grpc 1.53.2 → 1.54.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of grpc might be problematic. Click here for more details.

Files changed (693) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +78 -66
  3. data/include/grpc/event_engine/event_engine.h +30 -14
  4. data/include/grpc/grpc_security.h +4 -0
  5. data/include/grpc/support/port_platform.h +4 -4
  6. data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +11 -0
  7. data/src/core/ext/filters/client_channel/backend_metric.cc +6 -0
  8. data/src/core/ext/filters/client_channel/backup_poller.cc +2 -11
  9. data/src/core/ext/filters/client_channel/backup_poller.h +0 -3
  10. data/src/core/ext/filters/client_channel/client_channel.cc +848 -813
  11. data/src/core/ext/filters/client_channel/client_channel.h +131 -173
  12. data/src/core/ext/filters/client_channel/client_channel_internal.h +114 -0
  13. data/src/core/ext/filters/client_channel/config_selector.h +4 -3
  14. data/src/core/ext/filters/client_channel/lb_policy/backend_metric_data.h +6 -1
  15. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +17 -18
  16. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +134 -151
  17. data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +2 -16
  18. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +14 -10
  19. data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/weighted_round_robin.cc +68 -30
  20. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +11 -3
  21. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +8 -1
  22. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +2 -5
  23. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.cc +2 -2
  24. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +30 -38
  25. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +4 -4
  26. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +20 -26
  27. data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +31 -179
  28. data/src/core/ext/filters/client_channel/resolver/polling_resolver.cc +1 -2
  29. data/src/core/ext/filters/client_channel/resolver/polling_resolver.h +1 -2
  30. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +4 -2
  31. data/src/core/ext/filters/client_channel/retry_filter.cc +95 -102
  32. data/src/core/ext/filters/client_channel/subchannel.cc +2 -4
  33. data/src/core/ext/filters/client_channel/subchannel_stream_client.cc +26 -27
  34. data/src/core/ext/filters/client_channel/subchannel_stream_client.h +8 -5
  35. data/src/core/ext/filters/http/client/http_client_filter.cc +3 -3
  36. data/src/core/ext/filters/http/http_filters_plugin.cc +1 -12
  37. data/src/core/ext/filters/http/message_compress/compression_filter.cc +27 -11
  38. data/src/core/ext/filters/message_size/message_size_filter.cc +141 -224
  39. data/src/core/ext/filters/message_size/message_size_filter.h +48 -3
  40. data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +7 -6
  41. data/src/core/ext/gcp/metadata_query.cc +142 -0
  42. data/src/core/ext/gcp/metadata_query.h +82 -0
  43. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +70 -55
  44. data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +8 -12
  45. data/src/core/ext/transport/chttp2/transport/bin_encoder.h +1 -5
  46. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +116 -58
  47. data/src/core/ext/transport/chttp2/transport/flow_control.cc +5 -2
  48. data/src/core/ext/transport/chttp2/transport/flow_control.h +2 -1
  49. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +4 -1
  50. data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +222 -118
  51. data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +113 -295
  52. data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc +0 -2
  53. data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.h +0 -2
  54. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +277 -451
  55. data/src/core/ext/transport/chttp2/transport/hpack_parser.h +1 -3
  56. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +12 -14
  57. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +1 -9
  58. data/src/core/ext/transport/chttp2/transport/internal.h +16 -3
  59. data/src/core/ext/transport/chttp2/transport/parsing.cc +3 -2
  60. data/src/core/ext/transport/chttp2/transport/writing.cc +10 -5
  61. data/src/core/ext/transport/inproc/inproc_transport.cc +20 -14
  62. data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +5 -3
  63. data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +22 -0
  64. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +5 -3
  65. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +22 -0
  66. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +23 -5
  67. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +94 -3
  68. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +23 -2
  69. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +120 -0
  70. data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.c +6 -3
  71. data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.h +22 -0
  72. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +24 -6
  73. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +111 -12
  74. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +9 -7
  75. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +27 -9
  76. data/src/core/ext/upb-generated/envoy/config/trace/v3/opentelemetry.upb.c +0 -1
  77. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +11 -7
  78. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +56 -12
  79. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.c +5 -3
  80. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.h +24 -0
  81. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.c +5 -3
  82. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.h +24 -0
  83. data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.c +13 -2
  84. data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.h +49 -0
  85. data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.c +24 -9
  86. data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.h +66 -12
  87. data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +191 -187
  88. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +139 -136
  89. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +31 -15
  90. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.h +5 -0
  91. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +12 -9
  92. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +15 -0
  93. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.c +54 -45
  94. data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c +135 -119
  95. data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h +5 -0
  96. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +100 -97
  97. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opentelemetry.upbdefs.c +15 -18
  98. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +272 -264
  99. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +117 -117
  100. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.c +5 -5
  101. data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +5 -5
  102. data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +5 -5
  103. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.c +12 -9
  104. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.h +5 -0
  105. data/src/core/ext/xds/xds_channel_stack_modifier.cc +1 -2
  106. data/src/core/ext/xds/xds_client_stats.cc +29 -15
  107. data/src/core/ext/xds/xds_client_stats.h +24 -20
  108. data/src/core/ext/xds/xds_endpoint.cc +5 -2
  109. data/src/core/ext/xds/xds_endpoint.h +9 -1
  110. data/src/core/ext/xds/xds_http_rbac_filter.cc +1 -1
  111. data/src/core/ext/xds/xds_lb_policy_registry.cc +13 -0
  112. data/src/core/ext/xds/xds_transport_grpc.cc +1 -1
  113. data/src/core/lib/channel/call_finalization.h +1 -1
  114. data/src/core/lib/channel/call_tracer.cc +51 -0
  115. data/src/core/lib/channel/call_tracer.h +101 -38
  116. data/src/core/lib/channel/connected_channel.cc +483 -1050
  117. data/src/core/lib/channel/context.h +8 -1
  118. data/src/core/lib/channel/promise_based_filter.cc +106 -42
  119. data/src/core/lib/channel/promise_based_filter.h +27 -13
  120. data/src/core/lib/channel/server_call_tracer_filter.cc +110 -0
  121. data/src/core/lib/config/config_vars.cc +151 -0
  122. data/src/core/lib/config/config_vars.h +127 -0
  123. data/src/core/lib/config/config_vars_non_generated.cc +51 -0
  124. data/src/core/lib/config/load_config.cc +66 -0
  125. data/src/core/lib/config/load_config.h +49 -0
  126. data/src/core/lib/debug/trace.cc +5 -6
  127. data/src/core/lib/debug/trace.h +0 -5
  128. data/src/core/lib/event_engine/event_engine.cc +37 -2
  129. data/src/core/lib/event_engine/handle_containers.h +7 -22
  130. data/src/core/lib/event_engine/memory_allocator_factory.h +47 -0
  131. data/src/core/lib/event_engine/posix_engine/ev_poll_posix.cc +0 -4
  132. data/src/core/lib/event_engine/posix_engine/event_poller_posix_default.cc +3 -9
  133. data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +48 -15
  134. data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +8 -8
  135. data/src/core/lib/event_engine/posix_engine/posix_engine.cc +6 -5
  136. data/src/core/lib/event_engine/posix_engine/posix_engine.h +0 -1
  137. data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +6 -32
  138. data/src/core/lib/event_engine/posix_engine/posix_engine_listener.h +0 -3
  139. data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +27 -18
  140. data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +0 -3
  141. data/src/core/lib/event_engine/resolved_address.cc +2 -1
  142. data/src/core/lib/event_engine/windows/win_socket.cc +0 -1
  143. data/src/core/lib/event_engine/windows/windows_endpoint.cc +129 -82
  144. data/src/core/lib/event_engine/windows/windows_endpoint.h +21 -5
  145. data/src/core/lib/event_engine/windows/windows_engine.cc +39 -18
  146. data/src/core/lib/event_engine/windows/windows_engine.h +2 -1
  147. data/src/core/lib/event_engine/windows/windows_listener.cc +370 -0
  148. data/src/core/lib/event_engine/windows/windows_listener.h +155 -0
  149. data/src/core/lib/experiments/config.cc +3 -10
  150. data/src/core/lib/experiments/experiments.cc +7 -0
  151. data/src/core/lib/experiments/experiments.h +9 -1
  152. data/src/core/lib/gpr/log.cc +15 -28
  153. data/src/core/lib/gprpp/fork.cc +8 -14
  154. data/src/core/lib/gprpp/orphanable.h +4 -3
  155. data/src/core/lib/gprpp/per_cpu.h +9 -3
  156. data/src/core/lib/gprpp/{thd_posix.cc → posix/thd.cc} +49 -37
  157. data/src/core/lib/gprpp/ref_counted.h +33 -34
  158. data/src/core/lib/gprpp/thd.h +16 -0
  159. data/src/core/lib/gprpp/time.cc +1 -0
  160. data/src/core/lib/gprpp/time.h +4 -4
  161. data/src/core/lib/gprpp/{thd_windows.cc → windows/thd.cc} +2 -2
  162. data/src/core/lib/iomgr/call_combiner.h +2 -2
  163. data/src/core/lib/iomgr/endpoint_cfstream.cc +4 -2
  164. data/src/core/lib/iomgr/ev_posix.cc +13 -53
  165. data/src/core/lib/iomgr/ev_posix.h +0 -3
  166. data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +103 -76
  167. data/src/core/lib/iomgr/iomgr.cc +4 -8
  168. data/src/core/lib/iomgr/iomgr_windows.cc +8 -2
  169. data/src/core/lib/iomgr/pollset_set_windows.cc +9 -9
  170. data/src/core/lib/iomgr/pollset_windows.cc +1 -1
  171. data/src/core/lib/iomgr/socket_utils_common_posix.cc +16 -3
  172. data/src/core/lib/iomgr/tcp_client_windows.cc +2 -2
  173. data/src/core/lib/iomgr/tcp_posix.cc +0 -1
  174. data/src/core/lib/iomgr/tcp_server_posix.cc +19 -55
  175. data/src/core/lib/iomgr/tcp_server_utils_posix.h +0 -12
  176. data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +0 -21
  177. data/src/core/lib/iomgr/tcp_server_windows.cc +176 -9
  178. data/src/core/lib/iomgr/tcp_windows.cc +12 -8
  179. data/src/core/lib/load_balancing/lb_policy.cc +9 -13
  180. data/src/core/lib/load_balancing/lb_policy.h +4 -2
  181. data/src/core/lib/promise/activity.cc +22 -6
  182. data/src/core/lib/promise/activity.h +61 -24
  183. data/src/core/lib/promise/cancel_callback.h +77 -0
  184. data/src/core/lib/promise/detail/basic_seq.h +1 -1
  185. data/src/core/lib/promise/detail/promise_factory.h +4 -0
  186. data/src/core/lib/promise/for_each.h +176 -0
  187. data/src/core/lib/promise/if.h +9 -0
  188. data/src/core/lib/promise/interceptor_list.h +23 -2
  189. data/src/core/lib/promise/latch.h +89 -3
  190. data/src/core/lib/promise/loop.h +13 -9
  191. data/src/core/lib/promise/map.h +7 -0
  192. data/src/core/lib/promise/party.cc +286 -0
  193. data/src/core/lib/promise/party.h +499 -0
  194. data/src/core/lib/promise/pipe.h +197 -57
  195. data/src/core/lib/promise/poll.h +48 -0
  196. data/src/core/lib/promise/promise.h +2 -2
  197. data/src/core/lib/resource_quota/arena.cc +19 -3
  198. data/src/core/lib/resource_quota/arena.h +119 -5
  199. data/src/core/lib/resource_quota/memory_quota.cc +1 -1
  200. data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +12 -35
  201. data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +1 -0
  202. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +0 -59
  203. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +10 -5
  204. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -1
  205. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +13 -0
  206. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +2 -0
  207. data/src/core/lib/security/security_connector/load_system_roots_supported.cc +5 -9
  208. data/src/core/lib/security/security_connector/ssl_utils.cc +11 -25
  209. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +12 -0
  210. data/src/core/lib/security/transport/secure_endpoint.cc +4 -2
  211. data/src/core/lib/security/transport/server_auth_filter.cc +20 -2
  212. data/src/core/lib/slice/slice.cc +1 -1
  213. data/src/core/lib/surface/builtins.cc +2 -0
  214. data/src/core/lib/surface/call.cc +926 -1024
  215. data/src/core/lib/surface/call.h +10 -0
  216. data/src/core/lib/surface/lame_client.cc +1 -0
  217. data/src/core/lib/surface/validate_metadata.cc +42 -43
  218. data/src/core/lib/surface/validate_metadata.h +0 -9
  219. data/src/core/lib/surface/version.cc +2 -2
  220. data/src/core/lib/transport/batch_builder.cc +179 -0
  221. data/src/core/lib/transport/batch_builder.h +468 -0
  222. data/src/core/lib/transport/bdp_estimator.cc +7 -7
  223. data/src/core/lib/transport/bdp_estimator.h +10 -6
  224. data/src/core/lib/transport/custom_metadata.h +30 -0
  225. data/src/core/lib/transport/metadata_batch.cc +5 -2
  226. data/src/core/lib/transport/metadata_batch.h +17 -113
  227. data/src/core/lib/transport/parsed_metadata.h +6 -16
  228. data/src/core/lib/transport/timeout_encoding.cc +6 -1
  229. data/src/core/lib/transport/transport.cc +30 -2
  230. data/src/core/lib/transport/transport.h +70 -14
  231. data/src/core/lib/transport/transport_impl.h +7 -0
  232. data/src/core/lib/transport/transport_op_string.cc +52 -42
  233. data/src/core/plugin_registry/grpc_plugin_registry.cc +2 -2
  234. data/src/core/tsi/alts/frame_protector/alts_frame_protector.cc +1 -0
  235. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +21 -4
  236. data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +5 -0
  237. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +1 -1
  238. data/src/core/tsi/ssl_transport_security.cc +4 -2
  239. data/src/ruby/lib/grpc/version.rb +1 -1
  240. data/third_party/abseil-cpp/absl/base/config.h +1 -1
  241. data/third_party/abseil-cpp/absl/flags/commandlineflag.cc +34 -0
  242. data/third_party/abseil-cpp/absl/flags/commandlineflag.h +200 -0
  243. data/third_party/abseil-cpp/absl/flags/config.h +68 -0
  244. data/third_party/abseil-cpp/absl/flags/declare.h +73 -0
  245. data/third_party/abseil-cpp/absl/flags/flag.cc +38 -0
  246. data/third_party/abseil-cpp/absl/flags/flag.h +310 -0
  247. data/{src/core/lib/gprpp/global_config_custom.h → third_party/abseil-cpp/absl/flags/internal/commandlineflag.cc} +11 -14
  248. data/third_party/abseil-cpp/absl/flags/internal/commandlineflag.h +68 -0
  249. data/third_party/abseil-cpp/absl/flags/internal/flag.cc +615 -0
  250. data/third_party/abseil-cpp/absl/flags/internal/flag.h +800 -0
  251. data/third_party/abseil-cpp/absl/flags/internal/flag_msvc.inc +116 -0
  252. data/third_party/abseil-cpp/absl/flags/internal/path_util.h +62 -0
  253. data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.cc +65 -0
  254. data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.h +61 -0
  255. data/third_party/abseil-cpp/absl/flags/internal/program_name.cc +60 -0
  256. data/third_party/abseil-cpp/absl/flags/internal/program_name.h +50 -0
  257. data/third_party/abseil-cpp/absl/flags/internal/registry.h +97 -0
  258. data/third_party/abseil-cpp/absl/flags/internal/sequence_lock.h +187 -0
  259. data/third_party/abseil-cpp/absl/flags/marshalling.cc +241 -0
  260. data/third_party/abseil-cpp/absl/flags/marshalling.h +356 -0
  261. data/third_party/abseil-cpp/absl/flags/reflection.cc +354 -0
  262. data/third_party/abseil-cpp/absl/flags/reflection.h +90 -0
  263. data/third_party/abseil-cpp/absl/flags/usage_config.cc +165 -0
  264. data/third_party/abseil-cpp/absl/flags/usage_config.h +135 -0
  265. data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +12 -8
  266. data/third_party/boringssl-with-bazel/err_data.c +728 -712
  267. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +177 -177
  268. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +28 -55
  269. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_d2i_fp.c +21 -23
  270. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_dup.c +20 -23
  271. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.c +66 -185
  272. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_i2d_fp.c +18 -21
  273. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +356 -311
  274. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +174 -194
  275. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +146 -210
  276. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +6 -9
  277. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strex.c +346 -526
  278. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +110 -131
  279. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +130 -116
  280. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +93 -60
  281. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +93 -181
  282. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +242 -305
  283. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_par.c +41 -18
  284. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +30 -33
  285. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +36 -33
  286. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +29 -26
  287. data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +133 -88
  288. data/third_party/boringssl-with-bazel/src/crypto/asn1/posix_time.c +230 -0
  289. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +791 -791
  290. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +526 -526
  291. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +114 -135
  292. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +201 -207
  293. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +21 -26
  294. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +55 -68
  295. data/third_party/boringssl-with-bazel/src/crypto/base64/base64.c +2 -4
  296. data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +11 -7
  297. data/third_party/boringssl-with-bazel/src/crypto/bio/bio_mem.c +4 -4
  298. data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +15 -9
  299. data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +4 -4
  300. data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +17 -10
  301. data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +1 -3
  302. data/third_party/boringssl-with-bazel/src/crypto/bio/printf.c +0 -13
  303. data/third_party/boringssl-with-bazel/src/crypto/bio/socket.c +3 -6
  304. data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +2 -0
  305. data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +9 -5
  306. data/third_party/boringssl-with-bazel/src/crypto/bn_extra/convert.c +10 -23
  307. data/third_party/boringssl-with-bazel/src/crypto/buf/buf.c +2 -6
  308. data/third_party/boringssl-with-bazel/src/crypto/bytestring/asn1_compat.c +2 -1
  309. data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +29 -28
  310. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbb.c +161 -201
  311. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +254 -39
  312. data/third_party/boringssl-with-bazel/src/crypto/bytestring/internal.h +2 -2
  313. data/third_party/boringssl-with-bazel/src/crypto/chacha/chacha.c +0 -2
  314. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +4 -4
  315. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesctrhmac.c +9 -8
  316. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesgcmsiv.c +37 -75
  317. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +8 -10
  318. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/cipher → cipher_extra}/e_des.c +100 -78
  319. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_null.c +1 -0
  320. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc2.c +1 -0
  321. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc4.c +2 -0
  322. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +6 -12
  323. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +14 -11
  324. data/third_party/boringssl-with-bazel/src/crypto/conf/conf.c +6 -10
  325. data/third_party/boringssl-with-bazel/src/crypto/conf/conf_def.h +0 -1
  326. data/third_party/boringssl-with-bazel/src/crypto/conf/internal.h +12 -0
  327. data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_apple.c +74 -0
  328. data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_freebsd.c +62 -0
  329. data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-fuchsia.c → cpu_aarch64_fuchsia.c} +8 -7
  330. data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-linux.c → cpu_aarch64_linux.c} +6 -4
  331. data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-win.c → cpu_aarch64_win.c} +4 -4
  332. data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm.c → cpu_arm.c} +1 -1
  333. data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_freebsd.c +55 -0
  334. data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.c → cpu_arm_linux.c} +11 -90
  335. data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.h → cpu_arm_linux.h} +0 -38
  336. data/third_party/boringssl-with-bazel/src/crypto/{cpu-intel.c → cpu_intel.c} +1 -2
  337. data/third_party/boringssl-with-bazel/src/crypto/crypto.c +25 -20
  338. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +16 -27
  339. data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +17 -32
  340. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/des.c +232 -232
  341. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/internal.h +1 -1
  342. data/third_party/boringssl-with-bazel/src/crypto/dh_extra/dh_asn1.c +1 -0
  343. data/third_party/boringssl-with-bazel/src/crypto/dh_extra/params.c +232 -29
  344. data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +0 -3
  345. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +39 -16
  346. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa_asn1.c +37 -7
  347. data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +3 -3
  348. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +11 -36
  349. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +214 -99
  350. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +21 -5
  351. data/third_party/boringssl-with-bazel/src/crypto/ecdsa_extra/ecdsa_asn1.c +2 -4
  352. data/third_party/boringssl-with-bazel/src/crypto/err/err.c +83 -60
  353. data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +46 -12
  354. data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +3 -3
  355. data/third_party/boringssl-with-bazel/src/crypto/evp/evp_ctx.c +25 -23
  356. data/third_party/boringssl-with-bazel/src/crypto/evp/internal.h +43 -9
  357. data/third_party/boringssl-with-bazel/src/crypto/evp/p_dsa_asn1.c +75 -44
  358. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec.c +19 -25
  359. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec_asn1.c +96 -45
  360. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519.c +7 -8
  361. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519_asn1.c +26 -23
  362. data/third_party/boringssl-with-bazel/src/crypto/evp/p_hkdf.c +233 -0
  363. data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +5 -5
  364. data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa_asn1.c +42 -25
  365. data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519.c +4 -5
  366. data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519_asn1.c +35 -47
  367. data/third_party/boringssl-with-bazel/src/crypto/evp/print.c +135 -244
  368. data/third_party/boringssl-with-bazel/src/crypto/evp/scrypt.c +2 -4
  369. data/third_party/boringssl-with-bazel/src/crypto/evp/sign.c +15 -10
  370. data/third_party/boringssl-with-bazel/src/crypto/ex_data.c +29 -15
  371. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes.c +0 -2
  372. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +13 -14
  373. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +3 -13
  374. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/key_wrap.c +13 -7
  375. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +9 -7
  376. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +35 -27
  377. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +16 -26
  378. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bytes.c +88 -60
  379. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/cmp.c +4 -3
  380. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/ctx.c +0 -2
  381. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +1 -1
  382. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div_extra.c +1 -1
  383. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +99 -113
  384. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd.c +0 -1
  385. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd_extra.c +5 -3
  386. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/generic.c +112 -168
  387. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +86 -31
  388. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +11 -6
  389. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery_inv.c +4 -5
  390. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +4 -5
  391. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +13 -0
  392. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/random.c +13 -5
  393. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.c +19 -108
  394. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.h +19 -15
  395. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/shift.c +15 -16
  396. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/sqrt.c +22 -21
  397. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/aead.c +3 -0
  398. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +79 -19
  399. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +102 -99
  400. data/third_party/boringssl-with-bazel/src/crypto/{cipher_extra → fipsmodule/cipher}/e_aesccm.c +52 -46
  401. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/internal.h +39 -0
  402. data/third_party/boringssl-with-bazel/src/crypto/{cmac → fipsmodule/cmac}/cmac.c +55 -11
  403. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/check.c +2 -3
  404. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/dh.c +21 -6
  405. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/internal.h +56 -0
  406. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +5 -3
  407. data/third_party/boringssl-with-bazel/src/crypto/{evp → fipsmodule/digestsign}/digestsign.c +51 -15
  408. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +25 -25
  409. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +91 -17
  410. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +5 -5
  411. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +34 -12
  412. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +54 -23
  413. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +44 -60
  414. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64-table.h → p256-nistz-table.h} +1 -1
  415. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.c → p256-nistz.c} +60 -53
  416. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.h → p256-nistz.h} +5 -13
  417. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +48 -36
  418. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +2 -8
  419. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +2 -7
  420. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +2 -3
  421. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +0 -1
  422. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +8 -0
  423. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +42 -14
  424. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +6 -0
  425. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hmac/hmac.c +52 -24
  426. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +9 -15
  427. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cfb.c +1 -4
  428. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +2 -4
  429. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +71 -43
  430. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +14 -16
  431. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +1 -4
  432. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/ctrdrbg.c +31 -13
  433. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +16 -8
  434. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +3 -2
  435. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +2 -2
  436. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +9 -38
  437. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +73 -59
  438. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +11 -45
  439. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +0 -1
  440. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +22 -0
  441. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/padding.c +63 -52
  442. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +107 -62
  443. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +58 -31
  444. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +41 -0
  445. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +523 -422
  446. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/internal.h +89 -0
  447. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/service_indicator.c +334 -0
  448. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +3 -12
  449. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +2 -0
  450. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +12 -8
  451. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +14 -12
  452. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/kdf.c +19 -6
  453. data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +32 -14
  454. data/third_party/boringssl-with-bazel/src/crypto/hrss/hrss.c +65 -29
  455. data/third_party/boringssl-with-bazel/src/crypto/internal.h +373 -18
  456. data/third_party/boringssl-with-bazel/src/crypto/kyber/internal.h +61 -0
  457. data/third_party/boringssl-with-bazel/src/crypto/kyber/keccak.c +205 -0
  458. data/third_party/boringssl-with-bazel/src/crypto/lhash/internal.h +13 -1
  459. data/third_party/boringssl-with-bazel/src/crypto/mem.c +220 -13
  460. data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +19 -7
  461. data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +13 -1
  462. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_all.c +81 -90
  463. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_info.c +150 -245
  464. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +629 -613
  465. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_oth.c +17 -17
  466. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +142 -149
  467. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +99 -131
  468. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_x509.c +0 -1
  469. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_xaux.c +0 -1
  470. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +0 -1
  471. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8.c +0 -3
  472. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +36 -66
  473. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +31 -38
  474. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +2 -1
  475. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +18 -31
  476. data/third_party/boringssl-with-bazel/src/crypto/pool/internal.h +1 -0
  477. data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +8 -1
  478. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +129 -5
  479. data/third_party/boringssl-with-bazel/src/crypto/refcount_c11.c +0 -2
  480. data/third_party/boringssl-with-bazel/src/crypto/refcount_lock.c +3 -4
  481. data/third_party/boringssl-with-bazel/src/crypto/siphash/siphash.c +8 -11
  482. data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +61 -27
  483. data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +10 -13
  484. data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +10 -13
  485. data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +66 -34
  486. data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +190 -77
  487. data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +81 -284
  488. data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +109 -42
  489. data/third_party/boringssl-with-bazel/src/crypto/x509/a_digest.c +22 -24
  490. data/third_party/boringssl-with-bazel/src/crypto/x509/a_sign.c +54 -55
  491. data/third_party/boringssl-with-bazel/src/crypto/x509/a_verify.c +32 -34
  492. data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +32 -16
  493. data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +465 -704
  494. data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +284 -331
  495. data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +183 -178
  496. data/third_party/boringssl-with-bazel/src/crypto/x509/i2d_pr.c +11 -15
  497. data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +67 -50
  498. data/third_party/boringssl-with-bazel/src/crypto/x509/name_print.c +153 -150
  499. data/third_party/boringssl-with-bazel/src/crypto/x509/policy.c +786 -0
  500. data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +95 -102
  501. data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +72 -57
  502. data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +12 -10
  503. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +227 -252
  504. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509a.c +52 -47
  505. data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +3 -4
  506. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +230 -224
  507. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +161 -327
  508. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_d2.c +37 -33
  509. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_def.c +14 -31
  510. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +55 -85
  511. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +534 -618
  512. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +129 -122
  513. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +116 -182
  514. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +132 -132
  515. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +181 -202
  516. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_txt.c +64 -79
  517. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +175 -160
  518. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +1865 -2050
  519. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +433 -462
  520. data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +156 -163
  521. data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +267 -263
  522. data/third_party/boringssl-with-bazel/src/crypto/x509/x509rset.c +40 -15
  523. data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.c +59 -63
  524. data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +63 -67
  525. data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +114 -144
  526. data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +25 -26
  527. data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +326 -415
  528. data/third_party/boringssl-with-bazel/src/crypto/x509/x_exten.c +8 -7
  529. data/third_party/boringssl-with-bazel/src/crypto/x509/x_info.c +30 -28
  530. data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +354 -370
  531. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +37 -32
  532. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +116 -119
  533. data/third_party/boringssl-with-bazel/src/crypto/x509/x_req.c +36 -26
  534. data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +3 -4
  535. data/third_party/boringssl-with-bazel/src/crypto/x509/x_spki.c +10 -13
  536. data/third_party/boringssl-with-bazel/src/crypto/x509/x_val.c +3 -4
  537. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +419 -261
  538. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +113 -105
  539. data/third_party/boringssl-with-bazel/src/crypto/x509v3/ext_dat.h +11 -15
  540. data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +78 -170
  541. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +126 -131
  542. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akeya.c +3 -4
  543. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +465 -469
  544. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bcons.c +56 -54
  545. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +46 -49
  546. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +309 -346
  547. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +341 -365
  548. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_crld.c +429 -393
  549. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +29 -24
  550. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_extku.c +65 -59
  551. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +125 -121
  552. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +43 -42
  553. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +122 -125
  554. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_int.c +50 -20
  555. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +247 -253
  556. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ncons.c +386 -389
  557. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ocsp.c +45 -32
  558. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcons.c +57 -54
  559. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pmaps.c +63 -67
  560. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +143 -136
  561. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +664 -707
  562. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +83 -75
  563. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +1062 -1146
  564. data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +8 -4
  565. data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +28 -48
  566. data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +211 -187
  567. data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +26 -78
  568. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +19 -14
  569. data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +21 -2
  570. data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +49 -17
  571. data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +99 -29
  572. data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +49 -60
  573. data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +2 -15
  574. data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +16 -200
  575. data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +34 -0
  576. data/third_party/boringssl-with-bazel/src/include/openssl/ctrdrbg.h +82 -0
  577. data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +32 -30
  578. data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +7 -0
  579. data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +4 -0
  580. data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +48 -5
  581. data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h +37 -8
  582. data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +1 -0
  583. data/third_party/boringssl-with-bazel/src/include/openssl/err.h +33 -5
  584. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +22 -30
  585. data/third_party/boringssl-with-bazel/src/include/openssl/ex_data.h +1 -1
  586. data/third_party/boringssl-with-bazel/src/include/openssl/hmac.h +7 -0
  587. data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +41 -16
  588. data/third_party/boringssl-with-bazel/src/include/openssl/kdf.h +91 -0
  589. data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +74 -8
  590. data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +13 -0
  591. data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +1 -0
  592. data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +11 -15
  593. data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +8 -0
  594. data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +12 -1
  595. data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +7 -4
  596. data/third_party/boringssl-with-bazel/src/include/openssl/service_indicator.h +96 -0
  597. data/third_party/boringssl-with-bazel/src/include/openssl/span.h +13 -21
  598. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +139 -75
  599. data/third_party/boringssl-with-bazel/src/include/openssl/ssl3.h +1 -6
  600. data/third_party/boringssl-with-bazel/src/include/openssl/stack.h +384 -286
  601. data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +5 -6
  602. data/third_party/boringssl-with-bazel/src/include/openssl/time.h +41 -0
  603. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +18 -7
  604. data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +49 -23
  605. data/third_party/boringssl-with-bazel/src/include/openssl/type_check.h +0 -11
  606. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +1592 -1074
  607. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +202 -205
  608. data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +2 -2
  609. data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +6 -13
  610. data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +17 -18
  611. data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +4 -5
  612. data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +25 -33
  613. data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +34 -20
  614. data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +65 -34
  615. data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +198 -54
  616. data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +5 -5
  617. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +32 -28
  618. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +76 -44
  619. data/third_party/boringssl-with-bazel/src/ssl/internal.h +130 -98
  620. data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +27 -11
  621. data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
  622. data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +91 -75
  623. data/third_party/boringssl-with-bazel/src/ssl/ssl_aead_ctx.cc +8 -10
  624. data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +39 -65
  625. data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +1 -0
  626. data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +5 -9
  627. data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +30 -33
  628. data/third_party/boringssl-with-bazel/src/ssl/ssl_file.cc +77 -100
  629. data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +120 -107
  630. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +164 -30
  631. data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +150 -60
  632. data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +22 -11
  633. data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +22 -6
  634. data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +15 -13
  635. data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +5 -43
  636. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +7 -4
  637. data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +2 -2
  638. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +22 -34
  639. data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +2 -2
  640. data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +16 -98
  641. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +1241 -657
  642. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +751 -398
  643. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +3551 -1938
  644. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +1272 -487
  645. metadata +103 -70
  646. data/src/core/ext/filters/client_channel/lb_call_state_internal.h +0 -39
  647. data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.cc +0 -30
  648. data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.h +0 -29
  649. data/src/core/lib/gprpp/global_config.h +0 -93
  650. data/src/core/lib/gprpp/global_config_env.cc +0 -140
  651. data/src/core/lib/gprpp/global_config_env.h +0 -133
  652. data/src/core/lib/gprpp/global_config_generic.h +0 -40
  653. data/src/core/lib/promise/intra_activity_waiter.h +0 -55
  654. data/src/core/lib/security/security_connector/ssl_utils_config.cc +0 -32
  655. data/src/core/lib/security/security_connector/ssl_utils_config.h +0 -29
  656. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +0 -195
  657. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_print.c +0 -83
  658. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utf8.c +0 -236
  659. data/third_party/boringssl-with-bazel/src/crypto/asn1/charmap.h +0 -15
  660. data/third_party/boringssl-with-bazel/src/crypto/asn1/time_support.c +0 -206
  661. data/third_party/boringssl-with-bazel/src/crypto/cpu-ppc64le.c +0 -38
  662. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1-altivec.c +0 -361
  663. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_cache.c +0 -287
  664. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +0 -132
  665. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_lib.c +0 -155
  666. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_map.c +0 -131
  667. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_node.c +0 -189
  668. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_tree.c +0 -843
  669. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pci.c +0 -289
  670. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcia.c +0 -57
  671. /data/src/core/lib/gpr/{log_android.cc → android/log.cc} +0 -0
  672. /data/src/core/lib/gpr/{cpu_iphone.cc → iphone/cpu.cc} +0 -0
  673. /data/src/core/lib/gpr/{cpu_linux.cc → linux/cpu.cc} +0 -0
  674. /data/src/core/lib/gpr/{log_linux.cc → linux/log.cc} +0 -0
  675. /data/src/core/lib/gpr/{tmpfile_msys.cc → msys/tmpfile.cc} +0 -0
  676. /data/src/core/lib/gpr/{cpu_posix.cc → posix/cpu.cc} +0 -0
  677. /data/src/core/lib/gpr/{log_posix.cc → posix/log.cc} +0 -0
  678. /data/src/core/lib/gpr/{string_posix.cc → posix/string.cc} +0 -0
  679. /data/src/core/lib/gpr/{sync_posix.cc → posix/sync.cc} +0 -0
  680. /data/src/core/lib/gpr/{time_posix.cc → posix/time.cc} +0 -0
  681. /data/src/core/lib/gpr/{tmpfile_posix.cc → posix/tmpfile.cc} +0 -0
  682. /data/src/core/lib/gpr/{cpu_windows.cc → windows/cpu.cc} +0 -0
  683. /data/src/core/lib/gpr/{log_windows.cc → windows/log.cc} +0 -0
  684. /data/src/core/lib/gpr/{string_windows.cc → windows/string.cc} +0 -0
  685. /data/src/core/lib/gpr/{string_util_windows.cc → windows/string_util.cc} +0 -0
  686. /data/src/core/lib/gpr/{sync_windows.cc → windows/sync.cc} +0 -0
  687. /data/src/core/lib/gpr/{time_windows.cc → windows/time.cc} +0 -0
  688. /data/src/core/lib/gpr/{tmpfile_windows.cc → windows/tmpfile.cc} +0 -0
  689. /data/src/core/lib/gprpp/{env_linux.cc → linux/env.cc} +0 -0
  690. /data/src/core/lib/gprpp/{env_posix.cc → posix/env.cc} +0 -0
  691. /data/src/core/lib/gprpp/{stat_posix.cc → posix/stat.cc} +0 -0
  692. /data/src/core/lib/gprpp/{env_windows.cc → windows/env.cc} +0 -0
  693. /data/src/core/lib/gprpp/{stat_windows.cc → windows/stat.cc} +0 -0
@@ -62,590 +62,561 @@
62
62
  #include <openssl/x509.h>
63
63
  #include <openssl/x509v3.h>
64
64
 
65
- #include "internal.h"
66
65
  #include "../internal.h"
67
66
  #include "../x509v3/internal.h"
67
+ #include "internal.h"
68
68
 
69
69
 
70
- /* X509_VERIFY_PARAM functions */
70
+ // X509_VERIFY_PARAM functions
71
71
 
72
72
  #define SET_HOST 0
73
73
  #define ADD_HOST 1
74
74
 
75
- static char *str_copy(char *s)
76
- {
77
- return OPENSSL_strdup(s);
78
- }
79
-
80
- static void str_free(char *s)
81
- {
82
- OPENSSL_free(s);
83
- }
75
+ static void str_free(char *s) { OPENSSL_free(s); }
84
76
 
85
77
  #define string_stack_free(sk) sk_OPENSSL_STRING_pop_free(sk, str_free)
86
78
 
87
79
  static int int_x509_param_set_hosts(X509_VERIFY_PARAM *param, int mode,
88
- const char *name, size_t namelen)
89
- {
90
- char *copy;
80
+ const char *name, size_t namelen) {
81
+ char *copy;
91
82
 
92
- if (name == NULL || namelen == 0) {
93
- // Unlike OpenSSL, we reject trying to set or add an empty name.
94
- return 0;
95
- }
83
+ if (name == NULL || namelen == 0) {
84
+ // Unlike OpenSSL, we reject trying to set or add an empty name.
85
+ return 0;
86
+ }
96
87
 
97
- /*
98
- * Refuse names with embedded NUL bytes.
99
- * XXX: Do we need to push an error onto the error stack?
100
- */
101
- if (name && OPENSSL_memchr(name, '\0', namelen))
102
- return 0;
88
+ // Refuse names with embedded NUL bytes.
89
+ // XXX: Do we need to push an error onto the error stack?
90
+ if (name && OPENSSL_memchr(name, '\0', namelen)) {
91
+ return 0;
92
+ }
103
93
 
104
- if (mode == SET_HOST && param->hosts) {
105
- string_stack_free(param->hosts);
106
- param->hosts = NULL;
107
- }
94
+ if (mode == SET_HOST && param->hosts) {
95
+ string_stack_free(param->hosts);
96
+ param->hosts = NULL;
97
+ }
108
98
 
109
- copy = OPENSSL_strndup(name, namelen);
110
- if (copy == NULL)
111
- return 0;
99
+ copy = OPENSSL_strndup(name, namelen);
100
+ if (copy == NULL) {
101
+ return 0;
102
+ }
112
103
 
113
- if (param->hosts == NULL &&
114
- (param->hosts = sk_OPENSSL_STRING_new_null()) == NULL) {
115
- OPENSSL_free(copy);
116
- return 0;
117
- }
104
+ if (param->hosts == NULL &&
105
+ (param->hosts = sk_OPENSSL_STRING_new_null()) == NULL) {
106
+ OPENSSL_free(copy);
107
+ return 0;
108
+ }
118
109
 
119
- if (!sk_OPENSSL_STRING_push(param->hosts, copy)) {
120
- OPENSSL_free(copy);
121
- if (sk_OPENSSL_STRING_num(param->hosts) == 0) {
122
- sk_OPENSSL_STRING_free(param->hosts);
123
- param->hosts = NULL;
124
- }
125
- return 0;
110
+ if (!sk_OPENSSL_STRING_push(param->hosts, copy)) {
111
+ OPENSSL_free(copy);
112
+ if (sk_OPENSSL_STRING_num(param->hosts) == 0) {
113
+ sk_OPENSSL_STRING_free(param->hosts);
114
+ param->hosts = NULL;
126
115
  }
116
+ return 0;
117
+ }
118
+
119
+ return 1;
120
+ }
121
+
122
+ static void x509_verify_param_zero(X509_VERIFY_PARAM *param) {
123
+ if (!param) {
124
+ return;
125
+ }
126
+ param->name = NULL;
127
+ param->purpose = 0;
128
+ param->trust = 0;
129
+ // param->inh_flags = X509_VP_FLAG_DEFAULT;
130
+ param->inh_flags = 0;
131
+ param->flags = 0;
132
+ param->depth = -1;
133
+ if (param->policies) {
134
+ sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
135
+ param->policies = NULL;
136
+ }
137
+ if (param->hosts) {
138
+ string_stack_free(param->hosts);
139
+ param->hosts = NULL;
140
+ }
141
+ if (param->peername) {
142
+ OPENSSL_free(param->peername);
143
+ param->peername = NULL;
144
+ }
145
+ if (param->email) {
146
+ OPENSSL_free(param->email);
147
+ param->email = NULL;
148
+ param->emaillen = 0;
149
+ }
150
+ if (param->ip) {
151
+ OPENSSL_free(param->ip);
152
+ param->ip = NULL;
153
+ param->iplen = 0;
154
+ }
155
+ param->poison = 0;
156
+ }
157
+
158
+ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) {
159
+ X509_VERIFY_PARAM *param;
160
+ param = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM));
161
+ if (!param) {
162
+ return NULL;
163
+ }
164
+ OPENSSL_memset(param, 0, sizeof(X509_VERIFY_PARAM));
165
+ x509_verify_param_zero(param);
166
+ return param;
167
+ }
168
+
169
+ void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param) {
170
+ if (param == NULL) {
171
+ return;
172
+ }
173
+ x509_verify_param_zero(param);
174
+ OPENSSL_free(param);
175
+ }
176
+
177
+ //-
178
+ // This function determines how parameters are "inherited" from one structure
179
+ // to another. There are several different ways this can happen.
180
+ //
181
+ // 1. If a child structure needs to have its values initialized from a parent
182
+ // they are simply copied across. For example SSL_CTX copied to SSL.
183
+ // 2. If the structure should take on values only if they are currently unset.
184
+ // For example the values in an SSL structure will take appropriate value
185
+ // for SSL servers or clients but only if the application has not set new
186
+ // ones.
187
+ //
188
+ // The "inh_flags" field determines how this function behaves.
189
+ //
190
+ // Normally any values which are set in the default are not copied from the
191
+ // destination and verify flags are ORed together.
192
+ //
193
+ // If X509_VP_FLAG_DEFAULT is set then anything set in the source is copied
194
+ // to the destination. Effectively the values in "to" become default values
195
+ // which will be used only if nothing new is set in "from".
196
+ //
197
+ // If X509_VP_FLAG_OVERWRITE is set then all value are copied across whether
198
+ // they are set or not. Flags is still Ored though.
199
+ //
200
+ // If X509_VP_FLAG_RESET_FLAGS is set then the flags value is copied instead
201
+ // of ORed.
202
+ //
203
+ // If X509_VP_FLAG_LOCKED is set then no values are copied.
204
+ //
205
+ // If X509_VP_FLAG_ONCE is set then the current inh_flags setting is zeroed
206
+ // after the next call.
207
+
208
+ // Macro to test if a field should be copied from src to dest
127
209
 
128
- return 1;
129
- }
210
+ #define test_x509_verify_param_copy(field, def) \
211
+ (to_overwrite || \
212
+ ((src->field != (def)) && (to_default || (dest->field == (def)))))
130
213
 
131
- static void x509_verify_param_zero(X509_VERIFY_PARAM *param)
132
- {
133
- if (!param)
134
- return;
135
- param->name = NULL;
136
- param->purpose = 0;
137
- param->trust = 0;
138
- /*
139
- * param->inh_flags = X509_VP_FLAG_DEFAULT;
140
- */
141
- param->inh_flags = 0;
142
- param->flags = 0;
143
- param->depth = -1;
144
- if (param->policies) {
145
- sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
146
- param->policies = NULL;
147
- }
148
- if (param->hosts) {
149
- string_stack_free(param->hosts);
150
- param->hosts = NULL;
151
- }
152
- if (param->peername) {
153
- OPENSSL_free(param->peername);
154
- param->peername = NULL;
155
- }
156
- if (param->email) {
157
- OPENSSL_free(param->email);
158
- param->email = NULL;
159
- param->emaillen = 0;
160
- }
161
- if (param->ip) {
162
- OPENSSL_free(param->ip);
163
- param->ip = NULL;
164
- param->iplen = 0;
165
- }
166
- param->poison = 0;
167
- }
214
+ // Macro to test and copy a field if necessary
168
215
 
169
- X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
170
- {
171
- X509_VERIFY_PARAM *param;
172
- param = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM));
173
- if (!param)
174
- return NULL;
175
- OPENSSL_memset(param, 0, sizeof(X509_VERIFY_PARAM));
176
- x509_verify_param_zero(param);
177
- return param;
178
- }
216
+ #define x509_verify_param_copy(field, def) \
217
+ if (test_x509_verify_param_copy(field, def)) \
218
+ dest->field = src->field
179
219
 
180
- void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param)
181
- {
182
- if (param == NULL)
183
- return;
184
- x509_verify_param_zero(param);
185
- OPENSSL_free(param);
186
- }
220
+ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
221
+ const X509_VERIFY_PARAM *src) {
222
+ unsigned long inh_flags;
223
+ int to_default, to_overwrite;
224
+ if (!src) {
225
+ return 1;
226
+ }
227
+ inh_flags = dest->inh_flags | src->inh_flags;
187
228
 
188
- /*-
189
- * This function determines how parameters are "inherited" from one structure
190
- * to another. There are several different ways this can happen.
191
- *
192
- * 1. If a child structure needs to have its values initialized from a parent
193
- * they are simply copied across. For example SSL_CTX copied to SSL.
194
- * 2. If the structure should take on values only if they are currently unset.
195
- * For example the values in an SSL structure will take appropriate value
196
- * for SSL servers or clients but only if the application has not set new
197
- * ones.
198
- *
199
- * The "inh_flags" field determines how this function behaves.
200
- *
201
- * Normally any values which are set in the default are not copied from the
202
- * destination and verify flags are ORed together.
203
- *
204
- * If X509_VP_FLAG_DEFAULT is set then anything set in the source is copied
205
- * to the destination. Effectively the values in "to" become default values
206
- * which will be used only if nothing new is set in "from".
207
- *
208
- * If X509_VP_FLAG_OVERWRITE is set then all value are copied across whether
209
- * they are set or not. Flags is still Ored though.
210
- *
211
- * If X509_VP_FLAG_RESET_FLAGS is set then the flags value is copied instead
212
- * of ORed.
213
- *
214
- * If X509_VP_FLAG_LOCKED is set then no values are copied.
215
- *
216
- * If X509_VP_FLAG_ONCE is set then the current inh_flags setting is zeroed
217
- * after the next call.
218
- */
229
+ if (inh_flags & X509_VP_FLAG_ONCE) {
230
+ dest->inh_flags = 0;
231
+ }
219
232
 
220
- /* Macro to test if a field should be copied from src to dest */
233
+ if (inh_flags & X509_VP_FLAG_LOCKED) {
234
+ return 1;
235
+ }
221
236
 
222
- #define test_x509_verify_param_copy(field, def) \
223
- (to_overwrite || \
224
- ((src->field != (def)) && (to_default || (dest->field == (def)))))
237
+ if (inh_flags & X509_VP_FLAG_DEFAULT) {
238
+ to_default = 1;
239
+ } else {
240
+ to_default = 0;
241
+ }
225
242
 
226
- /* Macro to test and copy a field if necessary */
243
+ if (inh_flags & X509_VP_FLAG_OVERWRITE) {
244
+ to_overwrite = 1;
245
+ } else {
246
+ to_overwrite = 0;
247
+ }
227
248
 
228
- #define x509_verify_param_copy(field, def) \
229
- if (test_x509_verify_param_copy(field, def)) \
230
- dest->field = src->field
249
+ x509_verify_param_copy(purpose, 0);
250
+ x509_verify_param_copy(trust, 0);
251
+ x509_verify_param_copy(depth, -1);
231
252
 
232
- int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
233
- const X509_VERIFY_PARAM *src)
234
- {
235
- unsigned long inh_flags;
236
- int to_default, to_overwrite;
237
- if (!src)
238
- return 1;
239
- inh_flags = dest->inh_flags | src->inh_flags;
240
-
241
- if (inh_flags & X509_VP_FLAG_ONCE)
242
- dest->inh_flags = 0;
243
-
244
- if (inh_flags & X509_VP_FLAG_LOCKED)
245
- return 1;
246
-
247
- if (inh_flags & X509_VP_FLAG_DEFAULT)
248
- to_default = 1;
249
- else
250
- to_default = 0;
251
-
252
- if (inh_flags & X509_VP_FLAG_OVERWRITE)
253
- to_overwrite = 1;
254
- else
255
- to_overwrite = 0;
256
-
257
- x509_verify_param_copy(purpose, 0);
258
- x509_verify_param_copy(trust, 0);
259
- x509_verify_param_copy(depth, -1);
260
-
261
- /* If overwrite or check time not set, copy across */
262
-
263
- if (to_overwrite || !(dest->flags & X509_V_FLAG_USE_CHECK_TIME)) {
264
- dest->check_time = src->check_time;
265
- dest->flags &= ~X509_V_FLAG_USE_CHECK_TIME;
266
- /* Don't need to copy flag: that is done below */
267
- }
253
+ // If overwrite or check time not set, copy across
254
+
255
+ if (to_overwrite || !(dest->flags & X509_V_FLAG_USE_CHECK_TIME)) {
256
+ dest->check_time = src->check_time;
257
+ dest->flags &= ~X509_V_FLAG_USE_CHECK_TIME;
258
+ // Don't need to copy flag: that is done below
259
+ }
268
260
 
269
- if (inh_flags & X509_VP_FLAG_RESET_FLAGS)
270
- dest->flags = 0;
261
+ if (inh_flags & X509_VP_FLAG_RESET_FLAGS) {
262
+ dest->flags = 0;
263
+ }
271
264
 
272
- dest->flags |= src->flags;
265
+ dest->flags |= src->flags;
273
266
 
274
- if (test_x509_verify_param_copy(policies, NULL)) {
275
- if (!X509_VERIFY_PARAM_set1_policies(dest, src->policies))
276
- return 0;
267
+ if (test_x509_verify_param_copy(policies, NULL)) {
268
+ if (!X509_VERIFY_PARAM_set1_policies(dest, src->policies)) {
269
+ return 0;
277
270
  }
271
+ }
278
272
 
279
- /* Copy the host flags if and only if we're copying the host list */
280
- if (test_x509_verify_param_copy(hosts, NULL)) {
281
- if (dest->hosts) {
282
- string_stack_free(dest->hosts);
283
- dest->hosts = NULL;
284
- }
285
- if (src->hosts) {
286
- dest->hosts =
287
- sk_OPENSSL_STRING_deep_copy(src->hosts, str_copy, str_free);
288
- if (dest->hosts == NULL)
289
- return 0;
290
- dest->hostflags = src->hostflags;
291
- }
273
+ // Copy the host flags if and only if we're copying the host list
274
+ if (test_x509_verify_param_copy(hosts, NULL)) {
275
+ if (dest->hosts) {
276
+ string_stack_free(dest->hosts);
277
+ dest->hosts = NULL;
292
278
  }
279
+ if (src->hosts) {
280
+ dest->hosts =
281
+ sk_OPENSSL_STRING_deep_copy(src->hosts, OPENSSL_strdup, str_free);
282
+ if (dest->hosts == NULL) {
283
+ return 0;
284
+ }
285
+ dest->hostflags = src->hostflags;
286
+ }
287
+ }
293
288
 
294
- if (test_x509_verify_param_copy(email, NULL)) {
295
- if (!X509_VERIFY_PARAM_set1_email(dest, src->email, src->emaillen))
296
- return 0;
289
+ if (test_x509_verify_param_copy(email, NULL)) {
290
+ if (!X509_VERIFY_PARAM_set1_email(dest, src->email, src->emaillen)) {
291
+ return 0;
297
292
  }
293
+ }
298
294
 
299
- if (test_x509_verify_param_copy(ip, NULL)) {
300
- if (!X509_VERIFY_PARAM_set1_ip(dest, src->ip, src->iplen))
301
- return 0;
295
+ if (test_x509_verify_param_copy(ip, NULL)) {
296
+ if (!X509_VERIFY_PARAM_set1_ip(dest, src->ip, src->iplen)) {
297
+ return 0;
302
298
  }
299
+ }
303
300
 
304
- dest->poison = src->poison;
301
+ dest->poison = src->poison;
305
302
 
306
- return 1;
303
+ return 1;
307
304
  }
308
305
 
309
306
  int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
310
- const X509_VERIFY_PARAM *from)
311
- {
312
- unsigned long save_flags = to->inh_flags;
313
- int ret;
314
- to->inh_flags |= X509_VP_FLAG_DEFAULT;
315
- ret = X509_VERIFY_PARAM_inherit(to, from);
316
- to->inh_flags = save_flags;
317
- return ret;
318
- }
319
-
320
- static int int_x509_param_set1(char **pdest, size_t *pdestlen,
321
- const char *src, size_t srclen)
322
- {
323
- void *tmp;
324
- if (src == NULL || srclen == 0) {
325
- // Unlike OpenSSL, we do not allow an empty string to disable previously
326
- // configured checks.
327
- return 0;
328
- }
329
-
330
- tmp = OPENSSL_memdup(src, srclen);
331
- if (!tmp) {
332
- return 0;
333
- }
307
+ const X509_VERIFY_PARAM *from) {
308
+ unsigned long save_flags = to->inh_flags;
309
+ int ret;
310
+ to->inh_flags |= X509_VP_FLAG_DEFAULT;
311
+ ret = X509_VERIFY_PARAM_inherit(to, from);
312
+ to->inh_flags = save_flags;
313
+ return ret;
314
+ }
315
+
316
+ static int int_x509_param_set1(char **pdest, size_t *pdestlen, const char *src,
317
+ size_t srclen) {
318
+ void *tmp;
319
+ if (src == NULL || srclen == 0) {
320
+ // Unlike OpenSSL, we do not allow an empty string to disable previously
321
+ // configured checks.
322
+ return 0;
323
+ }
334
324
 
335
- if (*pdest)
336
- OPENSSL_free(*pdest);
337
- *pdest = tmp;
338
- if (pdestlen)
339
- *pdestlen = srclen;
325
+ tmp = OPENSSL_memdup(src, srclen);
326
+ if (!tmp) {
327
+ return 0;
328
+ }
329
+
330
+ if (*pdest) {
331
+ OPENSSL_free(*pdest);
332
+ }
333
+ *pdest = tmp;
334
+ if (pdestlen) {
335
+ *pdestlen = srclen;
336
+ }
337
+ return 1;
338
+ }
339
+
340
+ int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name) {
341
+ if (param->name) {
342
+ OPENSSL_free(param->name);
343
+ }
344
+ param->name = OPENSSL_strdup(name);
345
+ if (param->name) {
340
346
  return 1;
347
+ }
348
+ return 0;
341
349
  }
342
350
 
343
- int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name)
344
- {
345
- if (param->name)
346
- OPENSSL_free(param->name);
347
- param->name = OPENSSL_strdup(name);
348
- if (param->name)
349
- return 1;
350
- return 0;
351
+ int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags) {
352
+ param->flags |= flags;
353
+ if (flags & X509_V_FLAG_POLICY_MASK) {
354
+ param->flags |= X509_V_FLAG_POLICY_CHECK;
355
+ }
356
+ return 1;
351
357
  }
352
358
 
353
- int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags)
354
- {
355
- param->flags |= flags;
356
- if (flags & X509_V_FLAG_POLICY_MASK)
357
- param->flags |= X509_V_FLAG_POLICY_CHECK;
358
- return 1;
359
+ int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
360
+ unsigned long flags) {
361
+ param->flags &= ~flags;
362
+ return 1;
359
363
  }
360
364
 
361
- int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
362
- unsigned long flags)
363
- {
364
- param->flags &= ~flags;
365
- return 1;
365
+ unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param) {
366
+ return param->flags;
366
367
  }
367
368
 
368
- unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param)
369
- {
370
- return param->flags;
369
+ int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose) {
370
+ return X509_PURPOSE_set(&param->purpose, purpose);
371
371
  }
372
372
 
373
- int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose)
374
- {
375
- return X509_PURPOSE_set(&param->purpose, purpose);
373
+ int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust) {
374
+ return X509_TRUST_set(&param->trust, trust);
376
375
  }
377
376
 
378
- int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust)
379
- {
380
- return X509_TRUST_set(&param->trust, trust);
377
+ void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth) {
378
+ param->depth = depth;
381
379
  }
382
380
 
383
- void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth)
384
- {
385
- param->depth = depth;
381
+ void X509_VERIFY_PARAM_set_time_posix(X509_VERIFY_PARAM *param, int64_t t) {
382
+ param->check_time = t;
383
+ param->flags |= X509_V_FLAG_USE_CHECK_TIME;
386
384
  }
387
385
 
388
- void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t)
389
- {
390
- param->check_time = t;
391
- param->flags |= X509_V_FLAG_USE_CHECK_TIME;
386
+ void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t) {
387
+ X509_VERIFY_PARAM_set_time_posix(param, t);
392
388
  }
393
389
 
394
390
  int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
395
- ASN1_OBJECT *policy)
396
- {
391
+ ASN1_OBJECT *policy) {
392
+ if (!param->policies) {
393
+ param->policies = sk_ASN1_OBJECT_new_null();
397
394
  if (!param->policies) {
398
- param->policies = sk_ASN1_OBJECT_new_null();
399
- if (!param->policies)
400
- return 0;
395
+ return 0;
401
396
  }
402
- if (!sk_ASN1_OBJECT_push(param->policies, policy))
403
- return 0;
404
- return 1;
397
+ }
398
+ if (!sk_ASN1_OBJECT_push(param->policies, policy)) {
399
+ return 0;
400
+ }
401
+ // TODO(davidben): This does not set |X509_V_FLAG_POLICY_CHECK|, while
402
+ // |X509_VERIFY_PARAM_set1_policies| does. Is this a bug?
403
+ return 1;
405
404
  }
406
405
 
407
406
  int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
408
- STACK_OF(ASN1_OBJECT) *policies)
409
- {
410
- size_t i;
411
- ASN1_OBJECT *oid, *doid;
412
- if (!param)
413
- return 0;
414
- if (param->policies)
415
- sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
407
+ const STACK_OF(ASN1_OBJECT) *policies) {
408
+ if (!param) {
409
+ return 0;
410
+ }
416
411
 
417
- if (!policies) {
418
- param->policies = NULL;
419
- return 1;
420
- }
412
+ sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
413
+ if (!policies) {
414
+ param->policies = NULL;
415
+ return 1;
416
+ }
421
417
 
422
- param->policies = sk_ASN1_OBJECT_new_null();
423
- if (!param->policies)
424
- return 0;
418
+ param->policies =
419
+ sk_ASN1_OBJECT_deep_copy(policies, OBJ_dup, ASN1_OBJECT_free);
420
+ if (!param->policies) {
421
+ return 0;
422
+ }
425
423
 
426
- for (i = 0; i < sk_ASN1_OBJECT_num(policies); i++) {
427
- oid = sk_ASN1_OBJECT_value(policies, i);
428
- doid = OBJ_dup(oid);
429
- if (!doid)
430
- return 0;
431
- if (!sk_ASN1_OBJECT_push(param->policies, doid)) {
432
- ASN1_OBJECT_free(doid);
433
- return 0;
434
- }
435
- }
436
- param->flags |= X509_V_FLAG_POLICY_CHECK;
437
- return 1;
424
+ param->flags |= X509_V_FLAG_POLICY_CHECK;
425
+ return 1;
438
426
  }
439
427
 
440
- int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
441
- const char *name, size_t namelen)
442
- {
443
- if (!int_x509_param_set_hosts(param, SET_HOST, name, namelen)) {
444
- param->poison = 1;
445
- return 0;
446
- }
447
- return 1;
428
+ int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, const char *name,
429
+ size_t namelen) {
430
+ if (!int_x509_param_set_hosts(param, SET_HOST, name, namelen)) {
431
+ param->poison = 1;
432
+ return 0;
433
+ }
434
+ return 1;
448
435
  }
449
436
 
450
- int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
451
- const char *name, size_t namelen)
452
- {
453
- if (!int_x509_param_set_hosts(param, ADD_HOST, name, namelen)) {
454
- param->poison = 1;
455
- return 0;
456
- }
457
- return 1;
437
+ int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, const char *name,
438
+ size_t namelen) {
439
+ if (!int_x509_param_set_hosts(param, ADD_HOST, name, namelen)) {
440
+ param->poison = 1;
441
+ return 0;
442
+ }
443
+ return 1;
458
444
  }
459
445
 
460
446
  void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
461
- unsigned int flags)
462
- {
463
- param->hostflags = flags;
447
+ unsigned int flags) {
448
+ param->hostflags = flags;
464
449
  }
465
450
 
466
- char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param)
467
- {
468
- return param->peername;
451
+ char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param) {
452
+ return param->peername;
469
453
  }
470
454
 
471
- int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
472
- const char *email, size_t emaillen)
473
- {
474
- if (OPENSSL_memchr(email, '\0', emaillen) != NULL ||
475
- !int_x509_param_set1(&param->email, &param->emaillen,
476
- email, emaillen)) {
477
- param->poison = 1;
478
- return 0;
479
- }
455
+ int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, const char *email,
456
+ size_t emaillen) {
457
+ if (OPENSSL_memchr(email, '\0', emaillen) != NULL ||
458
+ !int_x509_param_set1(&param->email, &param->emaillen, email, emaillen)) {
459
+ param->poison = 1;
460
+ return 0;
461
+ }
480
462
 
481
- return 1;
463
+ return 1;
482
464
  }
483
465
 
484
- int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
485
- const unsigned char *ip, size_t iplen)
486
- {
487
- if ((iplen != 4 && iplen != 16) ||
488
- !int_x509_param_set1((char **)&param->ip, &param->iplen,
489
- (char *)ip, iplen)) {
490
- param->poison = 1;
491
- return 0;
492
- }
466
+ int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, const unsigned char *ip,
467
+ size_t iplen) {
468
+ if ((iplen != 4 && iplen != 16) ||
469
+ !int_x509_param_set1((char **)&param->ip, &param->iplen, (char *)ip,
470
+ iplen)) {
471
+ param->poison = 1;
472
+ return 0;
473
+ }
493
474
 
494
- return 1;
475
+ return 1;
495
476
  }
496
477
 
497
- int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc)
498
- {
499
- unsigned char ipout[16];
500
- size_t iplen;
478
+ int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc) {
479
+ unsigned char ipout[16];
480
+ size_t iplen;
501
481
 
502
- iplen = (size_t)x509v3_a2i_ipadd(ipout, ipasc);
503
- if (iplen == 0)
504
- return 0;
505
- return X509_VERIFY_PARAM_set1_ip(param, ipout, iplen);
482
+ iplen = (size_t)x509v3_a2i_ipadd(ipout, ipasc);
483
+ if (iplen == 0) {
484
+ return 0;
485
+ }
486
+ return X509_VERIFY_PARAM_set1_ip(param, ipout, iplen);
506
487
  }
507
488
 
508
- int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param)
509
- {
510
- return param->depth;
489
+ int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param) {
490
+ return param->depth;
511
491
  }
512
492
 
513
- const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param)
514
- {
515
- return param->name;
493
+ const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param) {
494
+ return param->name;
516
495
  }
517
496
 
518
497
  #define vpm_empty_id NULL, 0U, NULL, NULL, 0, NULL, 0, 0
519
498
 
520
- /*
521
- * Default verify parameters: these are used for various applications and can
522
- * be overridden by the user specified table. NB: the 'name' field *must* be
523
- * in alphabetical order because it will be searched using OBJ_search.
524
- */
499
+ // Default verify parameters: these are used for various applications and can
500
+ // be overridden by the user specified table. NB: the 'name' field *must* be
501
+ // in alphabetical order because it will be searched using OBJ_search.
525
502
 
526
503
  static const X509_VERIFY_PARAM default_table[] = {
527
- {
528
- (char *)"default", /* X509 default parameters */
529
- 0, /* Check time */
530
- 0, /* internal flags */
531
- X509_V_FLAG_TRUSTED_FIRST, /* flags */
532
- 0, /* purpose */
533
- 0, /* trust */
534
- 100, /* depth */
535
- NULL, /* policies */
504
+ {(char *)"default", // X509 default parameters
505
+ 0, // Check time
506
+ 0, // internal flags
507
+ X509_V_FLAG_TRUSTED_FIRST, // flags
508
+ 0, // purpose
509
+ 0, // trust
510
+ 100, // depth
511
+ NULL, // policies
536
512
  vpm_empty_id},
537
- {
538
- (char *)"pkcs7", /* S/MIME sign parameters */
539
- 0, /* Check time */
540
- 0, /* internal flags */
541
- 0, /* flags */
542
- X509_PURPOSE_SMIME_SIGN, /* purpose */
543
- X509_TRUST_EMAIL, /* trust */
544
- -1, /* depth */
545
- NULL, /* policies */
513
+ {(char *)"pkcs7", // S/MIME sign parameters
514
+ 0, // Check time
515
+ 0, // internal flags
516
+ 0, // flags
517
+ X509_PURPOSE_SMIME_SIGN, // purpose
518
+ X509_TRUST_EMAIL, // trust
519
+ -1, // depth
520
+ NULL, // policies
546
521
  vpm_empty_id},
547
- {
548
- (char *)"smime_sign", /* S/MIME sign parameters */
549
- 0, /* Check time */
550
- 0, /* internal flags */
551
- 0, /* flags */
552
- X509_PURPOSE_SMIME_SIGN, /* purpose */
553
- X509_TRUST_EMAIL, /* trust */
554
- -1, /* depth */
555
- NULL, /* policies */
522
+ {(char *)"smime_sign", // S/MIME sign parameters
523
+ 0, // Check time
524
+ 0, // internal flags
525
+ 0, // flags
526
+ X509_PURPOSE_SMIME_SIGN, // purpose
527
+ X509_TRUST_EMAIL, // trust
528
+ -1, // depth
529
+ NULL, // policies
556
530
  vpm_empty_id},
557
- {
558
- (char *)"ssl_client", /* SSL/TLS client parameters */
559
- 0, /* Check time */
560
- 0, /* internal flags */
561
- 0, /* flags */
562
- X509_PURPOSE_SSL_CLIENT, /* purpose */
563
- X509_TRUST_SSL_CLIENT, /* trust */
564
- -1, /* depth */
565
- NULL, /* policies */
531
+ {(char *)"ssl_client", // SSL/TLS client parameters
532
+ 0, // Check time
533
+ 0, // internal flags
534
+ 0, // flags
535
+ X509_PURPOSE_SSL_CLIENT, // purpose
536
+ X509_TRUST_SSL_CLIENT, // trust
537
+ -1, // depth
538
+ NULL, // policies
566
539
  vpm_empty_id},
567
- {
568
- (char *)"ssl_server", /* SSL/TLS server parameters */
569
- 0, /* Check time */
570
- 0, /* internal flags */
571
- 0, /* flags */
572
- X509_PURPOSE_SSL_SERVER, /* purpose */
573
- X509_TRUST_SSL_SERVER, /* trust */
574
- -1, /* depth */
575
- NULL, /* policies */
576
- vpm_empty_id}
577
- };
540
+ {(char *)"ssl_server", // SSL/TLS server parameters
541
+ 0, // Check time
542
+ 0, // internal flags
543
+ 0, // flags
544
+ X509_PURPOSE_SSL_SERVER, // purpose
545
+ X509_TRUST_SSL_SERVER, // trust
546
+ -1, // depth
547
+ NULL, // policies
548
+ vpm_empty_id}};
578
549
 
579
550
  static STACK_OF(X509_VERIFY_PARAM) *param_table = NULL;
580
551
 
581
- static int param_cmp(const X509_VERIFY_PARAM **a, const X509_VERIFY_PARAM **b)
582
- {
583
- return strcmp((*a)->name, (*b)->name);
552
+ static int param_cmp(const X509_VERIFY_PARAM **a, const X509_VERIFY_PARAM **b) {
553
+ return strcmp((*a)->name, (*b)->name);
584
554
  }
585
555
 
586
- int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param)
587
- {
588
- X509_VERIFY_PARAM *ptmp;
556
+ int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param) {
557
+ X509_VERIFY_PARAM *ptmp;
558
+ if (!param_table) {
559
+ param_table = sk_X509_VERIFY_PARAM_new(param_cmp);
589
560
  if (!param_table) {
590
- param_table = sk_X509_VERIFY_PARAM_new(param_cmp);
591
- if (!param_table)
592
- return 0;
593
- } else {
594
- size_t idx;
595
-
596
- sk_X509_VERIFY_PARAM_sort(param_table);
597
- if (sk_X509_VERIFY_PARAM_find(param_table, &idx, param)) {
598
- ptmp = sk_X509_VERIFY_PARAM_value(param_table, idx);
599
- X509_VERIFY_PARAM_free(ptmp);
600
- (void)sk_X509_VERIFY_PARAM_delete(param_table, idx);
601
- }
561
+ return 0;
602
562
  }
603
- if (!sk_X509_VERIFY_PARAM_push(param_table, param))
604
- return 0;
605
- return 1;
563
+ } else {
564
+ size_t idx;
565
+
566
+ sk_X509_VERIFY_PARAM_sort(param_table);
567
+ if (sk_X509_VERIFY_PARAM_find(param_table, &idx, param)) {
568
+ ptmp = sk_X509_VERIFY_PARAM_value(param_table, idx);
569
+ X509_VERIFY_PARAM_free(ptmp);
570
+ (void)sk_X509_VERIFY_PARAM_delete(param_table, idx);
571
+ }
572
+ }
573
+ if (!sk_X509_VERIFY_PARAM_push(param_table, param)) {
574
+ return 0;
575
+ }
576
+ return 1;
606
577
  }
607
578
 
608
- int X509_VERIFY_PARAM_get_count(void)
609
- {
610
- int num = sizeof(default_table) / sizeof(X509_VERIFY_PARAM);
611
- if (param_table)
612
- num += sk_X509_VERIFY_PARAM_num(param_table);
613
- return num;
579
+ int X509_VERIFY_PARAM_get_count(void) {
580
+ int num = sizeof(default_table) / sizeof(X509_VERIFY_PARAM);
581
+ if (param_table) {
582
+ num += sk_X509_VERIFY_PARAM_num(param_table);
583
+ }
584
+ return num;
614
585
  }
615
586
 
616
- const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id)
617
- {
618
- int num = sizeof(default_table) / sizeof(X509_VERIFY_PARAM);
619
- if (id < num)
620
- return default_table + id;
621
- return sk_X509_VERIFY_PARAM_value(param_table, id - num);
587
+ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id) {
588
+ int num = sizeof(default_table) / sizeof(X509_VERIFY_PARAM);
589
+ if (id < num) {
590
+ return default_table + id;
591
+ }
592
+ return sk_X509_VERIFY_PARAM_value(param_table, id - num);
622
593
  }
623
594
 
624
- const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name)
625
- {
626
- X509_VERIFY_PARAM pm;
627
- unsigned i, limit;
595
+ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name) {
596
+ X509_VERIFY_PARAM pm;
597
+ unsigned i, limit;
628
598
 
629
- pm.name = (char *)name;
630
- if (param_table) {
631
- size_t idx;
632
- sk_X509_VERIFY_PARAM_sort(param_table);
633
- if (sk_X509_VERIFY_PARAM_find(param_table, &idx, &pm))
634
- return sk_X509_VERIFY_PARAM_value(param_table, idx);
599
+ pm.name = (char *)name;
600
+ if (param_table) {
601
+ size_t idx;
602
+ sk_X509_VERIFY_PARAM_sort(param_table);
603
+ if (sk_X509_VERIFY_PARAM_find(param_table, &idx, &pm)) {
604
+ return sk_X509_VERIFY_PARAM_value(param_table, idx);
635
605
  }
606
+ }
636
607
 
637
- limit = sizeof(default_table) / sizeof(X509_VERIFY_PARAM);
638
- for (i = 0; i < limit; i++) {
639
- if (strcmp(default_table[i].name, name) == 0) {
640
- return &default_table[i];
641
- }
608
+ limit = sizeof(default_table) / sizeof(X509_VERIFY_PARAM);
609
+ for (i = 0; i < limit; i++) {
610
+ if (strcmp(default_table[i].name, name) == 0) {
611
+ return &default_table[i];
642
612
  }
643
- return NULL;
613
+ }
614
+ return NULL;
644
615
  }
645
616
 
646
- void X509_VERIFY_PARAM_table_cleanup(void)
647
- {
648
- if (param_table)
649
- sk_X509_VERIFY_PARAM_pop_free(param_table, X509_VERIFY_PARAM_free);
650
- param_table = NULL;
617
+ void X509_VERIFY_PARAM_table_cleanup(void) {
618
+ if (param_table) {
619
+ sk_X509_VERIFY_PARAM_pop_free(param_table, X509_VERIFY_PARAM_free);
620
+ }
621
+ param_table = NULL;
651
622
  }