grpc 1.53.1 → 1.54.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of grpc might be problematic. Click here for more details.

Files changed (689) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +78 -66
  3. data/include/grpc/event_engine/event_engine.h +30 -14
  4. data/include/grpc/grpc_security.h +4 -0
  5. data/include/grpc/support/port_platform.h +4 -4
  6. data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +11 -0
  7. data/src/core/ext/filters/client_channel/backend_metric.cc +6 -0
  8. data/src/core/ext/filters/client_channel/backup_poller.cc +2 -11
  9. data/src/core/ext/filters/client_channel/backup_poller.h +0 -3
  10. data/src/core/ext/filters/client_channel/client_channel.cc +848 -813
  11. data/src/core/ext/filters/client_channel/client_channel.h +131 -173
  12. data/src/core/ext/filters/client_channel/client_channel_internal.h +114 -0
  13. data/src/core/ext/filters/client_channel/config_selector.h +4 -3
  14. data/src/core/ext/filters/client_channel/lb_policy/backend_metric_data.h +6 -1
  15. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +17 -18
  16. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +134 -151
  17. data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +2 -16
  18. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +14 -10
  19. data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/weighted_round_robin.cc +68 -30
  20. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +11 -3
  21. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +8 -1
  22. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +2 -5
  23. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.cc +2 -2
  24. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +30 -38
  25. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +4 -4
  26. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +20 -26
  27. data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +31 -179
  28. data/src/core/ext/filters/client_channel/resolver/polling_resolver.cc +1 -2
  29. data/src/core/ext/filters/client_channel/resolver/polling_resolver.h +1 -2
  30. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +4 -2
  31. data/src/core/ext/filters/client_channel/retry_filter.cc +95 -102
  32. data/src/core/ext/filters/client_channel/subchannel.cc +2 -4
  33. data/src/core/ext/filters/client_channel/subchannel_stream_client.cc +26 -27
  34. data/src/core/ext/filters/client_channel/subchannel_stream_client.h +8 -5
  35. data/src/core/ext/filters/http/client/http_client_filter.cc +3 -3
  36. data/src/core/ext/filters/http/http_filters_plugin.cc +1 -12
  37. data/src/core/ext/filters/http/message_compress/compression_filter.cc +27 -11
  38. data/src/core/ext/filters/message_size/message_size_filter.cc +141 -224
  39. data/src/core/ext/filters/message_size/message_size_filter.h +48 -3
  40. data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +7 -6
  41. data/src/core/ext/gcp/metadata_query.cc +142 -0
  42. data/src/core/ext/gcp/metadata_query.h +82 -0
  43. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +70 -55
  44. data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +8 -12
  45. data/src/core/ext/transport/chttp2/transport/bin_encoder.h +1 -5
  46. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +116 -58
  47. data/src/core/ext/transport/chttp2/transport/flow_control.cc +5 -2
  48. data/src/core/ext/transport/chttp2/transport/flow_control.h +2 -1
  49. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +4 -1
  50. data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +222 -118
  51. data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +113 -295
  52. data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc +0 -2
  53. data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.h +0 -2
  54. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +277 -451
  55. data/src/core/ext/transport/chttp2/transport/hpack_parser.h +1 -3
  56. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +12 -14
  57. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +1 -9
  58. data/src/core/ext/transport/chttp2/transport/internal.h +16 -3
  59. data/src/core/ext/transport/chttp2/transport/parsing.cc +3 -2
  60. data/src/core/ext/transport/chttp2/transport/writing.cc +10 -5
  61. data/src/core/ext/transport/inproc/inproc_transport.cc +20 -14
  62. data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +5 -3
  63. data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +22 -0
  64. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +5 -3
  65. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +22 -0
  66. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +23 -5
  67. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +94 -3
  68. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +23 -2
  69. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +120 -0
  70. data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.c +6 -3
  71. data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.h +22 -0
  72. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +24 -6
  73. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +111 -12
  74. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +9 -7
  75. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +27 -9
  76. data/src/core/ext/upb-generated/envoy/config/trace/v3/opentelemetry.upb.c +0 -1
  77. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +11 -7
  78. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +56 -12
  79. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.c +5 -3
  80. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.h +24 -0
  81. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.c +5 -3
  82. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.h +24 -0
  83. data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.c +13 -2
  84. data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.h +49 -0
  85. data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.c +24 -9
  86. data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.h +66 -12
  87. data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +191 -187
  88. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +139 -136
  89. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +31 -15
  90. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.h +5 -0
  91. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +12 -9
  92. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +15 -0
  93. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.c +54 -45
  94. data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c +135 -119
  95. data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h +5 -0
  96. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +100 -97
  97. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opentelemetry.upbdefs.c +15 -18
  98. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +272 -264
  99. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +117 -117
  100. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.c +5 -5
  101. data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +5 -5
  102. data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +5 -5
  103. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.c +12 -9
  104. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.h +5 -0
  105. data/src/core/ext/xds/xds_channel_stack_modifier.cc +1 -2
  106. data/src/core/ext/xds/xds_client_stats.cc +29 -15
  107. data/src/core/ext/xds/xds_client_stats.h +24 -20
  108. data/src/core/ext/xds/xds_endpoint.cc +5 -2
  109. data/src/core/ext/xds/xds_endpoint.h +9 -1
  110. data/src/core/ext/xds/xds_http_rbac_filter.cc +1 -1
  111. data/src/core/ext/xds/xds_lb_policy_registry.cc +13 -0
  112. data/src/core/ext/xds/xds_transport_grpc.cc +1 -1
  113. data/src/core/lib/channel/call_finalization.h +1 -1
  114. data/src/core/lib/channel/call_tracer.cc +51 -0
  115. data/src/core/lib/channel/call_tracer.h +101 -38
  116. data/src/core/lib/channel/connected_channel.cc +483 -1050
  117. data/src/core/lib/channel/context.h +8 -1
  118. data/src/core/lib/channel/promise_based_filter.cc +106 -42
  119. data/src/core/lib/channel/promise_based_filter.h +27 -13
  120. data/src/core/lib/channel/server_call_tracer_filter.cc +110 -0
  121. data/src/core/lib/config/config_vars.cc +151 -0
  122. data/src/core/lib/config/config_vars.h +127 -0
  123. data/src/core/lib/config/config_vars_non_generated.cc +51 -0
  124. data/src/core/lib/config/load_config.cc +66 -0
  125. data/src/core/lib/config/load_config.h +49 -0
  126. data/src/core/lib/debug/trace.cc +5 -6
  127. data/src/core/lib/debug/trace.h +0 -5
  128. data/src/core/lib/event_engine/event_engine.cc +37 -2
  129. data/src/core/lib/event_engine/handle_containers.h +7 -22
  130. data/src/core/lib/event_engine/memory_allocator_factory.h +47 -0
  131. data/src/core/lib/event_engine/posix_engine/ev_poll_posix.cc +0 -4
  132. data/src/core/lib/event_engine/posix_engine/event_poller_posix_default.cc +3 -9
  133. data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +48 -15
  134. data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +8 -8
  135. data/src/core/lib/event_engine/posix_engine/posix_engine.cc +6 -5
  136. data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +6 -3
  137. data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +27 -18
  138. data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +0 -3
  139. data/src/core/lib/event_engine/resolved_address.cc +2 -1
  140. data/src/core/lib/event_engine/windows/win_socket.cc +0 -1
  141. data/src/core/lib/event_engine/windows/windows_endpoint.cc +129 -82
  142. data/src/core/lib/event_engine/windows/windows_endpoint.h +21 -5
  143. data/src/core/lib/event_engine/windows/windows_engine.cc +39 -18
  144. data/src/core/lib/event_engine/windows/windows_engine.h +2 -1
  145. data/src/core/lib/event_engine/windows/windows_listener.cc +370 -0
  146. data/src/core/lib/event_engine/windows/windows_listener.h +155 -0
  147. data/src/core/lib/experiments/config.cc +3 -10
  148. data/src/core/lib/experiments/experiments.cc +7 -0
  149. data/src/core/lib/experiments/experiments.h +9 -1
  150. data/src/core/lib/gpr/log.cc +15 -28
  151. data/src/core/lib/gprpp/fork.cc +8 -14
  152. data/src/core/lib/gprpp/orphanable.h +4 -3
  153. data/src/core/lib/gprpp/per_cpu.h +9 -3
  154. data/src/core/lib/gprpp/{thd_posix.cc → posix/thd.cc} +49 -37
  155. data/src/core/lib/gprpp/ref_counted.h +33 -34
  156. data/src/core/lib/gprpp/thd.h +16 -0
  157. data/src/core/lib/gprpp/time.cc +1 -0
  158. data/src/core/lib/gprpp/time.h +4 -4
  159. data/src/core/lib/gprpp/{thd_windows.cc → windows/thd.cc} +2 -2
  160. data/src/core/lib/iomgr/call_combiner.h +2 -2
  161. data/src/core/lib/iomgr/endpoint_cfstream.cc +4 -2
  162. data/src/core/lib/iomgr/ev_posix.cc +13 -53
  163. data/src/core/lib/iomgr/ev_posix.h +0 -3
  164. data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +103 -76
  165. data/src/core/lib/iomgr/iomgr.cc +4 -8
  166. data/src/core/lib/iomgr/iomgr_windows.cc +8 -2
  167. data/src/core/lib/iomgr/pollset_set_windows.cc +9 -9
  168. data/src/core/lib/iomgr/pollset_windows.cc +1 -1
  169. data/src/core/lib/iomgr/socket_utils_common_posix.cc +16 -3
  170. data/src/core/lib/iomgr/tcp_client_windows.cc +2 -2
  171. data/src/core/lib/iomgr/tcp_posix.cc +0 -1
  172. data/src/core/lib/iomgr/tcp_server_posix.cc +5 -16
  173. data/src/core/lib/iomgr/tcp_server_windows.cc +176 -9
  174. data/src/core/lib/iomgr/tcp_windows.cc +12 -8
  175. data/src/core/lib/load_balancing/lb_policy.cc +9 -13
  176. data/src/core/lib/load_balancing/lb_policy.h +4 -2
  177. data/src/core/lib/promise/activity.cc +22 -6
  178. data/src/core/lib/promise/activity.h +61 -24
  179. data/src/core/lib/promise/cancel_callback.h +77 -0
  180. data/src/core/lib/promise/detail/basic_seq.h +1 -1
  181. data/src/core/lib/promise/detail/promise_factory.h +4 -0
  182. data/src/core/lib/promise/for_each.h +176 -0
  183. data/src/core/lib/promise/if.h +9 -0
  184. data/src/core/lib/promise/interceptor_list.h +23 -2
  185. data/src/core/lib/promise/latch.h +89 -3
  186. data/src/core/lib/promise/loop.h +13 -9
  187. data/src/core/lib/promise/map.h +7 -0
  188. data/src/core/lib/promise/party.cc +286 -0
  189. data/src/core/lib/promise/party.h +499 -0
  190. data/src/core/lib/promise/pipe.h +197 -57
  191. data/src/core/lib/promise/poll.h +48 -0
  192. data/src/core/lib/promise/promise.h +2 -2
  193. data/src/core/lib/resource_quota/arena.cc +19 -3
  194. data/src/core/lib/resource_quota/arena.h +119 -5
  195. data/src/core/lib/resource_quota/memory_quota.cc +1 -1
  196. data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +12 -35
  197. data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +1 -0
  198. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +0 -59
  199. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +10 -5
  200. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -1
  201. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +13 -0
  202. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +2 -0
  203. data/src/core/lib/security/security_connector/load_system_roots_supported.cc +5 -9
  204. data/src/core/lib/security/security_connector/ssl_utils.cc +11 -25
  205. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +12 -0
  206. data/src/core/lib/security/transport/secure_endpoint.cc +4 -2
  207. data/src/core/lib/security/transport/server_auth_filter.cc +20 -2
  208. data/src/core/lib/slice/slice.cc +1 -1
  209. data/src/core/lib/surface/builtins.cc +2 -0
  210. data/src/core/lib/surface/call.cc +926 -1024
  211. data/src/core/lib/surface/call.h +10 -0
  212. data/src/core/lib/surface/lame_client.cc +1 -0
  213. data/src/core/lib/surface/validate_metadata.cc +42 -43
  214. data/src/core/lib/surface/validate_metadata.h +0 -9
  215. data/src/core/lib/surface/version.cc +2 -2
  216. data/src/core/lib/transport/batch_builder.cc +179 -0
  217. data/src/core/lib/transport/batch_builder.h +468 -0
  218. data/src/core/lib/transport/bdp_estimator.cc +7 -7
  219. data/src/core/lib/transport/bdp_estimator.h +10 -6
  220. data/src/core/lib/transport/custom_metadata.h +30 -0
  221. data/src/core/lib/transport/metadata_batch.cc +5 -2
  222. data/src/core/lib/transport/metadata_batch.h +17 -113
  223. data/src/core/lib/transport/parsed_metadata.h +6 -16
  224. data/src/core/lib/transport/timeout_encoding.cc +6 -1
  225. data/src/core/lib/transport/transport.cc +30 -2
  226. data/src/core/lib/transport/transport.h +70 -14
  227. data/src/core/lib/transport/transport_impl.h +7 -0
  228. data/src/core/lib/transport/transport_op_string.cc +52 -42
  229. data/src/core/plugin_registry/grpc_plugin_registry.cc +2 -2
  230. data/src/core/tsi/alts/frame_protector/alts_frame_protector.cc +1 -0
  231. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +21 -4
  232. data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +5 -0
  233. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +1 -1
  234. data/src/core/tsi/ssl_transport_security.cc +4 -2
  235. data/src/ruby/lib/grpc/version.rb +1 -1
  236. data/third_party/abseil-cpp/absl/base/config.h +1 -1
  237. data/third_party/abseil-cpp/absl/flags/commandlineflag.cc +34 -0
  238. data/third_party/abseil-cpp/absl/flags/commandlineflag.h +200 -0
  239. data/third_party/abseil-cpp/absl/flags/config.h +68 -0
  240. data/third_party/abseil-cpp/absl/flags/declare.h +73 -0
  241. data/third_party/abseil-cpp/absl/flags/flag.cc +38 -0
  242. data/third_party/abseil-cpp/absl/flags/flag.h +310 -0
  243. data/{src/core/lib/gprpp/global_config_custom.h → third_party/abseil-cpp/absl/flags/internal/commandlineflag.cc} +11 -14
  244. data/third_party/abseil-cpp/absl/flags/internal/commandlineflag.h +68 -0
  245. data/third_party/abseil-cpp/absl/flags/internal/flag.cc +615 -0
  246. data/third_party/abseil-cpp/absl/flags/internal/flag.h +800 -0
  247. data/third_party/abseil-cpp/absl/flags/internal/flag_msvc.inc +116 -0
  248. data/third_party/abseil-cpp/absl/flags/internal/path_util.h +62 -0
  249. data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.cc +65 -0
  250. data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.h +61 -0
  251. data/third_party/abseil-cpp/absl/flags/internal/program_name.cc +60 -0
  252. data/third_party/abseil-cpp/absl/flags/internal/program_name.h +50 -0
  253. data/third_party/abseil-cpp/absl/flags/internal/registry.h +97 -0
  254. data/third_party/abseil-cpp/absl/flags/internal/sequence_lock.h +187 -0
  255. data/third_party/abseil-cpp/absl/flags/marshalling.cc +241 -0
  256. data/third_party/abseil-cpp/absl/flags/marshalling.h +356 -0
  257. data/third_party/abseil-cpp/absl/flags/reflection.cc +354 -0
  258. data/third_party/abseil-cpp/absl/flags/reflection.h +90 -0
  259. data/third_party/abseil-cpp/absl/flags/usage_config.cc +165 -0
  260. data/third_party/abseil-cpp/absl/flags/usage_config.h +135 -0
  261. data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +12 -8
  262. data/third_party/boringssl-with-bazel/err_data.c +728 -712
  263. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +177 -177
  264. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +28 -55
  265. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_d2i_fp.c +21 -23
  266. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_dup.c +20 -23
  267. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.c +66 -185
  268. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_i2d_fp.c +18 -21
  269. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +356 -311
  270. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +174 -194
  271. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +146 -210
  272. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +6 -9
  273. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strex.c +346 -526
  274. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +110 -131
  275. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +130 -116
  276. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +93 -60
  277. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +93 -181
  278. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +242 -305
  279. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_par.c +41 -18
  280. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +30 -33
  281. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +36 -33
  282. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +29 -26
  283. data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +133 -88
  284. data/third_party/boringssl-with-bazel/src/crypto/asn1/posix_time.c +230 -0
  285. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +791 -791
  286. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +526 -526
  287. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +114 -135
  288. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +201 -207
  289. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +21 -26
  290. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +55 -68
  291. data/third_party/boringssl-with-bazel/src/crypto/base64/base64.c +2 -4
  292. data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +11 -7
  293. data/third_party/boringssl-with-bazel/src/crypto/bio/bio_mem.c +4 -4
  294. data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +15 -9
  295. data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +4 -4
  296. data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +17 -10
  297. data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +1 -3
  298. data/third_party/boringssl-with-bazel/src/crypto/bio/printf.c +0 -13
  299. data/third_party/boringssl-with-bazel/src/crypto/bio/socket.c +3 -6
  300. data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +2 -0
  301. data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +9 -5
  302. data/third_party/boringssl-with-bazel/src/crypto/bn_extra/convert.c +10 -23
  303. data/third_party/boringssl-with-bazel/src/crypto/buf/buf.c +2 -6
  304. data/third_party/boringssl-with-bazel/src/crypto/bytestring/asn1_compat.c +2 -1
  305. data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +29 -28
  306. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbb.c +161 -201
  307. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +254 -39
  308. data/third_party/boringssl-with-bazel/src/crypto/bytestring/internal.h +2 -2
  309. data/third_party/boringssl-with-bazel/src/crypto/chacha/chacha.c +0 -2
  310. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +4 -4
  311. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesctrhmac.c +9 -8
  312. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesgcmsiv.c +37 -75
  313. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +8 -10
  314. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/cipher → cipher_extra}/e_des.c +100 -78
  315. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_null.c +1 -0
  316. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc2.c +1 -0
  317. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc4.c +2 -0
  318. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +6 -12
  319. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +14 -11
  320. data/third_party/boringssl-with-bazel/src/crypto/conf/conf.c +6 -10
  321. data/third_party/boringssl-with-bazel/src/crypto/conf/conf_def.h +0 -1
  322. data/third_party/boringssl-with-bazel/src/crypto/conf/internal.h +12 -0
  323. data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_apple.c +74 -0
  324. data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_freebsd.c +62 -0
  325. data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-fuchsia.c → cpu_aarch64_fuchsia.c} +8 -7
  326. data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-linux.c → cpu_aarch64_linux.c} +6 -4
  327. data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-win.c → cpu_aarch64_win.c} +4 -4
  328. data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm.c → cpu_arm.c} +1 -1
  329. data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_freebsd.c +55 -0
  330. data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.c → cpu_arm_linux.c} +11 -90
  331. data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.h → cpu_arm_linux.h} +0 -38
  332. data/third_party/boringssl-with-bazel/src/crypto/{cpu-intel.c → cpu_intel.c} +1 -2
  333. data/third_party/boringssl-with-bazel/src/crypto/crypto.c +25 -20
  334. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +16 -27
  335. data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +17 -32
  336. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/des.c +232 -232
  337. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/internal.h +1 -1
  338. data/third_party/boringssl-with-bazel/src/crypto/dh_extra/dh_asn1.c +1 -0
  339. data/third_party/boringssl-with-bazel/src/crypto/dh_extra/params.c +232 -29
  340. data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +0 -3
  341. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +39 -16
  342. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa_asn1.c +37 -7
  343. data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +3 -3
  344. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +11 -36
  345. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +214 -99
  346. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +21 -5
  347. data/third_party/boringssl-with-bazel/src/crypto/ecdsa_extra/ecdsa_asn1.c +2 -4
  348. data/third_party/boringssl-with-bazel/src/crypto/err/err.c +83 -60
  349. data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +46 -12
  350. data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +3 -3
  351. data/third_party/boringssl-with-bazel/src/crypto/evp/evp_ctx.c +25 -23
  352. data/third_party/boringssl-with-bazel/src/crypto/evp/internal.h +43 -9
  353. data/third_party/boringssl-with-bazel/src/crypto/evp/p_dsa_asn1.c +75 -44
  354. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec.c +19 -25
  355. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec_asn1.c +96 -45
  356. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519.c +7 -8
  357. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519_asn1.c +26 -23
  358. data/third_party/boringssl-with-bazel/src/crypto/evp/p_hkdf.c +233 -0
  359. data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +5 -5
  360. data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa_asn1.c +42 -25
  361. data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519.c +4 -5
  362. data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519_asn1.c +35 -47
  363. data/third_party/boringssl-with-bazel/src/crypto/evp/print.c +135 -244
  364. data/third_party/boringssl-with-bazel/src/crypto/evp/scrypt.c +2 -4
  365. data/third_party/boringssl-with-bazel/src/crypto/evp/sign.c +15 -10
  366. data/third_party/boringssl-with-bazel/src/crypto/ex_data.c +29 -15
  367. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes.c +0 -2
  368. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +13 -14
  369. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +3 -13
  370. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/key_wrap.c +13 -7
  371. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +9 -7
  372. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +35 -27
  373. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +16 -26
  374. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bytes.c +88 -60
  375. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/cmp.c +4 -3
  376. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/ctx.c +0 -2
  377. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +1 -1
  378. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div_extra.c +1 -1
  379. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +99 -113
  380. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd.c +0 -1
  381. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd_extra.c +5 -3
  382. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/generic.c +112 -168
  383. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +86 -31
  384. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +11 -6
  385. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery_inv.c +4 -5
  386. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +4 -5
  387. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +13 -0
  388. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/random.c +13 -5
  389. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.c +19 -108
  390. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.h +19 -15
  391. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/shift.c +15 -16
  392. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/sqrt.c +22 -21
  393. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/aead.c +3 -0
  394. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +79 -19
  395. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +102 -99
  396. data/third_party/boringssl-with-bazel/src/crypto/{cipher_extra → fipsmodule/cipher}/e_aesccm.c +52 -46
  397. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/internal.h +39 -0
  398. data/third_party/boringssl-with-bazel/src/crypto/{cmac → fipsmodule/cmac}/cmac.c +55 -11
  399. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/check.c +2 -3
  400. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/dh.c +21 -6
  401. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/internal.h +56 -0
  402. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +5 -3
  403. data/third_party/boringssl-with-bazel/src/crypto/{evp → fipsmodule/digestsign}/digestsign.c +51 -15
  404. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +25 -25
  405. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +91 -17
  406. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +5 -5
  407. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +34 -12
  408. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +54 -23
  409. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +44 -60
  410. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64-table.h → p256-nistz-table.h} +1 -1
  411. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.c → p256-nistz.c} +60 -53
  412. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.h → p256-nistz.h} +5 -13
  413. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +48 -36
  414. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +2 -8
  415. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +2 -7
  416. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +2 -3
  417. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +0 -1
  418. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +8 -0
  419. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +42 -14
  420. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +6 -0
  421. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hmac/hmac.c +52 -24
  422. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +9 -15
  423. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cfb.c +1 -4
  424. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +2 -4
  425. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +71 -43
  426. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +14 -16
  427. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +1 -4
  428. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/ctrdrbg.c +31 -13
  429. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +16 -8
  430. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +3 -2
  431. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +2 -2
  432. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +9 -38
  433. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +73 -59
  434. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +11 -45
  435. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +0 -1
  436. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +22 -0
  437. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/padding.c +63 -52
  438. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +107 -62
  439. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +58 -31
  440. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +41 -0
  441. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +523 -422
  442. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/internal.h +89 -0
  443. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/service_indicator.c +334 -0
  444. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +3 -12
  445. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +2 -0
  446. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +12 -8
  447. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +14 -12
  448. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/kdf.c +19 -6
  449. data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +32 -14
  450. data/third_party/boringssl-with-bazel/src/crypto/hrss/hrss.c +65 -29
  451. data/third_party/boringssl-with-bazel/src/crypto/internal.h +373 -18
  452. data/third_party/boringssl-with-bazel/src/crypto/kyber/internal.h +61 -0
  453. data/third_party/boringssl-with-bazel/src/crypto/kyber/keccak.c +205 -0
  454. data/third_party/boringssl-with-bazel/src/crypto/lhash/internal.h +13 -1
  455. data/third_party/boringssl-with-bazel/src/crypto/mem.c +220 -13
  456. data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +19 -7
  457. data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +13 -1
  458. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_all.c +81 -90
  459. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_info.c +150 -245
  460. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +629 -613
  461. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_oth.c +17 -17
  462. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +142 -149
  463. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +99 -131
  464. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_x509.c +0 -1
  465. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_xaux.c +0 -1
  466. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +0 -1
  467. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8.c +0 -3
  468. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +36 -66
  469. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +31 -38
  470. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +2 -1
  471. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +18 -31
  472. data/third_party/boringssl-with-bazel/src/crypto/pool/internal.h +1 -0
  473. data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +8 -1
  474. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +129 -5
  475. data/third_party/boringssl-with-bazel/src/crypto/refcount_c11.c +0 -2
  476. data/third_party/boringssl-with-bazel/src/crypto/refcount_lock.c +3 -4
  477. data/third_party/boringssl-with-bazel/src/crypto/siphash/siphash.c +8 -11
  478. data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +61 -27
  479. data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +10 -13
  480. data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +10 -13
  481. data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +66 -34
  482. data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +190 -77
  483. data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +81 -284
  484. data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +109 -42
  485. data/third_party/boringssl-with-bazel/src/crypto/x509/a_digest.c +22 -24
  486. data/third_party/boringssl-with-bazel/src/crypto/x509/a_sign.c +54 -55
  487. data/third_party/boringssl-with-bazel/src/crypto/x509/a_verify.c +32 -34
  488. data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +32 -16
  489. data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +465 -704
  490. data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +284 -331
  491. data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +183 -178
  492. data/third_party/boringssl-with-bazel/src/crypto/x509/i2d_pr.c +11 -15
  493. data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +67 -50
  494. data/third_party/boringssl-with-bazel/src/crypto/x509/name_print.c +153 -150
  495. data/third_party/boringssl-with-bazel/src/crypto/x509/policy.c +786 -0
  496. data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +95 -102
  497. data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +72 -57
  498. data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +12 -10
  499. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +227 -252
  500. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509a.c +52 -47
  501. data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +3 -4
  502. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +230 -224
  503. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +161 -327
  504. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_d2.c +37 -33
  505. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_def.c +14 -31
  506. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +55 -85
  507. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +534 -618
  508. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +129 -122
  509. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +116 -182
  510. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +132 -132
  511. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +181 -202
  512. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_txt.c +64 -79
  513. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +175 -160
  514. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +1865 -2050
  515. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +433 -462
  516. data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +156 -163
  517. data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +267 -263
  518. data/third_party/boringssl-with-bazel/src/crypto/x509/x509rset.c +40 -15
  519. data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.c +59 -63
  520. data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +63 -67
  521. data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +114 -144
  522. data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +25 -26
  523. data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +326 -415
  524. data/third_party/boringssl-with-bazel/src/crypto/x509/x_exten.c +8 -7
  525. data/third_party/boringssl-with-bazel/src/crypto/x509/x_info.c +30 -28
  526. data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +354 -370
  527. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +37 -32
  528. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +116 -119
  529. data/third_party/boringssl-with-bazel/src/crypto/x509/x_req.c +36 -26
  530. data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +3 -4
  531. data/third_party/boringssl-with-bazel/src/crypto/x509/x_spki.c +10 -13
  532. data/third_party/boringssl-with-bazel/src/crypto/x509/x_val.c +3 -4
  533. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +419 -261
  534. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +113 -105
  535. data/third_party/boringssl-with-bazel/src/crypto/x509v3/ext_dat.h +11 -15
  536. data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +78 -170
  537. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +126 -131
  538. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akeya.c +3 -4
  539. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +465 -469
  540. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bcons.c +56 -54
  541. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +46 -49
  542. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +309 -346
  543. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +341 -365
  544. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_crld.c +429 -393
  545. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +29 -24
  546. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_extku.c +65 -59
  547. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +125 -121
  548. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +43 -42
  549. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +122 -125
  550. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_int.c +50 -20
  551. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +247 -253
  552. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ncons.c +386 -389
  553. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ocsp.c +45 -32
  554. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcons.c +57 -54
  555. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pmaps.c +63 -67
  556. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +143 -136
  557. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +664 -707
  558. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +83 -75
  559. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +1062 -1146
  560. data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +8 -4
  561. data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +28 -48
  562. data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +211 -187
  563. data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +26 -78
  564. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +19 -14
  565. data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +21 -2
  566. data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +49 -17
  567. data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +99 -29
  568. data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +49 -60
  569. data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +2 -15
  570. data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +16 -200
  571. data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +34 -0
  572. data/third_party/boringssl-with-bazel/src/include/openssl/ctrdrbg.h +82 -0
  573. data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +32 -30
  574. data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +7 -0
  575. data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +4 -0
  576. data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +48 -5
  577. data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h +37 -8
  578. data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +1 -0
  579. data/third_party/boringssl-with-bazel/src/include/openssl/err.h +33 -5
  580. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +22 -30
  581. data/third_party/boringssl-with-bazel/src/include/openssl/ex_data.h +1 -1
  582. data/third_party/boringssl-with-bazel/src/include/openssl/hmac.h +7 -0
  583. data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +41 -16
  584. data/third_party/boringssl-with-bazel/src/include/openssl/kdf.h +91 -0
  585. data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +74 -8
  586. data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +13 -0
  587. data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +1 -0
  588. data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +11 -15
  589. data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +8 -0
  590. data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +12 -1
  591. data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +7 -4
  592. data/third_party/boringssl-with-bazel/src/include/openssl/service_indicator.h +96 -0
  593. data/third_party/boringssl-with-bazel/src/include/openssl/span.h +13 -21
  594. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +139 -75
  595. data/third_party/boringssl-with-bazel/src/include/openssl/ssl3.h +1 -6
  596. data/third_party/boringssl-with-bazel/src/include/openssl/stack.h +384 -286
  597. data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +5 -6
  598. data/third_party/boringssl-with-bazel/src/include/openssl/time.h +41 -0
  599. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +18 -7
  600. data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +49 -23
  601. data/third_party/boringssl-with-bazel/src/include/openssl/type_check.h +0 -11
  602. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +1592 -1074
  603. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +202 -205
  604. data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +2 -2
  605. data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +6 -13
  606. data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +17 -18
  607. data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +4 -5
  608. data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +25 -33
  609. data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +34 -20
  610. data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +65 -34
  611. data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +198 -54
  612. data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +5 -5
  613. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +32 -28
  614. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +76 -44
  615. data/third_party/boringssl-with-bazel/src/ssl/internal.h +130 -98
  616. data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +27 -11
  617. data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
  618. data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +91 -75
  619. data/third_party/boringssl-with-bazel/src/ssl/ssl_aead_ctx.cc +8 -10
  620. data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +39 -65
  621. data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +1 -0
  622. data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +5 -9
  623. data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +30 -33
  624. data/third_party/boringssl-with-bazel/src/ssl/ssl_file.cc +77 -100
  625. data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +120 -107
  626. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +164 -30
  627. data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +150 -60
  628. data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +22 -11
  629. data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +22 -6
  630. data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +15 -13
  631. data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +5 -43
  632. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +7 -4
  633. data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +2 -2
  634. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +22 -34
  635. data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +2 -2
  636. data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +16 -98
  637. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +1241 -657
  638. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +751 -398
  639. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +3551 -1938
  640. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +1272 -487
  641. metadata +103 -70
  642. data/src/core/ext/filters/client_channel/lb_call_state_internal.h +0 -39
  643. data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.cc +0 -30
  644. data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.h +0 -29
  645. data/src/core/lib/gprpp/global_config.h +0 -93
  646. data/src/core/lib/gprpp/global_config_env.cc +0 -140
  647. data/src/core/lib/gprpp/global_config_env.h +0 -133
  648. data/src/core/lib/gprpp/global_config_generic.h +0 -40
  649. data/src/core/lib/promise/intra_activity_waiter.h +0 -55
  650. data/src/core/lib/security/security_connector/ssl_utils_config.cc +0 -32
  651. data/src/core/lib/security/security_connector/ssl_utils_config.h +0 -29
  652. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +0 -195
  653. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_print.c +0 -83
  654. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utf8.c +0 -236
  655. data/third_party/boringssl-with-bazel/src/crypto/asn1/charmap.h +0 -15
  656. data/third_party/boringssl-with-bazel/src/crypto/asn1/time_support.c +0 -206
  657. data/third_party/boringssl-with-bazel/src/crypto/cpu-ppc64le.c +0 -38
  658. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1-altivec.c +0 -361
  659. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_cache.c +0 -287
  660. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +0 -132
  661. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_lib.c +0 -155
  662. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_map.c +0 -131
  663. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_node.c +0 -189
  664. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_tree.c +0 -843
  665. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pci.c +0 -289
  666. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcia.c +0 -57
  667. /data/src/core/lib/gpr/{log_android.cc → android/log.cc} +0 -0
  668. /data/src/core/lib/gpr/{cpu_iphone.cc → iphone/cpu.cc} +0 -0
  669. /data/src/core/lib/gpr/{cpu_linux.cc → linux/cpu.cc} +0 -0
  670. /data/src/core/lib/gpr/{log_linux.cc → linux/log.cc} +0 -0
  671. /data/src/core/lib/gpr/{tmpfile_msys.cc → msys/tmpfile.cc} +0 -0
  672. /data/src/core/lib/gpr/{cpu_posix.cc → posix/cpu.cc} +0 -0
  673. /data/src/core/lib/gpr/{log_posix.cc → posix/log.cc} +0 -0
  674. /data/src/core/lib/gpr/{string_posix.cc → posix/string.cc} +0 -0
  675. /data/src/core/lib/gpr/{sync_posix.cc → posix/sync.cc} +0 -0
  676. /data/src/core/lib/gpr/{time_posix.cc → posix/time.cc} +0 -0
  677. /data/src/core/lib/gpr/{tmpfile_posix.cc → posix/tmpfile.cc} +0 -0
  678. /data/src/core/lib/gpr/{cpu_windows.cc → windows/cpu.cc} +0 -0
  679. /data/src/core/lib/gpr/{log_windows.cc → windows/log.cc} +0 -0
  680. /data/src/core/lib/gpr/{string_windows.cc → windows/string.cc} +0 -0
  681. /data/src/core/lib/gpr/{string_util_windows.cc → windows/string_util.cc} +0 -0
  682. /data/src/core/lib/gpr/{sync_windows.cc → windows/sync.cc} +0 -0
  683. /data/src/core/lib/gpr/{time_windows.cc → windows/time.cc} +0 -0
  684. /data/src/core/lib/gpr/{tmpfile_windows.cc → windows/tmpfile.cc} +0 -0
  685. /data/src/core/lib/gprpp/{env_linux.cc → linux/env.cc} +0 -0
  686. /data/src/core/lib/gprpp/{env_posix.cc → posix/env.cc} +0 -0
  687. /data/src/core/lib/gprpp/{stat_posix.cc → posix/stat.cc} +0 -0
  688. /data/src/core/lib/gprpp/{env_windows.cc → windows/env.cc} +0 -0
  689. /data/src/core/lib/gprpp/{stat_windows.cc → windows/stat.cc} +0 -0
@@ -1,4 +1,3 @@
1
- /* crypto/asn1/x_x509.c */
2
1
  /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3
2
  * All rights reserved.
4
3
  *
@@ -68,327 +67,486 @@
68
67
  #include <openssl/x509.h>
69
68
  #include <openssl/x509v3.h>
70
69
 
70
+ #include "../asn1/internal.h"
71
+ #include "../bytestring/internal.h"
71
72
  #include "../internal.h"
72
73
  #include "internal.h"
73
74
 
74
75
  static CRYPTO_EX_DATA_CLASS g_ex_data_class = CRYPTO_EX_DATA_CLASS_INIT;
75
76
 
76
77
  ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = {
77
- ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0),
78
- ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER),
79
- ASN1_SIMPLE(X509_CINF, signature, X509_ALGOR),
80
- ASN1_SIMPLE(X509_CINF, issuer, X509_NAME),
81
- ASN1_SIMPLE(X509_CINF, validity, X509_VAL),
82
- ASN1_SIMPLE(X509_CINF, subject, X509_NAME),
83
- ASN1_SIMPLE(X509_CINF, key, X509_PUBKEY),
84
- ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1),
85
- ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2),
86
- ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3)
78
+ ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0),
79
+ ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER),
80
+ ASN1_SIMPLE(X509_CINF, signature, X509_ALGOR),
81
+ ASN1_SIMPLE(X509_CINF, issuer, X509_NAME),
82
+ ASN1_SIMPLE(X509_CINF, validity, X509_VAL),
83
+ ASN1_SIMPLE(X509_CINF, subject, X509_NAME),
84
+ ASN1_SIMPLE(X509_CINF, key, X509_PUBKEY),
85
+ ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1),
86
+ ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2),
87
+ ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3),
87
88
  } ASN1_SEQUENCE_END_enc(X509_CINF, X509_CINF)
88
89
 
89
90
  IMPLEMENT_ASN1_FUNCTIONS(X509_CINF)
90
- /* X509 top level structure needs a bit of customisation */
91
-
92
- extern void policy_cache_free(X509_POLICY_CACHE *cache);
93
-
94
- static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
95
- void *exarg)
96
- {
97
- X509 *ret = (X509 *)*pval;
98
-
99
- switch (operation) {
100
-
101
- case ASN1_OP_NEW_POST:
102
- ret->ex_flags = 0;
103
- ret->ex_pathlen = -1;
104
- ret->skid = NULL;
105
- ret->akid = NULL;
106
- ret->aux = NULL;
107
- ret->crldp = NULL;
108
- ret->buf = NULL;
109
- CRYPTO_new_ex_data(&ret->ex_data);
110
- CRYPTO_MUTEX_init(&ret->lock);
111
- break;
112
-
113
- case ASN1_OP_D2I_PRE:
114
- CRYPTO_BUFFER_free(ret->buf);
115
- ret->buf = NULL;
116
- break;
117
-
118
- case ASN1_OP_D2I_POST: {
119
- /* The version must be one of v1(0), v2(1), or v3(2). */
120
- long version = 0;
121
- if (ret->cert_info->version != NULL) {
122
- version = ASN1_INTEGER_get(ret->cert_info->version);
123
- /* TODO(https://crbug.com/boringssl/364): |version| = 0 should also
124
- * be rejected. This means an explicitly-encoded X.509v1 version.
125
- * v1 is DEFAULT, so DER requires it be omitted. */
126
- if (version < 0 || version > 2) {
127
- OPENSSL_PUT_ERROR(X509, X509_R_INVALID_VERSION);
128
- return 0;
129
- }
130
- }
131
-
132
- /* Per RFC 5280, section 4.1.2.8, these fields require v2 or v3. */
133
- if (version == 0 && (ret->cert_info->issuerUID != NULL ||
134
- ret->cert_info->subjectUID != NULL)) {
135
- OPENSSL_PUT_ERROR(X509, X509_R_INVALID_FIELD_FOR_VERSION);
136
- return 0;
137
- }
138
-
139
- /* Per RFC 5280, section 4.1.2.9, extensions require v3. */
140
- if (version != 2 && ret->cert_info->extensions != NULL) {
141
- OPENSSL_PUT_ERROR(X509, X509_R_INVALID_FIELD_FOR_VERSION);
142
- return 0;
143
- }
144
-
145
- break;
146
- }
147
91
 
148
- case ASN1_OP_FREE_POST:
149
- CRYPTO_MUTEX_cleanup(&ret->lock);
150
- CRYPTO_free_ex_data(&g_ex_data_class, ret, &ret->ex_data);
151
- X509_CERT_AUX_free(ret->aux);
152
- ASN1_OCTET_STRING_free(ret->skid);
153
- AUTHORITY_KEYID_free(ret->akid);
154
- CRL_DIST_POINTS_free(ret->crldp);
155
- policy_cache_free(ret->policy_cache);
156
- GENERAL_NAMES_free(ret->altname);
157
- NAME_CONSTRAINTS_free(ret->nc);
158
- CRYPTO_BUFFER_free(ret->buf);
159
- break;
92
+ // x509_new_null returns a new |X509| object where the |cert_info|, |sig_alg|,
93
+ // and |signature| fields are not yet filled in.
94
+ static X509 *x509_new_null(void) {
95
+ X509 *ret = OPENSSL_malloc(sizeof(X509));
96
+ if (ret == NULL) {
97
+ return NULL;
98
+ }
99
+ OPENSSL_memset(ret, 0, sizeof(X509));
100
+
101
+ ret->references = 1;
102
+ ret->ex_pathlen = -1;
103
+ CRYPTO_new_ex_data(&ret->ex_data);
104
+ CRYPTO_MUTEX_init(&ret->lock);
105
+ return ret;
106
+ }
107
+
108
+ X509 *X509_new(void) {
109
+ X509 *ret = x509_new_null();
110
+ if (ret == NULL) {
111
+ return NULL;
112
+ }
113
+
114
+ ret->cert_info = X509_CINF_new();
115
+ ret->sig_alg = X509_ALGOR_new();
116
+ ret->signature = ASN1_BIT_STRING_new();
117
+ if (ret->cert_info == NULL || ret->sig_alg == NULL ||
118
+ ret->signature == NULL) {
119
+ X509_free(ret);
120
+ return NULL;
121
+ }
122
+
123
+ return ret;
124
+ }
125
+
126
+ void X509_free(X509 *x509) {
127
+ if (x509 == NULL || !CRYPTO_refcount_dec_and_test_zero(&x509->references)) {
128
+ return;
129
+ }
130
+
131
+ CRYPTO_free_ex_data(&g_ex_data_class, x509, &x509->ex_data);
132
+
133
+ X509_CINF_free(x509->cert_info);
134
+ X509_ALGOR_free(x509->sig_alg);
135
+ ASN1_BIT_STRING_free(x509->signature);
136
+ ASN1_OCTET_STRING_free(x509->skid);
137
+ AUTHORITY_KEYID_free(x509->akid);
138
+ CRL_DIST_POINTS_free(x509->crldp);
139
+ GENERAL_NAMES_free(x509->altname);
140
+ NAME_CONSTRAINTS_free(x509->nc);
141
+ X509_CERT_AUX_free(x509->aux);
142
+ CRYPTO_MUTEX_cleanup(&x509->lock);
143
+
144
+ OPENSSL_free(x509);
145
+ }
146
+
147
+ static X509 *x509_parse(CBS *cbs, CRYPTO_BUFFER *buf) {
148
+ CBS cert, tbs, sigalg, sig;
149
+ if (!CBS_get_asn1(cbs, &cert, CBS_ASN1_SEQUENCE) ||
150
+ // Bound the length to comfortably fit in an int. Lengths in this
151
+ // module often omit overflow checks.
152
+ CBS_len(&cert) > INT_MAX / 2 ||
153
+ !CBS_get_asn1_element(&cert, &tbs, CBS_ASN1_SEQUENCE) ||
154
+ !CBS_get_asn1_element(&cert, &sigalg, CBS_ASN1_SEQUENCE)) {
155
+ OPENSSL_PUT_ERROR(ASN1, ASN1_R_DECODE_ERROR);
156
+ return NULL;
157
+ }
158
+
159
+ // For just the signature field, we accept non-minimal BER lengths, though not
160
+ // indefinite-length encoding. See b/18228011.
161
+ //
162
+ // TODO(crbug.com/boringssl/354): Switch the affected callers to convert the
163
+ // certificate before parsing and then remove this workaround.
164
+ CBS_ASN1_TAG tag;
165
+ size_t header_len;
166
+ int indefinite;
167
+ if (!CBS_get_any_ber_asn1_element(&cert, &sig, &tag, &header_len,
168
+ /*out_ber_found=*/NULL,
169
+ &indefinite) ||
170
+ tag != CBS_ASN1_BITSTRING || indefinite || //
171
+ !CBS_skip(&sig, header_len) || //
172
+ CBS_len(&cert) != 0) {
173
+ OPENSSL_PUT_ERROR(ASN1, ASN1_R_DECODE_ERROR);
174
+ return NULL;
175
+ }
176
+
177
+ X509 *ret = x509_new_null();
178
+ if (ret == NULL) {
179
+ return NULL;
180
+ }
181
+
182
+ // TODO(crbug.com/boringssl/443): When the rest of the library is decoupled
183
+ // from the tasn_*.c implementation, replace this with |CBS|-based functions.
184
+ const uint8_t *inp = CBS_data(&tbs);
185
+ if (ASN1_item_ex_d2i((ASN1_VALUE **)&ret->cert_info, &inp, CBS_len(&tbs),
186
+ ASN1_ITEM_rptr(X509_CINF), /*tag=*/-1,
187
+ /*aclass=*/0, /*opt=*/0, buf) <= 0 ||
188
+ inp != CBS_data(&tbs) + CBS_len(&tbs)) {
189
+ goto err;
190
+ }
191
+
192
+ inp = CBS_data(&sigalg);
193
+ ret->sig_alg = d2i_X509_ALGOR(NULL, &inp, CBS_len(&sigalg));
194
+ if (ret->sig_alg == NULL || inp != CBS_data(&sigalg) + CBS_len(&sigalg)) {
195
+ goto err;
196
+ }
197
+
198
+ inp = CBS_data(&sig);
199
+ ret->signature = c2i_ASN1_BIT_STRING(NULL, &inp, CBS_len(&sig));
200
+ if (ret->signature == NULL || inp != CBS_data(&sig) + CBS_len(&sig)) {
201
+ goto err;
202
+ }
160
203
 
204
+ // The version must be one of v1(0), v2(1), or v3(2).
205
+ long version = X509_VERSION_1;
206
+ if (ret->cert_info->version != NULL) {
207
+ version = ASN1_INTEGER_get(ret->cert_info->version);
208
+ // TODO(https://crbug.com/boringssl/364): |X509_VERSION_1| should
209
+ // also be rejected here. This means an explicitly-encoded X.509v1
210
+ // version. v1 is DEFAULT, so DER requires it be omitted.
211
+ if (version < X509_VERSION_1 || version > X509_VERSION_3) {
212
+ OPENSSL_PUT_ERROR(X509, X509_R_INVALID_VERSION);
213
+ goto err;
161
214
  }
215
+ }
162
216
 
163
- return 1;
217
+ // Per RFC 5280, section 4.1.2.8, these fields require v2 or v3.
218
+ if (version == X509_VERSION_1 && (ret->cert_info->issuerUID != NULL ||
219
+ ret->cert_info->subjectUID != NULL)) {
220
+ OPENSSL_PUT_ERROR(X509, X509_R_INVALID_FIELD_FOR_VERSION);
221
+ goto err;
222
+ }
223
+
224
+ // Per RFC 5280, section 4.1.2.9, extensions require v3.
225
+ if (version != X509_VERSION_3 && ret->cert_info->extensions != NULL) {
226
+ OPENSSL_PUT_ERROR(X509, X509_R_INVALID_FIELD_FOR_VERSION);
227
+ goto err;
228
+ }
164
229
 
230
+ return ret;
231
+
232
+ err:
233
+ X509_free(ret);
234
+ return NULL;
165
235
  }
166
236
 
167
- ASN1_SEQUENCE_ref(X509, x509_cb) = {
168
- ASN1_SIMPLE(X509, cert_info, X509_CINF),
169
- ASN1_SIMPLE(X509, sig_alg, X509_ALGOR),
170
- ASN1_SIMPLE(X509, signature, ASN1_BIT_STRING)
171
- } ASN1_SEQUENCE_END_ref(X509, X509)
237
+ X509 *d2i_X509(X509 **out, const uint8_t **inp, long len) {
238
+ X509 *ret = NULL;
239
+ if (len < 0) {
240
+ OPENSSL_PUT_ERROR(ASN1, ASN1_R_BUFFER_TOO_SMALL);
241
+ goto err;
242
+ }
172
243
 
173
- IMPLEMENT_ASN1_FUNCTIONS(X509)
244
+ CBS cbs;
245
+ CBS_init(&cbs, *inp, (size_t)len);
246
+ ret = x509_parse(&cbs, NULL);
247
+ if (ret == NULL) {
248
+ goto err;
249
+ }
174
250
 
175
- IMPLEMENT_ASN1_DUP_FUNCTION(X509)
251
+ *inp = CBS_data(&cbs);
176
252
 
177
- X509 *X509_parse_from_buffer(CRYPTO_BUFFER *buf) {
178
- if (CRYPTO_BUFFER_len(buf) > LONG_MAX) {
179
- OPENSSL_PUT_ERROR(SSL, ERR_R_OVERFLOW);
180
- return 0;
253
+ err:
254
+ if (out != NULL) {
255
+ X509_free(*out);
256
+ *out = ret;
181
257
  }
258
+ return ret;
259
+ }
182
260
 
183
- X509 *x509 = X509_new();
261
+ int i2d_X509(X509 *x509, uint8_t **outp) {
184
262
  if (x509 == NULL) {
185
- return NULL;
263
+ OPENSSL_PUT_ERROR(ASN1, ASN1_R_MISSING_VALUE);
264
+ return -1;
265
+ }
266
+
267
+ CBB cbb, cert;
268
+ if (!CBB_init(&cbb, 64) || //
269
+ !CBB_add_asn1(&cbb, &cert, CBS_ASN1_SEQUENCE)) {
270
+ goto err;
271
+ }
272
+
273
+ // TODO(crbug.com/boringssl/443): When the rest of the library is decoupled
274
+ // from the tasn_*.c implementation, replace this with |CBS|-based functions.
275
+ uint8_t *out;
276
+ int len = i2d_X509_CINF(x509->cert_info, NULL);
277
+ if (len < 0 || //
278
+ !CBB_add_space(&cert, &out, (size_t)len) ||
279
+ i2d_X509_CINF(x509->cert_info, &out) != len) {
280
+ goto err;
281
+ }
282
+
283
+ len = i2d_X509_ALGOR(x509->sig_alg, NULL);
284
+ if (len < 0 || //
285
+ !CBB_add_space(&cert, &out, (size_t)len) ||
286
+ i2d_X509_ALGOR(x509->sig_alg, &out) != len) {
287
+ goto err;
288
+ }
289
+
290
+ len = i2d_ASN1_BIT_STRING(x509->signature, NULL);
291
+ if (len < 0 || //
292
+ !CBB_add_space(&cert, &out, (size_t)len) ||
293
+ i2d_ASN1_BIT_STRING(x509->signature, &out) != len) {
294
+ goto err;
295
+ }
296
+
297
+ return CBB_finish_i2d(&cbb, outp);
298
+
299
+ err:
300
+ CBB_cleanup(&cbb);
301
+ return -1;
302
+ }
303
+
304
+ static int x509_new_cb(ASN1_VALUE **pval, const ASN1_ITEM *it) {
305
+ *pval = (ASN1_VALUE *)X509_new();
306
+ return *pval != NULL;
307
+ }
308
+
309
+ static void x509_free_cb(ASN1_VALUE **pval, const ASN1_ITEM *it) {
310
+ X509_free((X509 *)*pval);
311
+ *pval = NULL;
312
+ }
313
+
314
+ static int x509_d2i_cb(ASN1_VALUE **pval, const unsigned char **in, long len,
315
+ const ASN1_ITEM *it, int opt, ASN1_TLC *ctx) {
316
+ if (len < 0) {
317
+ OPENSSL_PUT_ERROR(ASN1, ASN1_R_BUFFER_TOO_SMALL);
318
+ return 0;
319
+ }
320
+
321
+ CBS cbs;
322
+ CBS_init(&cbs, *in, len);
323
+ if (opt && !CBS_peek_asn1_tag(&cbs, CBS_ASN1_SEQUENCE)) {
324
+ return -1;
186
325
  }
187
326
 
188
- x509->cert_info->enc.alias_only_on_next_parse = 1;
327
+ X509 *ret = x509_parse(&cbs, NULL);
328
+ if (ret == NULL) {
329
+ return 0;
330
+ }
331
+
332
+ *in = CBS_data(&cbs);
333
+ X509_free((X509 *)*pval);
334
+ *pval = (ASN1_VALUE *)ret;
335
+ return 1;
336
+ }
189
337
 
190
- const uint8_t *inp = CRYPTO_BUFFER_data(buf);
191
- X509 *x509p = x509;
192
- X509 *ret = d2i_X509(&x509p, &inp, CRYPTO_BUFFER_len(buf));
193
- if (ret == NULL ||
194
- inp - CRYPTO_BUFFER_data(buf) != (ptrdiff_t)CRYPTO_BUFFER_len(buf)) {
195
- X509_free(x509p);
338
+ static int x509_i2d_cb(ASN1_VALUE **pval, unsigned char **out,
339
+ const ASN1_ITEM *it) {
340
+ return i2d_X509((X509 *)*pval, out);
341
+ }
342
+
343
+ static const ASN1_EXTERN_FUNCS x509_extern_funcs = {
344
+ x509_new_cb,
345
+ x509_free_cb,
346
+ /*asn1_ex_clear=*/NULL,
347
+ x509_d2i_cb,
348
+ x509_i2d_cb,
349
+ };
350
+
351
+ IMPLEMENT_EXTERN_ASN1(X509, V_ASN1_SEQUENCE, x509_extern_funcs)
352
+
353
+ X509 *X509_dup(X509 *x509) {
354
+ uint8_t *der = NULL;
355
+ int len = i2d_X509(x509, &der);
356
+ if (len < 0) {
196
357
  return NULL;
197
358
  }
198
- assert(x509p == x509);
199
- assert(ret == x509);
200
359
 
201
- CRYPTO_BUFFER_up_ref(buf);
202
- ret->buf = buf;
360
+ const uint8_t *inp = der;
361
+ X509 *ret = d2i_X509(NULL, &inp, len);
362
+ OPENSSL_free(der);
363
+ return ret;
364
+ }
365
+
366
+ X509 *X509_parse_from_buffer(CRYPTO_BUFFER *buf) {
367
+ CBS cbs;
368
+ CBS_init(&cbs, CRYPTO_BUFFER_data(buf), CRYPTO_BUFFER_len(buf));
369
+ X509 *ret = x509_parse(&cbs, buf);
370
+ if (ret == NULL || CBS_len(&cbs) != 0) {
371
+ X509_free(ret);
372
+ return NULL;
373
+ }
203
374
 
204
375
  return ret;
205
376
  }
206
377
 
207
- int X509_up_ref(X509 *x)
208
- {
209
- CRYPTO_refcount_inc(&x->references);
210
- return 1;
378
+ int X509_up_ref(X509 *x) {
379
+ CRYPTO_refcount_inc(&x->references);
380
+ return 1;
211
381
  }
212
382
 
213
- int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_unused * unused,
214
- CRYPTO_EX_dup *dup_unused, CRYPTO_EX_free *free_func)
215
- {
216
- int index;
217
- if (!CRYPTO_get_ex_new_index(&g_ex_data_class, &index, argl, argp,
218
- free_func)) {
219
- return -1;
220
- }
221
- return index;
383
+ int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_unused *unused,
384
+ CRYPTO_EX_dup *dup_unused,
385
+ CRYPTO_EX_free *free_func) {
386
+ int index;
387
+ if (!CRYPTO_get_ex_new_index(&g_ex_data_class, &index, argl, argp,
388
+ free_func)) {
389
+ return -1;
390
+ }
391
+ return index;
222
392
  }
223
393
 
224
- int X509_set_ex_data(X509 *r, int idx, void *arg)
225
- {
226
- return (CRYPTO_set_ex_data(&r->ex_data, idx, arg));
394
+ int X509_set_ex_data(X509 *r, int idx, void *arg) {
395
+ return (CRYPTO_set_ex_data(&r->ex_data, idx, arg));
227
396
  }
228
397
 
229
- void *X509_get_ex_data(X509 *r, int idx)
230
- {
231
- return (CRYPTO_get_ex_data(&r->ex_data, idx));
398
+ void *X509_get_ex_data(X509 *r, int idx) {
399
+ return (CRYPTO_get_ex_data(&r->ex_data, idx));
232
400
  }
233
401
 
234
- /*
235
- * X509_AUX ASN1 routines. X509_AUX is the name given to a certificate with
236
- * extra info tagged on the end. Since these functions set how a certificate
237
- * is trusted they should only be used when the certificate comes from a
238
- * reliable source such as local storage.
239
- */
240
-
241
- X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
242
- {
243
- const unsigned char *q = *pp;
244
- X509 *ret;
245
- int freeret = 0;
246
-
247
- if (!a || *a == NULL)
248
- freeret = 1;
249
- ret = d2i_X509(a, &q, length);
250
- /* If certificate unreadable then forget it */
251
- if (!ret)
252
- return NULL;
253
- /* update length */
254
- length -= q - *pp;
255
- /* Parse auxiliary information if there is any. */
256
- if (length > 0 && !d2i_X509_CERT_AUX(&ret->aux, &q, length))
257
- goto err;
258
- *pp = q;
259
- return ret;
260
- err:
261
- if (freeret) {
262
- X509_free(ret);
263
- if (a)
264
- *a = NULL;
265
- }
402
+ // X509_AUX ASN1 routines. X509_AUX is the name given to a certificate with
403
+ // extra info tagged on the end. Since these functions set how a certificate
404
+ // is trusted they should only be used when the certificate comes from a
405
+ // reliable source such as local storage.
406
+
407
+ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length) {
408
+ const unsigned char *q = *pp;
409
+ X509 *ret;
410
+ int freeret = 0;
411
+
412
+ if (!a || *a == NULL) {
413
+ freeret = 1;
414
+ }
415
+ ret = d2i_X509(a, &q, length);
416
+ // If certificate unreadable then forget it
417
+ if (!ret) {
266
418
  return NULL;
419
+ }
420
+ // update length
421
+ length -= q - *pp;
422
+ // Parse auxiliary information if there is any.
423
+ if (length > 0 && !d2i_X509_CERT_AUX(&ret->aux, &q, length)) {
424
+ goto err;
425
+ }
426
+ *pp = q;
427
+ return ret;
428
+ err:
429
+ if (freeret) {
430
+ X509_free(ret);
431
+ if (a) {
432
+ *a = NULL;
433
+ }
434
+ }
435
+ return NULL;
267
436
  }
268
437
 
269
- /*
270
- * Serialize trusted certificate to *pp or just return the required buffer
271
- * length if pp == NULL. We ultimately want to avoid modifying *pp in the
272
- * error path, but that depends on similar hygiene in lower-level functions.
273
- * Here we avoid compounding the problem.
274
- */
275
- static int i2d_x509_aux_internal(X509 *a, unsigned char **pp)
276
- {
277
- int length, tmplen;
278
- unsigned char *start = pp != NULL ? *pp : NULL;
279
-
280
- assert(pp == NULL || *pp != NULL);
281
-
282
- /*
283
- * This might perturb *pp on error, but fixing that belongs in i2d_X509()
284
- * not here. It should be that if a == NULL length is zero, but we check
285
- * both just in case.
286
- */
287
- length = i2d_X509(a, pp);
288
- if (length <= 0 || a == NULL) {
289
- return length;
290
- }
438
+ // Serialize trusted certificate to *pp or just return the required buffer
439
+ // length if pp == NULL. We ultimately want to avoid modifying *pp in the
440
+ // error path, but that depends on similar hygiene in lower-level functions.
441
+ // Here we avoid compounding the problem.
442
+ static int i2d_x509_aux_internal(X509 *a, unsigned char **pp) {
443
+ int length, tmplen;
444
+ unsigned char *start = pp != NULL ? *pp : NULL;
445
+
446
+ assert(pp == NULL || *pp != NULL);
447
+
448
+ // This might perturb *pp on error, but fixing that belongs in i2d_X509()
449
+ // not here. It should be that if a == NULL length is zero, but we check
450
+ // both just in case.
451
+ length = i2d_X509(a, pp);
452
+ if (length <= 0 || a == NULL) {
453
+ return length;
454
+ }
291
455
 
292
- if (a->aux != NULL) {
293
- tmplen = i2d_X509_CERT_AUX(a->aux, pp);
294
- if (tmplen < 0) {
295
- if (start != NULL)
296
- *pp = start;
297
- return tmplen;
298
- }
299
- length += tmplen;
456
+ if (a->aux != NULL) {
457
+ tmplen = i2d_X509_CERT_AUX(a->aux, pp);
458
+ if (tmplen < 0) {
459
+ if (start != NULL) {
460
+ *pp = start;
461
+ }
462
+ return tmplen;
300
463
  }
464
+ length += tmplen;
465
+ }
301
466
 
302
- return length;
467
+ return length;
303
468
  }
304
469
 
305
- /*
306
- * Serialize trusted certificate to *pp, or just return the required buffer
307
- * length if pp == NULL.
308
- *
309
- * When pp is not NULL, but *pp == NULL, we allocate the buffer, but since
310
- * we're writing two ASN.1 objects back to back, we can't have i2d_X509() do
311
- * the allocation, nor can we allow i2d_X509_CERT_AUX() to increment the
312
- * allocated buffer.
313
- */
314
- int i2d_X509_AUX(X509 *a, unsigned char **pp)
315
- {
316
- int length;
317
- unsigned char *tmp;
318
-
319
- /* Buffer provided by caller */
320
- if (pp == NULL || *pp != NULL)
321
- return i2d_x509_aux_internal(a, pp);
322
-
323
- /* Obtain the combined length */
324
- if ((length = i2d_x509_aux_internal(a, NULL)) <= 0)
325
- return length;
326
-
327
- /* Allocate requisite combined storage */
328
- *pp = tmp = OPENSSL_malloc(length);
329
- if (tmp == NULL)
330
- return -1; /* Push error onto error stack? */
331
-
332
- /* Encode, but keep *pp at the originally malloced pointer */
333
- length = i2d_x509_aux_internal(a, &tmp);
334
- if (length <= 0) {
335
- OPENSSL_free(*pp);
336
- *pp = NULL;
337
- }
470
+ // Serialize trusted certificate to *pp, or just return the required buffer
471
+ // length if pp == NULL.
472
+ //
473
+ // When pp is not NULL, but *pp == NULL, we allocate the buffer, but since
474
+ // we're writing two ASN.1 objects back to back, we can't have i2d_X509() do
475
+ // the allocation, nor can we allow i2d_X509_CERT_AUX() to increment the
476
+ // allocated buffer.
477
+ int i2d_X509_AUX(X509 *a, unsigned char **pp) {
478
+ int length;
479
+ unsigned char *tmp;
480
+
481
+ // Buffer provided by caller
482
+ if (pp == NULL || *pp != NULL) {
483
+ return i2d_x509_aux_internal(a, pp);
484
+ }
485
+
486
+ // Obtain the combined length
487
+ if ((length = i2d_x509_aux_internal(a, NULL)) <= 0) {
338
488
  return length;
489
+ }
490
+
491
+ // Allocate requisite combined storage
492
+ *pp = tmp = OPENSSL_malloc(length);
493
+ if (tmp == NULL) {
494
+ return -1; // Push error onto error stack?
495
+ }
496
+
497
+ // Encode, but keep *pp at the originally malloced pointer
498
+ length = i2d_x509_aux_internal(a, &tmp);
499
+ if (length <= 0) {
500
+ OPENSSL_free(*pp);
501
+ *pp = NULL;
502
+ }
503
+ return length;
339
504
  }
340
505
 
341
- int i2d_re_X509_tbs(X509 *x509, unsigned char **outp)
342
- {
343
- x509->cert_info->enc.modified = 1;
344
- return i2d_X509_CINF(x509->cert_info, outp);
506
+ int i2d_re_X509_tbs(X509 *x509, unsigned char **outp) {
507
+ asn1_encoding_clear(&x509->cert_info->enc);
508
+ return i2d_X509_CINF(x509->cert_info, outp);
345
509
  }
346
510
 
347
- int i2d_X509_tbs(X509 *x509, unsigned char **outp)
348
- {
349
- return i2d_X509_CINF(x509->cert_info, outp);
511
+ int i2d_X509_tbs(X509 *x509, unsigned char **outp) {
512
+ return i2d_X509_CINF(x509->cert_info, outp);
350
513
  }
351
514
 
352
- int X509_set1_signature_algo(X509 *x509, const X509_ALGOR *algo)
353
- {
354
- /* TODO(davidben): Const-correct generated ASN.1 dup functions.
355
- * Alternatively, when the types are hidden and we can embed required fields
356
- * directly in structs, import |X509_ALGOR_copy| from upstream. */
357
- X509_ALGOR *copy1 = X509_ALGOR_dup((X509_ALGOR *)algo);
358
- X509_ALGOR *copy2 = X509_ALGOR_dup((X509_ALGOR *)algo);
359
- if (copy1 == NULL || copy2 == NULL) {
360
- X509_ALGOR_free(copy1);
361
- X509_ALGOR_free(copy2);
362
- return 0;
363
- }
515
+ int X509_set1_signature_algo(X509 *x509, const X509_ALGOR *algo) {
516
+ X509_ALGOR *copy1 = X509_ALGOR_dup(algo);
517
+ X509_ALGOR *copy2 = X509_ALGOR_dup(algo);
518
+ if (copy1 == NULL || copy2 == NULL) {
519
+ X509_ALGOR_free(copy1);
520
+ X509_ALGOR_free(copy2);
521
+ return 0;
522
+ }
364
523
 
365
- X509_ALGOR_free(x509->sig_alg);
366
- x509->sig_alg = copy1;
367
- X509_ALGOR_free(x509->cert_info->signature);
368
- x509->cert_info->signature = copy2;
369
- return 1;
524
+ X509_ALGOR_free(x509->sig_alg);
525
+ x509->sig_alg = copy1;
526
+ X509_ALGOR_free(x509->cert_info->signature);
527
+ x509->cert_info->signature = copy2;
528
+ return 1;
370
529
  }
371
530
 
372
- int X509_set1_signature_value(X509 *x509, const uint8_t *sig, size_t sig_len)
373
- {
374
- if (!ASN1_STRING_set(x509->signature, sig, sig_len)) {
375
- return 0;
376
- }
377
- x509->signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
378
- x509->signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
379
- return 1;
531
+ int X509_set1_signature_value(X509 *x509, const uint8_t *sig, size_t sig_len) {
532
+ if (!ASN1_STRING_set(x509->signature, sig, sig_len)) {
533
+ return 0;
534
+ }
535
+ x509->signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
536
+ x509->signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
537
+ return 1;
380
538
  }
381
539
 
382
540
  void X509_get0_signature(const ASN1_BIT_STRING **psig, const X509_ALGOR **palg,
383
- const X509 *x)
384
- {
385
- if (psig)
386
- *psig = x->signature;
387
- if (palg)
388
- *palg = x->sig_alg;
541
+ const X509 *x) {
542
+ if (psig) {
543
+ *psig = x->signature;
544
+ }
545
+ if (palg) {
546
+ *palg = x->sig_alg;
547
+ }
389
548
  }
390
549
 
391
- int X509_get_signature_nid(const X509 *x)
392
- {
393
- return OBJ_obj2nid(x->sig_alg->algorithm);
550
+ int X509_get_signature_nid(const X509 *x) {
551
+ return OBJ_obj2nid(x->sig_alg->algorithm);
394
552
  }