gavxin/path.diff

## path.diff
diff --git a/3rdparty/grpc/src/core/lib/security/credentials/jwt/jwt_verifier.c b/3rdparty/grpc/src/core/lib/security/credentials/jwt/jwt_verifier.c
index 0e2a264..61f262c 100644
--- a/3rdparty/grpc/src/core/lib/security/credentials/jwt/jwt_verifier.c
+++ b/3rdparty/grpc/src/core/lib/security/credentials/jwt/jwt_verifier.c
@@ -482,6 +482,7 @@ static EVP_PKEY *pkey_from_jwk(grpc_exec_ctx *exec_ctx, const grpc_json *json,
   const grpc_json *key_prop;
   RSA *rsa = NULL;
   EVP_PKEY *result = NULL;
+  BIGNUM *n = NULL, *e = NULL;

   GPR_ASSERT(kty != NULL && json != NULL);
   if (strcmp(kty, "RSA") != 0) {
@@ -493,26 +494,33 @@ static EVP_PKEY *pkey_from_jwk(grpc_exec_ctx *exec_ctx, const grpc_json *json,
     gpr_log(GPR_ERROR, "Could not create rsa key.");
     goto end;
   }
+
   for (key_prop = json->child; key_prop != NULL; key_prop = key_prop->next) {
     if (strcmp(key_prop->key, "n") == 0) {
-      rsa->n =
-          bignum_from_base64(exec_ctx, validate_string_field(key_prop, "n"));
-      if (rsa->n == NULL) goto end;
+      n = bignum_from_base64(exec_ctx, validate_string_field(key_prop, "n"));
+      if (n == NULL) goto end;
     } else if (strcmp(key_prop->key, "e") == 0) {
-      rsa->e =
-          bignum_from_base64(exec_ctx, validate_string_field(key_prop, "e"));
-      if (rsa->e == NULL) goto end;
+      e = bignum_from_base64(exec_ctx, validate_string_field(key_prop, "e"));
+      if (e == NULL) goto end;
     }
   }
-  if (rsa->e == NULL || rsa->n == NULL) {
+  if (e == NULL || n == NULL) {
     gpr_log(GPR_ERROR, "Missing RSA public key field.");
     goto end;
   }
+  if (RSA_set0_key(rsa, n, e, NULL)) {
+    n = e = NULL; // Now owned by the RSA object
+  } else {
+    goto end;
+  }
+
   result = EVP_PKEY_new();
   EVP_PKEY_set1_RSA(result, rsa); /* uprefs rsa. */

 end:
   if (rsa != NULL) RSA_free(rsa);
+  if (n != NULL) BN_free(n);
+  if (e != NULL) BN_free(e);
   return result;
 }

diff --git a/3rdparty/grpc/src/core/tsi/ssl_transport_security.c b/3rdparty/grpc/src/core/tsi/ssl_transport_security.c
index 984f745..cee35c1 100644
--- a/3rdparty/grpc/src/core/tsi/ssl_transport_security.c
+++ b/3rdparty/grpc/src/core/tsi/ssl_transport_security.c
@@ -832,12 +832,14 @@ static tsi_result ssl_protector_unprotect(

   /* Then, try to write some data to ssl. */
   GPR_ASSERT(*protected_frames_bytes_size <= INT_MAX);
-  written_into_ssl = BIO_write(impl->into_ssl, protected_frames_bytes,
-                               (int)*protected_frames_bytes_size);
-  if (written_into_ssl < 0) {
-    gpr_log(GPR_ERROR, "Sending protected frame to ssl failed with %d",
-            written_into_ssl);
-    return TSI_INTERNAL_ERROR;
+  if (*protected_frames_bytes_size > 0) {
+    written_into_ssl = BIO_write(impl->into_ssl, protected_frames_bytes,
+                                 (int)*protected_frames_bytes_size);
+    if (written_into_ssl < 0) {
+      gpr_log(GPR_ERROR, "Sending protected frame to ssl failed with %d",
+              written_into_ssl);
+      return TSI_INTERNAL_ERROR;
+    }
   }
   *protected_frames_bytes_size = (size_t)written_into_ssl;

@@ -1295,7 +1297,7 @@ tsi_result tsi_create_ssl_client_handshaker_factory(
   *factory = NULL;
   if (pem_root_certs == NULL) return TSI_INVALID_ARGUMENT;

-  ssl_context = SSL_CTX_new(TLSv1_2_method());
+  ssl_context = SSL_CTX_new(TLS_method());
   if (ssl_context == NULL) {
     gpr_log(GPR_ERROR, "Could not create ssl context.");
     return TSI_INVALID_ARGUMENT;
@@ -1305,6 +1307,11 @@ tsi_result tsi_create_ssl_client_handshaker_factory(
   impl->ssl_context = ssl_context;

   do {
+    result = SSL_CTX_set_min_proto_version(ssl_context, TLS1_2_VERSION);
+    if (result != 1) {
+      gpr_log(GPR_ERROR, "Could not set minimum TLS version.");
+      break;
+    }
     result =
         populate_ssl_context(ssl_context, pem_private_key, pem_private_key_size,
                              pem_cert_chain, pem_cert_chain_size, cipher_list);
@@ -1415,12 +1422,17 @@ tsi_result tsi_create_ssl_server_handshaker_factory_ex(

   for (i = 0; i < key_cert_pair_count; i++) {
     do {
-      impl->ssl_contexts[i] = SSL_CTX_new(TLSv1_2_method());
+      impl->ssl_contexts[i] = SSL_CTX_new(TLS_method());
       if (impl->ssl_contexts[i] == NULL) {
         gpr_log(GPR_ERROR, "Could not create ssl context.");
         result = TSI_OUT_OF_RESOURCES;
         break;
       }
+      result = SSL_CTX_set_min_proto_version(impl->ssl_contexts[i], TLS1_2_VERSION);
+      if (result != 1) {
+        gpr_log(GPR_ERROR, "Could not set minimum TLS version.");
+        break;
+      }
       result = populate_ssl_context(
           impl->ssl_contexts[i], pem_private_keys[i], pem_private_keys_sizes[i],
           pem_cert_chains[i], pem_cert_chains_sizes[i], cipher_list);
	diff --git a/3rdparty/grpc/src/core/lib/security/credentials/jwt/jwt_verifier.c b/3rdparty/grpc/src/core/lib/security/credentials/jwt/jwt_verifier.c
	index 0e2a264..61f262c 100644
	--- a/3rdparty/grpc/src/core/lib/security/credentials/jwt/jwt_verifier.c
	+++ b/3rdparty/grpc/src/core/lib/security/credentials/jwt/jwt_verifier.c
	@@ -482,6 +482,7 @@ static EVP_PKEY pkey_from_jwk(grpc_exec_ctx exec_ctx, const grpc_json *json,
	const grpc_json *key_prop;
	RSA *rsa = NULL;
	EVP_PKEY *result = NULL;
	+ BIGNUM n = NULL, e = NULL;

	GPR_ASSERT(kty != NULL && json != NULL);
	if (strcmp(kty, "RSA") != 0) {
	@@ -493,26 +494,33 @@ static EVP_PKEY pkey_from_jwk(grpc_exec_ctx exec_ctx, const grpc_json *json,
	gpr_log(GPR_ERROR, "Could not create rsa key.");
	goto end;
	}
	+
	for (key_prop = json->child; key_prop != NULL; key_prop = key_prop->next) {
	if (strcmp(key_prop->key, "n") == 0) {
	- rsa->n =
	- bignum_from_base64(exec_ctx, validate_string_field(key_prop, "n"));
	- if (rsa->n == NULL) goto end;
	+ n = bignum_from_base64(exec_ctx, validate_string_field(key_prop, "n"));
	+ if (n == NULL) goto end;
	} else if (strcmp(key_prop->key, "e") == 0) {
	- rsa->e =
	- bignum_from_base64(exec_ctx, validate_string_field(key_prop, "e"));
	- if (rsa->e == NULL) goto end;
	+ e = bignum_from_base64(exec_ctx, validate_string_field(key_prop, "e"));
	+ if (e == NULL) goto end;
	}
	}
	- if (rsa->e == NULL \|\| rsa->n == NULL) {
	+ if (e == NULL \|\| n == NULL) {
	gpr_log(GPR_ERROR, "Missing RSA public key field.");
	goto end;
	}
	+ if (RSA_set0_key(rsa, n, e, NULL)) {
	+ n = e = NULL; // Now owned by the RSA object
	+ } else {
	+ goto end;
	+ }
	+
	result = EVP_PKEY_new();
	EVP_PKEY_set1_RSA(result, rsa); /* uprefs rsa. */

	end:
	if (rsa != NULL) RSA_free(rsa);
	+ if (n != NULL) BN_free(n);
	+ if (e != NULL) BN_free(e);
	return result;
	}

	diff --git a/3rdparty/grpc/src/core/tsi/ssl_transport_security.c b/3rdparty/grpc/src/core/tsi/ssl_transport_security.c
	index 984f745..cee35c1 100644
	--- a/3rdparty/grpc/src/core/tsi/ssl_transport_security.c
	+++ b/3rdparty/grpc/src/core/tsi/ssl_transport_security.c
	@@ -832,12 +832,14 @@ static tsi_result ssl_protector_unprotect(

	/* Then, try to write some data to ssl. */
	GPR_ASSERT(*protected_frames_bytes_size <= INT_MAX);
	- written_into_ssl = BIO_write(impl->into_ssl, protected_frames_bytes,
	- (int)*protected_frames_bytes_size);
	- if (written_into_ssl < 0) {
	- gpr_log(GPR_ERROR, "Sending protected frame to ssl failed with %d",
	- written_into_ssl);
	- return TSI_INTERNAL_ERROR;
	+ if (*protected_frames_bytes_size > 0) {
	+ written_into_ssl = BIO_write(impl->into_ssl, protected_frames_bytes,
	+ (int)*protected_frames_bytes_size);
	+ if (written_into_ssl < 0) {
	+ gpr_log(GPR_ERROR, "Sending protected frame to ssl failed with %d",
	+ written_into_ssl);
	+ return TSI_INTERNAL_ERROR;
	+ }
	}
	*protected_frames_bytes_size = (size_t)written_into_ssl;

	@@ -1295,7 +1297,7 @@ tsi_result tsi_create_ssl_client_handshaker_factory(
	*factory = NULL;
	if (pem_root_certs == NULL) return TSI_INVALID_ARGUMENT;

	- ssl_context = SSL_CTX_new(TLSv1_2_method());
	+ ssl_context = SSL_CTX_new(TLS_method());
	if (ssl_context == NULL) {
	gpr_log(GPR_ERROR, "Could not create ssl context.");
	return TSI_INVALID_ARGUMENT;
	@@ -1305,6 +1307,11 @@ tsi_result tsi_create_ssl_client_handshaker_factory(
	impl->ssl_context = ssl_context;

	do {
	+ result = SSL_CTX_set_min_proto_version(ssl_context, TLS1_2_VERSION);
	+ if (result != 1) {
	+ gpr_log(GPR_ERROR, "Could not set minimum TLS version.");
	+ break;
	+ }
	result =
	populate_ssl_context(ssl_context, pem_private_key, pem_private_key_size,
	pem_cert_chain, pem_cert_chain_size, cipher_list);
	@@ -1415,12 +1422,17 @@ tsi_result tsi_create_ssl_server_handshaker_factory_ex(

	for (i = 0; i < key_cert_pair_count; i++) {
	do {
	- impl->ssl_contexts[i] = SSL_CTX_new(TLSv1_2_method());
	+ impl->ssl_contexts[i] = SSL_CTX_new(TLS_method());
	if (impl->ssl_contexts[i] == NULL) {
	gpr_log(GPR_ERROR, "Could not create ssl context.");
	result = TSI_OUT_OF_RESOURCES;
	break;
	}
	+ result = SSL_CTX_set_min_proto_version(impl->ssl_contexts[i], TLS1_2_VERSION);
	+ if (result != 1) {
	+ gpr_log(GPR_ERROR, "Could not set minimum TLS version.");
	+ break;
	+ }
	result = populate_ssl_context(
	impl->ssl_contexts[i], pem_private_keys[i], pem_private_keys_sizes[i],
	pem_cert_chains[i], pem_cert_chains_sizes[i], cipher_list);