. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +11 -45
  432. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +0 -1
  433. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +22 -0
  434. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/padding.c +63 -52
  435. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +107 -62
  436. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +58 -31
  437. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +41 -0
  438. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +523 -422
  439. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/internal.h +89 -0
  440. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/service_indicator.c +334 -0
  441. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +3 -12
  442. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +2 -0
  443. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +12 -8
  444. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +14 -12
  445. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/kdf.c +19 -6
  446. data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +32 -14
  447. data/third_party/boringssl-with-bazel/src/crypto/hrss/hrss.c +65 -29
  448. data/third_party/boringssl-with-bazel/src/crypto/internal.h +373 -18
  449. data/third_party/boringssl-with-bazel/src/crypto/kyber/internal.h +61 -0
  450. data/third_party/boringssl-with-bazel/src/crypto/kyber/keccak.c +205 -0
  451. data/third_party/boringssl-with-bazel/src/crypto/lhash/internal.h +13 -1
  452. data/third_party/boringssl-with-bazel/src/crypto/mem.c +220 -13
  453. data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +19 -7
  454. data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +13 -1
  455. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_all.c +81 -90
  456. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_info.c +150 -245
  457. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +629 -613
  458. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_oth.c +17 -17
  459. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +142 -149
  460. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +99 -131
  461. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_x509.c +0 -1
  462. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_xaux.c +0 -1
  463. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +0 -1
  464. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8.c +0 -3
  465. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +36 -66
  466. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +31 -38
  467. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +2 -1
  468. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +18 -31
  469. data/third_party/boringssl-with-bazel/src/crypto/pool/internal.h +1 -0
  470. data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +8 -1
  471. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +129 -5
  472. data/third_party/boringssl-with-bazel/src/crypto/refcount_c11.c +0 -2
  473. data/third_party/boringssl-with-bazel/src/crypto/refcount_lock.c +3 -4
  474. data/third_party/boringssl-with-bazel/src/crypto/siphash/siphash.c +8 -11
  475. data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +61 -27
  476. data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +10 -13
  477. data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +10 -13
  478. data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +66 -34
  479. data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +190 -77
  480. data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +81 -284
  481. data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +109 -42
  482. data/third_party/boringssl-with-bazel/src/crypto/x509/a_digest.c +22 -24
  483. data/third_party/boringssl-with-bazel/src/crypto/x509/a_sign.c +54 -55
  484. data/third_party/boringssl-with-bazel/src/crypto/x509/a_verify.c +32 -34
  485. data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +32 -16
  486. data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +465 -704
  487. data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +284 -331
  488. data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +183 -178
  489. data/third_party/boringssl-with-bazel/src/crypto/x509/i2d_pr.c +11 -15
  490. data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +67 -50
  491. data/third_party/boringssl-with-bazel/src/crypto/x509/name_print.c +153 -150
  492. data/third_party/boringssl-with-bazel/src/crypto/x509/policy.c +786 -0
  493. data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +95 -102
  494. data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +72 -57
  495. data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +12 -10
  496. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +227 -252
  497. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509a.c +52 -47
  498. data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +3 -4
  499. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +230 -224
  500. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +161 -327
  501. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_d2.c +37 -33
  502. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_def.c +14 -31
  503. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +55 -85
  504. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +534 -618
  505. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +129 -122
  506. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +116 -182
  507. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +132 -132
  508. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +181 -202
  509. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_txt.c +64 -79
  510. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +175 -160
  511. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +1865 -2050
  512. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +433 -462
  513. data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +156 -163
  514. data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +267 -263
  515. data/third_party/boringssl-with-bazel/src/crypto/x509/x509rset.c +40 -15
  516. data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.c +59 -63
  517. data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +63 -67
  518. data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +114 -144
  519. data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +25 -26
  520. data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +326 -415
  521. data/third_party/boringssl-with-bazel/src/crypto/x509/x_exten.c +8 -7
  522. data/third_party/boringssl-with-bazel/src/crypto/x509/x_info.c +30 -28
  523. data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +354 -370
  524. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +37 -32
  525. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +116 -119
  526. data/third_party/boringssl-with-bazel/src/crypto/x509/x_req.c +36 -26
  527. data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +3 -4
  528. data/third_party/boringssl-with-bazel/src/crypto/x509/x_spki.c +10 -13
  529. data/third_party/boringssl-with-bazel/src/crypto/x509/x_val.c +3 -4
  530. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +419 -261
  531. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +113 -105
  532. data/third_party/boringssl-with-bazel/src/crypto/x509v3/ext_dat.h +11 -15
  533. data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +78 -170
  534. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +126 -131
  535. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akeya.c +3 -4
  536. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +465 -469
  537. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bcons.c +56 -54
  538. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +46 -49
  539. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +309 -346
  540. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +341 -365
  541. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_crld.c +429 -393
  542. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +29 -24
  543. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_extku.c +65 -59
  544. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +125 -121
  545. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +43 -42
  546. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +122 -125
  547. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_int.c +50 -20
  548. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +247 -253
  549. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ncons.c +386 -389
  550. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ocsp.c +45 -32
  551. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcons.c +57 -54
  552. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pmaps.c +63 -67
  553. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +143 -136
  554. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +664 -707
  555. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +83 -75
  556. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +1062 -1146
  557. data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +8 -4
  558. data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +28 -48
  559. data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +211 -187
  560. data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +26 -78
  561. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +19 -14
  562. data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +21 -2
  563. data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +49 -17
  564. data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +99 -29
  565. data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +49 -60
  566. data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +2 -15
  567. data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +16 -200
  568. data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +34 -0
  569. data/third_party/boringssl-with-bazel/src/include/openssl/ctrdrbg.h +82 -0
  570. data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +32 -30
  571. data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +7 -0
  572. data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +4 -0
  573. data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +48 -5
  574. data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h +37 -8
  575. data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +1 -0
  576. data/third_party/boringssl-with-bazel/src/include/openssl/err.h +33 -5
  577. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +22 -30
  578. data/third_party/boringssl-with-bazel/src/include/openssl/ex_data.h +1 -1
  579. data/third_party/boringssl-with-bazel/src/include/openssl/hmac.h +7 -0
  580. data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +41 -16
  581. data/third_party/boringssl-with-bazel/src/include/openssl/kdf.h +91 -0
  582. data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +74 -8
  583. data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +13 -0
  584. data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +1 -0
  585. data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +11 -15
  586. data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +8 -0
  587. data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +12 -1
  588. data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +7 -4
  589. data/third_party/boringssl-with-bazel/src/include/openssl/service_indicator.h +96 -0
  590. data/third_party/boringssl-with-bazel/src/include/openssl/span.h +13 -21
  591. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +139 -75
  592. data/third_party/boringssl-with-bazel/src/include/openssl/ssl3.h +1 -6
  593. data/third_party/boringssl-with-bazel/src/include/openssl/stack.h +384 -286
  594. data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +5 -6
  595. data/third_party/boringssl-with-bazel/src/include/openssl/time.h +41 -0
  596. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +18 -7
  597. data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +49 -23
  598. data/third_party/boringssl-with-bazel/src/include/openssl/type_check.h +0 -11
  599. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +1592 -1074
  600. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +202 -205
  601. data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +2 -2
  602. data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +6 -13
  603. data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +17 -18
  604. data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +4 -5
  605. data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +25 -33
  606. data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +34 -20
  607. data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +65 -34
  608. data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +198 -54
  609. data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +5 -5
  610. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +32 -28
  611. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +76 -44
  612. data/third_party/boringssl-with-bazel/src/ssl/internal.h +130 -98
  613. data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +27 -11
  614. data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
  615. data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +91 -75
  616. data/third_party/boringssl-with-bazel/src/ssl/ssl_aead_ctx.cc +8 -10
  617. data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +39 -65
  618. data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +1 -0
  619. data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +5 -9
  620. data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +30 -33
  621. data/third_party/boringssl-with-bazel/src/ssl/ssl_file.cc +77 -100
  622. data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +120 -107
  623. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +164 -30
  624. data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +150 -60
  625. data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +22 -11
  626. data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +22 -6
  627. data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +15 -13
  628. data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +5 -43
  629. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +7 -4
  630. data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +2 -2
  631. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +22 -34
  632. data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +2 -2
  633. data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +16 -98
  634. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +1241 -657
  635. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +751 -398
  636. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +3551 -1938
  637. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +1272 -487
  638. metadata +105 -70
  639. data/src/core/ext/filters/client_channel/lb_call_state_internal.h +0 -39
  640. data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.cc +0 -30
  641. data/src/core/lib/gprpp/global_config.h +0 -93
  642. data/src/core/lib/gprpp/global_config_env.cc +0 -140
  643. data/src/core/lib/gprpp/global_config_env.h +0 -133
  644. data/src/core/lib/gprpp/global_config_generic.h +0 -40
  645. data/src/core/lib/promise/intra_activity_waiter.h +0 -55
  646. data/src/core/lib/security/security_connector/ssl_utils_config.cc +0 -32
  647. data/src/core/lib/security/security_connector/ssl_utils_config.h +0 -29
  648. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +0 -195
  649. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_print.c +0 -83
  650. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utf8.c +0 -236
  651. data/third_party/boringssl-with-bazel/src/crypto/asn1/charmap.h +0 -15
  652. data/third_party/boringssl-with-bazel/src/crypto/asn1/time_support.c +0 -206
  653. data/third_party/boringssl-with-bazel/src/crypto/cpu-ppc64le.c +0 -38
  654. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1-altivec.c +0 -361
  655. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_cache.c +0 -287
  656. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +0 -132
  657. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_lib.c +0 -155
  658. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_map.c +0 -131
  659. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_node.c +0 -189
  660. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_tree.c +0 -843
  661. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pci.c +0 -289
  662. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcia.c +0 -57
  663. /data/src/core/lib/gpr/{log_android.cc → android/log.cc} +0 -0
  664. /data/src/core/lib/gpr/{cpu_iphone.cc → iphone/cpu.cc} +0 -0
  665. /data/src/core/lib/gpr/{cpu_linux.cc → linux/cpu.cc} +0 -0
  666. /data/src/core/lib/gpr/{log_linux.cc → linux/log.cc} +0 -0
  667. /data/src/core/lib/gpr/{tmpfile_msys.cc → msys/tmpfile.cc} +0 -0
  668. /data/src/core/lib/gpr/{cpu_posix.cc → posix/cpu.cc} +0 -0
  669. /data/src/core/lib/gpr/{log_posix.cc → posix/log.cc} +0 -0
  670. /data/src/core/lib/gpr/{string_posix.cc → posix/string.cc} +0 -0
  671. /data/src/core/lib/gpr/{sync_posix.cc → posix/sync.cc} +0 -0
  672. /data/src/core/lib/gpr/{time_posix.cc → posix/time.cc} +0 -0
  673. /data/src/core/lib/gpr/{tmpfile_posix.cc → posix/tmpfile.cc} +0 -0
  674. /data/src/core/lib/gpr/{cpu_windows.cc → windows/cpu.cc} +0 -0
  675. /data/src/core/lib/gpr/{log_windows.cc → windows/log.cc} +0 -0
  676. /data/src/core/lib/gpr/{string_windows.cc → windows/string.cc} +0 -0
  677. /data/src/core/lib/gpr/{string_util_windows.cc → windows/string_util.cc} +0 -0
  678. /data/src/core/lib/gpr/{sync_windows.cc → windows/sync.cc} +0 -0
  679. /data/src/core/lib/gpr/{time_windows.cc → windows/time.cc} +0 -0
  680. /data/src/core/lib/gpr/{tmpfile_windows.cc → windows/tmpfile.cc} +0 -0
  681. /data/src/core/lib/gprpp/{env_linux.cc → linux/env.cc} +0 -0
  682. /data/src/core/lib/gprpp/{env_posix.cc → posix/env.cc} +0 -0
  683. /data/src/core/lib/gprpp/{stat_posix.cc → posix/stat.cc} +0 -0
  684. /data/src/core/lib/gprpp/{env_windows.cc → windows/env.cc} +0 -0
  685. /data/src/core/lib/gprpp/{stat_windows.cc → windows/stat.cc} +0 -0
@@ -62,590 +62,561 @@
62
62
  #include <openssl/x509.h>
63
63
  #include <openssl/x509v3.h>
64
64
 
65
- #include "internal.h"
66
65
  #include "../internal.h"
67
66
  #include "../x509v3/internal.h"
67
+ #include "internal.h"
68
68
 
69
69
 
70
- /* X509_VERIFY_PARAM functions */
70
+ // X509_VERIFY_PARAM functions
71
71
 
72
72
  #define SET_HOST 0
73
73
  #define ADD_HOST 1
74
74
 
75
- static char *str_copy(char *s)
76
- {
77
- return OPENSSL_strdup(s);
78
- }
79
-
80
- static void str_free(char *s)
81
- {
82
- OPENSSL_free(s);
83
- }
75
+ static void str_free(char *s) { OPENSSL_free(s); }
84
76
 
85
77
  #define string_stack_free(sk) sk_OPENSSL_STRING_pop_free(sk, str_free)
86
78
 
87
79
  static int int_x509_param_set_hosts(X509_VERIFY_PARAM *param, int mode,
88
- const char *name, size_t namelen)
89
- {
90
- char *copy;
80
+ const char *name, size_t namelen) {
81
+ char *copy;
91
82
 
92
- if (name == NULL || namelen == 0) {
93
- // Unlike OpenSSL, we reject trying to set or add an empty name.
94
- return 0;
95
- }
83
+ if (name == NULL || namelen == 0) {
84
+ // Unlike OpenSSL, we reject trying to set or add an empty name.
85
+ return 0;
86
+ }
96
87
 
97
- /*
98
- * Refuse names with embedded NUL bytes.
99
- * XXX: Do we need to push an error onto the error stack?
100
- */
101
- if (name && OPENSSL_memchr(name, '\0', namelen))
102
- return 0;
88
+ // Refuse names with embedded NUL bytes.
89
+ // XXX: Do we need to push an error onto the error stack?
90
+ if (name && OPENSSL_memchr(name, '\0', namelen)) {
91
+ return 0;
92
+ }
103
93
 
104
- if (mode == SET_HOST && param->hosts) {
105
- string_stack_free(param->hosts);
106
- param->hosts = NULL;
107
- }
94
+ if (mode == SET_HOST && param->hosts) {
95
+ string_stack_free(param->hosts);
96
+ param->hosts = NULL;
97
+ }
108
98
 
109
- copy = OPENSSL_strndup(name, namelen);
110
- if (copy == NULL)
111
- return 0;
99
+ copy = OPENSSL_strndup(name, namelen);
100
+ if (copy == NULL) {
101
+ return 0;
102
+ }
112
103
 
113
- if (param->hosts == NULL &&
114
- (param->hosts = sk_OPENSSL_STRING_new_null()) == NULL) {
115
- OPENSSL_free(copy);
116
- return 0;
117
- }
104
+ if (param->hosts == NULL &&
105
+ (param->hosts = sk_OPENSSL_STRING_new_null()) == NULL) {
106
+ OPENSSL_free(copy);
107
+ return 0;
108
+ }
118
109
 
119
- if (!sk_OPENSSL_STRING_push(param->hosts, copy)) {
120
- OPENSSL_free(copy);
121
- if (sk_OPENSSL_STRING_num(param->hosts) == 0) {
122
- sk_OPENSSL_STRING_free(param->hosts);
123
- param->hosts = NULL;
124
- }
125
- return 0;
110
+ if (!sk_OPENSSL_STRING_push(param->hosts, copy)) {
111
+ OPENSSL_free(copy);
112
+ if (sk_OPENSSL_STRING_num(param->hosts) == 0) {
113
+ sk_OPENSSL_STRING_free(param->hosts);
114
+ param->hosts = NULL;
126
115
  }
116
+ return 0;
117
+ }
118
+
119
+ return 1;
120
+ }
121
+
122
+ static void x509_verify_param_zero(X509_VERIFY_PARAM *param) {
123
+ if (!param) {
124
+ return;
125
+ }
126
+ param->name = NULL;
127
+ param->purpose = 0;
128
+ param->trust = 0;
129
+ // param->inh_flags = X509_VP_FLAG_DEFAULT;
130
+ param->inh_flags = 0;
131
+ param->flags = 0;
132
+ param->depth = -1;
133
+ if (param->policies) {
134
+ sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
135
+ param->policies = NULL;
136
+ }
137
+ if (param->hosts) {
138
+ string_stack_free(param->hosts);
139
+ param->hosts = NULL;
140
+ }
141
+ if (param->peername) {
142
+ OPENSSL_free(param->peername);
143
+ param->peername = NULL;
144
+ }
145
+ if (param->email) {
146
+ OPENSSL_free(param->email);
147
+ param->email = NULL;
148
+ param->emaillen = 0;
149
+ }
150
+ if (param->ip) {
151
+ OPENSSL_free(param->ip);
152
+ param->ip = NULL;
153
+ param->iplen = 0;
154
+ }
155
+ param->poison = 0;
156
+ }
157
+
158
+ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) {
159
+ X509_VERIFY_PARAM *param;
160
+ param = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM));
161
+ if (!param) {
162
+ return NULL;
163
+ }
164
+ OPENSSL_memset(param, 0, sizeof(X509_VERIFY_PARAM));
165
+ x509_verify_param_zero(param);
166
+ return param;
167
+ }
168
+
169
+ void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param) {
170
+ if (param == NULL) {
171
+ return;
172
+ }
173
+ x509_verify_param_zero(param);
174
+ OPENSSL_free(param);
175
+ }
176
+
177
+ //-
178
+ // This function determines how parameters are "inherited" from one structure
179
+ // to another. There are several different ways this can happen.
180
+ //
181
+ // 1. If a child structure needs to have its values initialized from a parent
182
+ // they are simply copied across. For example SSL_CTX copied to SSL.
183
+ // 2. If the structure should take on values only if they are currently unset.
184
+ // For example the values in an SSL structure will take appropriate value
185
+ // for SSL servers or clients but only if the application has not set new
186
+ // ones.
187
+ //
188
+ // The "inh_flags" field determines how this function behaves.
189
+ //
190
+ // Normally any values which are set in the default are not copied from the
191
+ // destination and verify flags are ORed together.
192
+ //
193
+ // If X509_VP_FLAG_DEFAULT is set then anything set in the source is copied
194
+ // to the destination. Effectively the values in "to" become default values
195
+ // which will be used only if nothing new is set in "from".
196
+ //
197
+ // If X509_VP_FLAG_OVERWRITE is set then all value are copied across whether
198
+ // they are set or not. Flags is still Ored though.
199
+ //
200
+ // If X509_VP_FLAG_RESET_FLAGS is set then the flags value is copied instead
201
+ // of ORed.
202
+ //
203
+ // If X509_VP_FLAG_LOCKED is set then no values are copied.
204
+ //
205
+ // If X509_VP_FLAG_ONCE is set then the current inh_flags setting is zeroed
206
+ // after the next call.
207
+
208
+ // Macro to test if a field should be copied from src to dest
127
209
 
128
- return 1;
129
- }
210
+ #define test_x509_verify_param_copy(field, def) \
211
+ (to_overwrite || \
212
+ ((src->field != (def)) && (to_default || (dest->field == (def)))))
130
213
 
131
- static void x509_verify_param_zero(X509_VERIFY_PARAM *param)
132
- {
133
- if (!param)
134
- return;
135
- param->name = NULL;
136
- param->purpose = 0;
137
- param->trust = 0;
138
- /*
139
- * param->inh_flags = X509_VP_FLAG_DEFAULT;
140
- */
141
- param->inh_flags = 0;
142
- param->flags = 0;
143
- param->depth = -1;
144
- if (param->policies) {
145
- sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
146
- param->policies = NULL;
147
- }
148
- if (param->hosts) {
149
- string_stack_free(param->hosts);
150
- param->hosts = NULL;
151
- }
152
- if (param->peername) {
153
- OPENSSL_free(param->peername);
154
- param->peername = NULL;
155
- }
156
- if (param->email) {
157
- OPENSSL_free(param->email);
158
- param->email = NULL;
159
- param->emaillen = 0;
160
- }
161
- if (param->ip) {
162
- OPENSSL_free(param->ip);
163
- param->ip = NULL;
164
- param->iplen = 0;
165
- }
166
- param->poison = 0;
167
- }
214
+ // Macro to test and copy a field if necessary
168
215
 
169
- X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
170
- {
171
- X509_VERIFY_PARAM *param;
172
- param = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM));
173
- if (!param)
174
- return NULL;
175
- OPENSSL_memset(param, 0, sizeof(X509_VERIFY_PARAM));
176
- x509_verify_param_zero(param);
177
- return param;
178
- }
216
+ #define x509_verify_param_copy(field, def) \
217
+ if (test_x509_verify_param_copy(field, def)) \
218
+ dest->field = src->field
179
219
 
180
- void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param)
181
- {
182
- if (param == NULL)
183
- return;
184
- x509_verify_param_zero(param);
185
- OPENSSL_free(param);
186
- }
220
+ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
221
+ const X509_VERIFY_PARAM *src) {
222
+ unsigned long inh_flags;
223
+ int to_default, to_overwrite;
224
+ if (!src) {
225
+ return 1;
226
+ }
227
+ inh_flags = dest->inh_flags | src->inh_flags;
187
228
 
188
- /*-
189
- * This function determines how parameters are "inherited" from one structure
190
- * to another. There are several different ways this can happen.
191
- *
192
- * 1. If a child structure needs to have its values initialized from a parent
193
- * they are simply copied across. For example SSL_CTX copied to SSL.
194
- * 2. If the structure should take on values only if they are currently unset.
195
- * For example the values in an SSL structure will take appropriate value
196
- * for SSL servers or clients but only if the application has not set new
197
- * ones.
198
- *
199
- * The "inh_flags" field determines how this function behaves.
200
- *
201
- * Normally any values which are set in the default are not copied from the
202
- * destination and verify flags are ORed together.
203
- *
204
- * If X509_VP_FLAG_DEFAULT is set then anything set in the source is copied
205
- * to the destination. Effectively the values in "to" become default values
206
- * which will be used only if nothing new is set in "from".
207
- *
208
- * If X509_VP_FLAG_OVERWRITE is set then all value are copied across whether
209
- * they are set or not. Flags is still Ored though.
210
- *
211
- * If X509_VP_FLAG_RESET_FLAGS is set then the flags value is copied instead
212
- * of ORed.
213
- *
214
- * If X509_VP_FLAG_LOCKED is set then no values are copied.
215
- *
216
- * If X509_VP_FLAG_ONCE is set then the current inh_flags setting is zeroed
217
- * after the next call.
218
- */
229
+ if (inh_flags & X509_VP_FLAG_ONCE) {
230
+ dest->inh_flags = 0;
231
+ }
219
232
 
220
- /* Macro to test if a field should be copied from src to dest */
233
+ if (inh_flags & X509_VP_FLAG_LOCKED) {
234
+ return 1;
235
+ }
221
236
 
222
- #define test_x509_verify_param_copy(field, def) \
223
- (to_overwrite || \
224
- ((src->field != (def)) && (to_default || (dest->field == (def)))))
237
+ if (inh_flags & X509_VP_FLAG_DEFAULT) {
238
+ to_default = 1;
239
+ } else {
240
+ to_default = 0;
241
+ }
225
242
 
226
- /* Macro to test and copy a field if necessary */
243
+ if (inh_flags & X509_VP_FLAG_OVERWRITE) {
244
+ to_overwrite = 1;
245
+ } else {
246
+ to_overwrite = 0;
247
+ }
227
248
 
228
- #define x509_verify_param_copy(field, def) \
229
- if (test_x509_verify_param_copy(field, def)) \
230
- dest->field = src->field
249
+ x509_verify_param_copy(purpose, 0);
250
+ x509_verify_param_copy(trust, 0);
251
+ x509_verify_param_copy(depth, -1);
231
252
 
232
- int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
233
- const X509_VERIFY_PARAM *src)
234
- {
235
- unsigned long inh_flags;
236
- int to_default, to_overwrite;
237
- if (!src)
238
- return 1;
239
- inh_flags = dest->inh_flags | src->inh_flags;
240
-
241
- if (inh_flags & X509_VP_FLAG_ONCE)
242
- dest->inh_flags = 0;
243
-
244
- if (inh_flags & X509_VP_FLAG_LOCKED)
245
- return 1;
246
-
247
- if (inh_flags & X509_VP_FLAG_DEFAULT)
248
- to_default = 1;
249
- else
250
- to_default = 0;
251
-
252
- if (inh_flags & X509_VP_FLAG_OVERWRITE)
253
- to_overwrite = 1;
254
- else
255
- to_overwrite = 0;
256
-
257
- x509_verify_param_copy(purpose, 0);
258
- x509_verify_param_copy(trust, 0);
259
- x509_verify_param_copy(depth, -1);
260
-
261
- /* If overwrite or check time not set, copy across */
262
-
263
- if (to_overwrite || !(dest->flags & X509_V_FLAG_USE_CHECK_TIME)) {
264
- dest->check_time = src->check_time;
265
- dest->flags &= ~X509_V_FLAG_USE_CHECK_TIME;
266
- /* Don't need to copy flag: that is done below */
267
- }
253
+ // If overwrite or check time not set, copy across
254
+
255
+ if (to_overwrite || !(dest->flags & X509_V_FLAG_USE_CHECK_TIME)) {
256
+ dest->check_time = src->check_time;
257
+ dest->flags &= ~X509_V_FLAG_USE_CHECK_TIME;
258
+ // Don't need to copy flag: that is done below
259
+ }
268
260
 
269
- if (inh_flags & X509_VP_FLAG_RESET_FLAGS)
270
- dest->flags = 0;
261
+ if (inh_flags & X509_VP_FLAG_RESET_FLAGS) {
262
+ dest->flags = 0;
263
+ }
271
264
 
272
- dest->flags |= src->flags;
265
+ dest->flags |= src->flags;
273
266
 
274
- if (test_x509_verify_param_copy(policies, NULL)) {
275
- if (!X509_VERIFY_PARAM_set1_policies(dest, src->policies))
276
- return 0;
267
+ if (test_x509_verify_param_copy(policies, NULL)) {
268
+ if (!X509_VERIFY_PARAM_set1_policies(dest, src->policies)) {
269
+ return 0;
277
270
  }
271
+ }
278
272
 
279
- /* Copy the host flags if and only if we're copying the host list */
280
- if (test_x509_verify_param_copy(hosts, NULL)) {
281
- if (dest->hosts) {
282
- string_stack_free(dest->hosts);
283
- dest->hosts = NULL;
284
- }
285
- if (src->hosts) {
286
- dest->hosts =
287
- sk_OPENSSL_STRING_deep_copy(src->hosts, str_copy, str_free);
288
- if (dest->hosts == NULL)
289
- return 0;
290
- dest->hostflags = src->hostflags;
291
- }
273
+ // Copy the host flags if and only if we're copying the host list
274
+ if (test_x509_verify_param_copy(hosts, NULL)) {
275
+ if (dest->hosts) {
276
+ string_stack_free(dest->hosts);
277
+ dest->hosts = NULL;
292
278
  }
279
+ if (src->hosts) {
280
+ dest->hosts =
281
+ sk_OPENSSL_STRING_deep_copy(src->hosts, OPENSSL_strdup, str_free);
282
+ if (dest->hosts == NULL) {
283
+ return 0;
284
+ }
285
+ dest->hostflags = src->hostflags;
286
+ }
287
+ }
293
288
 
294
- if (test_x509_verify_param_copy(email, NULL)) {
295
- if (!X509_VERIFY_PARAM_set1_email(dest, src->email, src->emaillen))
296
- return 0;
289
+ if (test_x509_verify_param_copy(email, NULL)) {
290
+ if (!X509_VERIFY_PARAM_set1_email(dest, src->email, src->emaillen)) {
291
+ return 0;
297
292
  }
293
+ }
298
294
 
299
- if (test_x509_verify_param_copy(ip, NULL)) {
300
- if (!X509_VERIFY_PARAM_set1_ip(dest, src->ip, src->iplen))
301
- return 0;
295
+ if (test_x509_verify_param_copy(ip, NULL)) {
296
+ if (!X509_VERIFY_PARAM_set1_ip(dest, src->ip, src->iplen)) {
297
+ return 0;
302
298
  }
299
+ }
303
300
 
304
- dest->poison = src->poison;
301
+ dest->poison = src->poison;
305
302
 
306
- return 1;
303
+ return 1;
307
304
  }
308
305
 
309
306
  int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
310
- const X509_VERIFY_PARAM *from)
311
- {
312
- unsigned long save_flags = to->inh_flags;
313
- int ret;
314
- to->inh_flags |= X509_VP_FLAG_DEFAULT;
315
- ret = X509_VERIFY_PARAM_inherit(to, from);
316
- to->inh_flags = save_flags;
317
- return ret;
318
- }
319
-
320
- static int int_x509_param_set1(char **pdest, size_t *pdestlen,
321
- const char *src, size_t srclen)
322
- {
323
- void *tmp;
324
- if (src == NULL || srclen == 0) {
325
- // Unlike OpenSSL, we do not allow an empty string to disable previously
326
- // configured checks.
327
- return 0;
328
- }
329
-
330
- tmp = OPENSSL_memdup(src, srclen);
331
- if (!tmp) {
332
- return 0;
333
- }
307
+ const X509_VERIFY_PARAM *from) {
308
+ unsigned long save_flags = to->inh_flags;
309
+ int ret;
310
+ to->inh_flags |= X509_VP_FLAG_DEFAULT;
311
+ ret = X509_VERIFY_PARAM_inherit(to, from);
312
+ to->inh_flags = save_flags;
313
+ return ret;
314
+ }
315
+
316
+ static int int_x509_param_set1(char **pdest, size_t *pdestlen, const char *src,
317
+ size_t srclen) {
318
+ void *tmp;
319
+ if (src == NULL || srclen == 0) {
320
+ // Unlike OpenSSL, we do not allow an empty string to disable previously
321
+ // configured checks.
322
+ return 0;
323
+ }
334
324
 
335
- if (*pdest)
336
- OPENSSL_free(*pdest);
337
- *pdest = tmp;
338
- if (pdestlen)
339
- *pdestlen = srclen;
325
+ tmp = OPENSSL_memdup(src, srclen);
326
+ if (!tmp) {
327
+ return 0;
328
+ }
329
+
330
+ if (*pdest) {
331
+ OPENSSL_free(*pdest);
332
+ }
333
+ *pdest = tmp;
334
+ if (pdestlen) {
335
+ *pdestlen = srclen;
336
+ }
337
+ return 1;
338
+ }
339
+
340
+ int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name) {
341
+ if (param->name) {
342
+ OPENSSL_free(param->name);
343
+ }
344
+ param->name = OPENSSL_strdup(name);
345
+ if (param->name) {
340
346
  return 1;
347
+ }
348
+ return 0;
341
349
  }
342
350
 
343
- int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name)
344
- {
345
- if (param->name)
346
- OPENSSL_free(param->name);
347
- param->name = OPENSSL_strdup(name);
348
- if (param->name)
349
- return 1;
350
- return 0;
351
+ int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags) {
352
+ param->flags |= flags;
353
+ if (flags & X509_V_FLAG_POLICY_MASK) {
354
+ param->flags |= X509_V_FLAG_POLICY_CHECK;
355
+ }
356
+ return 1;
351
357
  }
352
358
 
353
- int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags)
354
- {
355
- param->flags |= flags;
356
- if (flags & X509_V_FLAG_POLICY_MASK)
357
- param->flags |= X509_V_FLAG_POLICY_CHECK;
358
- return 1;
359
+ int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
360
+ unsigned long flags) {
361
+ param->flags &= ~flags;
362
+ return 1;
359
363
  }
360
364
 
361
- int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
362
- unsigned long flags)
363
- {
364
- param->flags &= ~flags;
365
- return 1;
365
+ unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param) {
366
+ return param->flags;
366
367
  }
367
368
 
368
- unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param)
369
- {
370
- return param->flags;
369
+ int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose) {
370
+ return X509_PURPOSE_set(&param->purpose, purpose);
371
371
  }
372
372
 
373
- int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose)
374
- {
375
- return X509_PURPOSE_set(&param->purpose, purpose);
373
+ int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust) {
374
+ return X509_TRUST_set(&param->trust, trust);
376
375
  }
377
376
 
378
- int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust)
379
- {
380
- return X509_TRUST_set(&param->trust, trust);
377
+ void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth) {
378
+ param->depth = depth;
381
379
  }
382
380
 
383
- void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth)
384
- {
385
- param->depth = depth;
381
+ void X509_VERIFY_PARAM_set_time_posix(X509_VERIFY_PARAM *param, int64_t t) {
382
+ param->check_time = t;
383
+ param->flags |= X509_V_FLAG_USE_CHECK_TIME;
386
384
  }
387
385
 
388
- void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t)
389
- {
390
- param->check_time = t;
391
- param->flags |= X509_V_FLAG_USE_CHECK_TIME;
386
+ void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t) {
387
+ X509_VERIFY_PARAM_set_time_posix(param, t);
392
388
  }
393
389
 
394
390
  int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
395
- ASN1_OBJECT *policy)
396
- {
391
+ ASN1_OBJECT *policy) {
392
+ if (!param->policies) {
393
+ param->policies = sk_ASN1_OBJECT_new_null();
397
394
  if (!param->policies) {
398
- param->policies = sk_ASN1_OBJECT_new_null();
399
- if (!param->policies)
400
- return 0;
395
+ return 0;
401
396
  }
402
- if (!sk_ASN1_OBJECT_push(param->policies, policy))
403
- return 0;
404
- return 1;
397
+ }
398
+ if (!sk_ASN1_OBJECT_push(param->policies, policy)) {
399
+ return 0;
400
+ }
401
+ // TODO(davidben): This does not set |X509_V_FLAG_POLICY_CHECK|, while
402
+ // |X509_VERIFY_PARAM_set1_policies| does. Is this a bug?
403
+ return 1;
405
404
  }
406
405
 
407
406
  int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
408
- STACK_OF(ASN1_OBJECT) *policies)
409
- {
410
- size_t i;
411
- ASN1_OBJECT *oid, *doid;
412
- if (!param)
413
- return 0;
414
- if (param->policies)
415
- sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
407
+ const STACK_OF(ASN1_OBJECT) *policies) {
408
+ if (!param) {
409
+ return 0;
410
+ }
416
411
 
417
- if (!policies) {
418
- param->policies = NULL;
419
- return 1;
420
- }
412
+ sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
413
+ if (!policies) {
414
+ param->policies = NULL;
415
+ return 1;
416
+ }
421
417
 
422
- param->policies = sk_ASN1_OBJECT_new_null();
423
- if (!param->policies)
424
- return 0;
418
+ param->policies =
419
+ sk_ASN1_OBJECT_deep_copy(policies, OBJ_dup, ASN1_OBJECT_free);
420
+ if (!param->policies) {
421
+ return 0;
422
+ }
425
423
 
426
- for (i = 0; i < sk_ASN1_OBJECT_num(policies); i++) {
427
- oid = sk_ASN1_OBJECT_value(policies, i);
428
- doid = OBJ_dup(oid);
429
- if (!doid)
430
- return 0;
431
- if (!sk_ASN1_OBJECT_push(param->policies, doid)) {
432
- ASN1_OBJECT_free(doid);
433
- return 0;
434
- }
435
- }
436
- param->flags |= X509_V_FLAG_POLICY_CHECK;
437
- return 1;
424
+ param->flags |= X509_V_FLAG_POLICY_CHECK;
425
+ return 1;
438
426
  }
439
427
 
440
- int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
441
- const char *name, size_t namelen)
442
- {
443
- if (!int_x509_param_set_hosts(param, SET_HOST, name, namelen)) {
444
- param->poison = 1;
445
- return 0;
446
- }
447
- return 1;
428
+ int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, const char *name,
429
+ size_t namelen) {
430
+ if (!int_x509_param_set_hosts(param, SET_HOST, name, namelen)) {
431
+ param->poison = 1;
432
+ return 0;
433
+ }
434
+ return 1;
448
435
  }
449
436
 
450
- int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
451
- const char *name, size_t namelen)
452
- {
453
- if (!int_x509_param_set_hosts(param, ADD_HOST, name, namelen)) {
454
- param->poison = 1;
455
- return 0;
456
- }
457
- return 1;
437
+ int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, const char *name,
438
+ size_t namelen) {
439
+ if (!int_x509_param_set_hosts(param, ADD_HOST, name, namelen)) {
440
+ param->poison = 1;
441
+ return 0;
442
+ }
443
+ return 1;
458
444
  }
459
445
 
460
446
  void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
461
- unsigned int flags)
462
- {
463
- param->hostflags = flags;
447
+ unsigned int flags) {
448
+ param->hostflags = flags;
464
449
  }
465
450
 
466
- char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param)
467
- {
468
- return param->peername;
451
+ char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param) {
452
+ return param->peername;
469
453
  }
470
454
 
471
- int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
472
- const char *email, size_t emaillen)
473
- {
474
- if (OPENSSL_memchr(email, '\0', emaillen) != NULL ||
475
- !int_x509_param_set1(&param->email, &param->emaillen,
476
- email, emaillen)) {
477
- param->poison = 1;
478
- return 0;
479
- }
455
+ int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, const char *email,
456
+ size_t emaillen) {
457
+ if (OPENSSL_memchr(email, '\0', emaillen) != NULL ||
458
+ !int_x509_param_set1(&param->email, &param->emaillen, email, emaillen)) {
459
+ param->poison = 1;
460
+ return 0;
461
+ }
480
462
 
481
- return 1;
463
+ return 1;
482
464
  }
483
465
 
484
- int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
485
- const unsigned char *ip, size_t iplen)
486
- {
487
- if ((iplen != 4 && iplen != 16) ||
488
- !int_x509_param_set1((char **)&param->ip, &param->iplen,
489
- (char *)ip, iplen)) {
490
- param->poison = 1;
491
- return 0;
492
- }
466
+ int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, const unsigned char *ip,
467
+ size_t iplen) {
468
+ if ((iplen != 4 && iplen != 16) ||
469
+ !int_x509_param_set1((char **)&param->ip, &param->iplen, (char *)ip,
470
+ iplen)) {
471
+ param->poison = 1;
472
+ return 0;
473
+ }
493
474
 
494
- return 1;
475
+ return 1;
495
476
  }
496
477
 
497
- int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc)
498
- {
499
- unsigned char ipout[16];
500
- size_t iplen;
478
+ int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc) {
479
+ unsigned char ipout[16];
480
+ size_t iplen;
501
481
 
502
- iplen = (size_t)x509v3_a2i_ipadd(ipout, ipasc);
503
- if (iplen == 0)
504
- return 0;
505
- return X509_VERIFY_PARAM_set1_ip(param, ipout, iplen);
482
+ iplen = (size_t)x509v3_a2i_ipadd(ipout, ipasc);
483
+ if (iplen == 0) {
484
+ return 0;
485
+ }
486
+ return X509_VERIFY_PARAM_set1_ip(param, ipout, iplen);
506
487
  }
507
488
 
508
- int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param)
509
- {
510
- return param->depth;
489
+ int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param) {
490
+ return param->depth;
511
491
  }
512
492
 
513
- const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param)
514
- {
515
- return param->name;
493
+ const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param) {
494
+ return param->name;
516
495
  }
517
496
 
518
497
  #define vpm_empty_id NULL, 0U, NULL, NULL, 0, NULL, 0, 0
519
498
 
520
- /*
521
- * Default verify parameters: these are used for various applications and can
522
- * be overridden by the user specified table. NB: the 'name' field *must* be
523
- * in alphabetical order because it will be searched using OBJ_search.
524
- */
499
+ // Default verify parameters: these are used for various applications and can
500
+ // be overridden by the user specified table. NB: the 'name' field *must* be
501
+ // in alphabetical order because it will be searched using OBJ_search.
525
502
 
526
503
  static const X509_VERIFY_PARAM default_table[] = {
527
- {
528
- (char *)"default", /* X509 default parameters */
529
- 0, /* Check time */
530
- 0, /* internal flags */
531
- X509_V_FLAG_TRUSTED_FIRST, /* flags */
532
- 0, /* purpose */
533
- 0, /* trust */
534
- 100, /* depth */
535
- NULL, /* policies */
504
+ {(char *)"default", // X509 default parameters
505
+ 0, // Check time
506
+ 0, // internal flags
507
+ X509_V_FLAG_TRUSTED_FIRST, // flags
508
+ 0, // purpose
509
+ 0, // trust
510
+ 100, // depth
511
+ NULL, // policies
536
512
  vpm_empty_id},
537
- {
538
- (char *)"pkcs7", /* S/MIME sign parameters */
539
- 0, /* Check time */
540
- 0, /* internal flags */
541
- 0, /* flags */
542
- X509_PURPOSE_SMIME_SIGN, /* purpose */
543
- X509_TRUST_EMAIL, /* trust */
544
- -1, /* depth */
545
- NULL, /* policies */
513
+ {(char *)"pkcs7", // S/MIME sign parameters
514
+ 0, // Check time
515
+ 0, // internal flags
516
+ 0, // flags
517
+ X509_PURPOSE_SMIME_SIGN, // purpose
518
+ X509_TRUST_EMAIL, // trust
519
+ -1, // depth
520
+ NULL, // policies
546
521
  vpm_empty_id},
547
- {
548
- (char *)"smime_sign", /* S/MIME sign parameters */
549
- 0, /* Check time */
550
- 0, /* internal flags */
551
- 0, /* flags */
552
- X509_PURPOSE_SMIME_SIGN, /* purpose */
553
- X509_TRUST_EMAIL, /* trust */
554
- -1, /* depth */
555
- NULL, /* policies */
522
+ {(char *)"smime_sign", // S/MIME sign parameters
523
+ 0, // Check time
524
+ 0, // internal flags
525
+ 0, // flags
526
+ X509_PURPOSE_SMIME_SIGN, // purpose
527
+ X509_TRUST_EMAIL, // trust
528
+ -1, // depth
529
+ NULL, // policies
556
530
  vpm_empty_id},
557
- {
558
- (char *)"ssl_client", /* SSL/TLS client parameters */
559
- 0, /* Check time */
560
- 0, /* internal flags */
561
- 0, /* flags */
562
- X509_PURPOSE_SSL_CLIENT, /* purpose */
563
- X509_TRUST_SSL_CLIENT, /* trust */
564
- -1, /* depth */
565
- NULL, /* policies */
531
+ {(char *)"ssl_client", // SSL/TLS client parameters
532
+ 0, // Check time
533
+ 0, // internal flags
534
+ 0, // flags
535
+ X509_PURPOSE_SSL_CLIENT, // purpose
536
+ X509_TRUST_SSL_CLIENT, // trust
537
+ -1, // depth
538
+ NULL, // policies
566
539
  vpm_empty_id},
567
- {
568
- (char *)"ssl_server", /* SSL/TLS server parameters */
569
- 0, /* Check time */
570
- 0, /* internal flags */
571
- 0, /* flags */
572
- X509_PURPOSE_SSL_SERVER, /* purpose */
573
- X509_TRUST_SSL_SERVER, /* trust */
574
- -1, /* depth */
575
- NULL, /* policies */
576
- vpm_empty_id}
577
- };
540
+ {(char *)"ssl_server", // SSL/TLS server parameters
541
+ 0, // Check time
542
+ 0, // internal flags
543
+ 0, // flags
544
+ X509_PURPOSE_SSL_SERVER, // purpose
545
+ X509_TRUST_SSL_SERVER, // trust
546
+ -1, // depth
547
+ NULL, // policies
548
+ vpm_empty_id}};
578
549
 
579
550
  static STACK_OF(X509_VERIFY_PARAM) *param_table = NULL;
580
551
 
581
- static int param_cmp(const X509_VERIFY_PARAM **a, const X509_VERIFY_PARAM **b)
582
- {
583
- return strcmp((*a)->name, (*b)->name);
552
+ static int param_cmp(const X509_VERIFY_PARAM **a, const X509_VERIFY_PARAM **b) {
553
+ return strcmp((*a)->name, (*b)->name);
584
554
  }
585
555
 
586
- int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param)
587
- {
588
- X509_VERIFY_PARAM *ptmp;
556
+ int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param) {
557
+ X509_VERIFY_PARAM *ptmp;
558
+ if (!param_table) {
559
+ param_table = sk_X509_VERIFY_PARAM_new(param_cmp);
589
560
  if (!param_table) {
590
- param_table = sk_X509_VERIFY_PARAM_new(param_cmp);
591
- if (!param_table)
592
- return 0;
593
- } else {
594
- size_t idx;
595
-
596
- sk_X509_VERIFY_PARAM_sort(param_table);
597
- if (sk_X509_VERIFY_PARAM_find(param_table, &idx, param)) {
598
- ptmp = sk_X509_VERIFY_PARAM_value(param_table, idx);
599
- X509_VERIFY_PARAM_free(ptmp);
600
- (void)sk_X509_VERIFY_PARAM_delete(param_table, idx);
601
- }
561
+ return 0;
602
562
  }
603
- if (!sk_X509_VERIFY_PARAM_push(param_table, param))
604
- return 0;
605
- return 1;
563
+ } else {
564
+ size_t idx;
565
+
566
+ sk_X509_VERIFY_PARAM_sort(param_table);
567
+ if (sk_X509_VERIFY_PARAM_find(param_table, &idx, param)) {
568
+ ptmp = sk_X509_VERIFY_PARAM_value(param_table, idx);
569
+ X509_VERIFY_PARAM_free(ptmp);
570
+ (void)sk_X509_VERIFY_PARAM_delete(param_table, idx);
571
+ }
572
+ }
573
+ if (!sk_X509_VERIFY_PARAM_push(param_table, param)) {
574
+ return 0;
575
+ }
576
+ return 1;
606
577
  }
607
578
 
608
- int X509_VERIFY_PARAM_get_count(void)
609
- {
610
- int num = sizeof(default_table) / sizeof(X509_VERIFY_PARAM);
611
- if (param_table)
612
- num += sk_X509_VERIFY_PARAM_num(param_table);
613
- return num;
579
+ int X509_VERIFY_PARAM_get_count(void) {
580
+ int num = sizeof(default_table) / sizeof(X509_VERIFY_PARAM);
581
+ if (param_table) {
582
+ num += sk_X509_VERIFY_PARAM_num(param_table);
583
+ }
584
+ return num;
614
585
  }
615
586
 
616
- const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id)
617
- {
618
- int num = sizeof(default_table) / sizeof(X509_VERIFY_PARAM);
619
- if (id < num)
620
- return default_table + id;
621
- return sk_X509_VERIFY_PARAM_value(param_table, id - num);
587
+ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id) {
588
+ int num = sizeof(default_table) / sizeof(X509_VERIFY_PARAM);
589
+ if (id < num) {
590
+ return default_table + id;
591
+ }
592
+ return sk_X509_VERIFY_PARAM_value(param_table, id - num);
622
593
  }
623
594
 
624
- const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name)
625
- {
626
- X509_VERIFY_PARAM pm;
627
- unsigned i, limit;
595
+ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name) {
596
+ X509_VERIFY_PARAM pm;
597
+ unsigned i, limit;
628
598
 
629
- pm.name = (char *)name;
630
- if (param_table) {
631
- size_t idx;
632
- sk_X509_VERIFY_PARAM_sort(param_table);
633
- if (sk_X509_VERIFY_PARAM_find(param_table, &idx, &pm))
634
- return sk_X509_VERIFY_PARAM_value(param_table, idx);
599
+ pm.name = (char *)name;
600
+ if (param_table) {
601
+ size_t idx;
602
+ sk_X509_VERIFY_PARAM_sort(param_table);
603
+ if (sk_X509_VERIFY_PARAM_find(param_table, &idx, &pm)) {
604
+ return sk_X509_VERIFY_PARAM_value(param_table, idx);
635
605
  }
606
+ }
636
607
 
637
- limit = sizeof(default_table) / sizeof(X509_VERIFY_PARAM);
638
- for (i = 0; i < limit; i++) {
639
- if (strcmp(default_table[i].name, name) == 0) {
640
- return &default_table[i];
641
- }
608
+ limit = sizeof(default_table) / sizeof(X509_VERIFY_PARAM);
609
+ for (i = 0; i < limit; i++) {
610
+ if (strcmp(default_table[i].name, name) == 0) {
611
+ return &default_table[i];
642
612
  }
643
- return NULL;
613
+ }
614
+ return NULL;
644
615
  }
645
616
 
646
- void X509_VERIFY_PARAM_table_cleanup(void)
647
- {
648
- if (param_table)
649
- sk_X509_VERIFY_PARAM_pop_free(param_table, X509_VERIFY_PARAM_free);
650
- param_table = NULL;
617
+ void X509_VERIFY_PARAM_table_cleanup(void) {
618
+ if (param_table) {
619
+ sk_X509_VERIFY_PARAM_pop_free(param_table, X509_VERIFY_PARAM_free);
620
+ }
621
+ param_table = NULL;
651
622
  }