awesome-grpc-that-works 0.12.2 → 0.14.0.dev

Sign up to get free protection for your applications and to get access to all the features.
Files changed (724) hide show
  1. checksums.yaml +4 -4
  2. data/.yardopts +1 -0
  3. data/Makefile +5783 -22121
  4. data/include/grpc/byte_buffer.h +2 -83
  5. data/include/grpc/census.h +173 -121
  6. data/include/grpc/compression.h +14 -38
  7. data/include/grpc/grpc.h +85 -434
  8. data/include/grpc/grpc_security.h +76 -46
  9. data/include/grpc/grpc_zookeeper.h +1 -1
  10. data/include/grpc/impl/codegen/alloc.h +74 -0
  11. data/include/grpc/impl/codegen/atm.h +92 -0
  12. data/include/grpc/impl/codegen/atm_gcc_atomic.h +72 -0
  13. data/include/grpc/impl/codegen/atm_gcc_sync.h +87 -0
  14. data/include/grpc/impl/codegen/atm_win32.h +125 -0
  15. data/include/grpc/impl/codegen/byte_buffer.h +121 -0
  16. data/include/grpc/impl/codegen/compression_types.h +73 -0
  17. data/include/grpc/impl/codegen/connectivity_state.h +59 -0
  18. data/include/grpc/impl/codegen/grpc_types.h +378 -0
  19. data/include/grpc/impl/codegen/log.h +110 -0
  20. data/include/grpc/impl/codegen/port_platform.h +370 -0
  21. data/include/grpc/impl/codegen/propagation_bits.h +67 -0
  22. data/include/grpc/impl/codegen/slice.h +182 -0
  23. data/include/grpc/impl/codegen/slice_buffer.h +105 -0
  24. data/include/grpc/impl/codegen/status.h +163 -0
  25. data/include/grpc/impl/codegen/sync.h +316 -0
  26. data/include/grpc/impl/codegen/sync_generic.h +55 -0
  27. data/{src/core/census/context.h → include/grpc/impl/codegen/sync_posix.h} +11 -11
  28. data/include/grpc/impl/codegen/sync_win32.h +49 -0
  29. data/include/grpc/impl/codegen/time.h +130 -0
  30. data/include/grpc/status.h +2 -126
  31. data/include/grpc/support/alloc.h +2 -35
  32. data/include/grpc/support/atm.h +2 -55
  33. data/include/grpc/support/atm_gcc_atomic.h +5 -38
  34. data/include/grpc/support/atm_gcc_sync.h +2 -50
  35. data/include/grpc/support/atm_win32.h +2 -88
  36. data/include/grpc/support/avl.h +10 -9
  37. data/include/grpc/support/cmdline.h +15 -13
  38. data/include/grpc/support/cpu.h +5 -3
  39. data/include/grpc/support/histogram.h +23 -20
  40. data/include/grpc/support/host_port.h +5 -3
  41. data/include/grpc/support/log.h +2 -71
  42. data/include/grpc/support/log_win32.h +2 -2
  43. data/include/grpc/support/port_platform.h +2 -319
  44. data/include/grpc/support/slice.h +2 -145
  45. data/include/grpc/support/slice_buffer.h +2 -65
  46. data/include/grpc/support/string_util.h +3 -3
  47. data/include/grpc/support/subprocess.h +8 -6
  48. data/include/grpc/support/sync.h +2 -278
  49. data/include/grpc/support/sync_generic.h +2 -18
  50. data/include/grpc/support/sync_posix.h +2 -10
  51. data/include/grpc/support/sync_win32.h +2 -12
  52. data/include/grpc/support/thd.h +11 -11
  53. data/include/grpc/support/time.h +2 -91
  54. data/include/grpc/support/tls.h +1 -1
  55. data/include/grpc/support/tls_gcc.h +1 -1
  56. data/include/grpc/support/tls_msvc.h +1 -1
  57. data/include/grpc/support/tls_pthread.h +2 -2
  58. data/include/grpc/support/useful.h +3 -1
  59. data/src/boringssl/err_data.c +1252 -0
  60. data/src/core/census/context.c +471 -8
  61. data/src/core/census/grpc_filter.c +5 -5
  62. data/src/core/census/initialize.c +4 -7
  63. data/src/core/census/mlog.c +600 -0
  64. data/src/core/census/mlog.h +95 -0
  65. data/src/core/census/operation.c +2 -2
  66. data/src/core/census/placeholders.c +109 -0
  67. data/src/core/census/rpc_metric_id.h +6 -6
  68. data/src/core/census/tracing.c +1 -1
  69. data/src/core/channel/channel_args.c +71 -9
  70. data/src/core/channel/channel_args.h +7 -1
  71. data/src/core/channel/channel_stack.c +1 -1
  72. data/src/core/channel/client_channel.c +33 -30
  73. data/src/core/channel/client_uchannel.c +3 -3
  74. data/src/core/channel/compress_filter.c +8 -8
  75. data/src/core/channel/http_client_filter.c +4 -4
  76. data/src/core/channel/http_server_filter.c +11 -11
  77. data/src/core/channel/subchannel_call_holder.c +11 -11
  78. data/src/core/client_config/connector.c +3 -2
  79. data/src/core/client_config/connector.h +2 -2
  80. data/src/core/client_config/lb_policies/load_balancer_api.c +163 -0
  81. data/src/core/client_config/lb_policies/load_balancer_api.h +85 -0
  82. data/src/core/client_config/lb_policies/pick_first.c +57 -40
  83. data/src/core/client_config/lb_policies/round_robin.c +14 -15
  84. data/src/core/client_config/lb_policy.c +3 -3
  85. data/src/core/client_config/lb_policy.h +3 -2
  86. data/src/core/client_config/resolvers/dns_resolver.c +3 -3
  87. data/src/core/client_config/resolvers/sockaddr_resolver.c +5 -5
  88. data/src/core/client_config/subchannel.c +84 -39
  89. data/src/core/client_config/subchannel.h +15 -6
  90. data/src/core/client_config/subchannel_index.c +261 -0
  91. data/src/core/client_config/subchannel_index.h +77 -0
  92. data/src/core/compression/{algorithm.c → compression_algorithm.c} +3 -3
  93. data/src/core/httpcli/format_request.c +1 -1
  94. data/src/core/httpcli/httpcli.c +18 -16
  95. data/src/core/httpcli/httpcli.h +3 -2
  96. data/src/core/httpcli/httpcli_security_connector.c +9 -10
  97. data/src/core/httpcli/parser.c +7 -7
  98. data/src/core/httpcli/parser.h +1 -1
  99. data/src/core/iomgr/closure.c +7 -7
  100. data/src/core/iomgr/closure.h +6 -5
  101. data/src/core/iomgr/exec_ctx.c +12 -8
  102. data/src/core/iomgr/exec_ctx.h +12 -5
  103. data/src/core/iomgr/executor.c +4 -4
  104. data/src/core/iomgr/executor.h +2 -2
  105. data/src/core/iomgr/fd_posix.c +32 -19
  106. data/src/core/iomgr/fd_posix.h +7 -4
  107. data/src/core/iomgr/iocp_windows.c +7 -9
  108. data/src/core/iomgr/iomgr.c +2 -2
  109. data/src/core/iomgr/pollset.h +9 -10
  110. data/src/core/iomgr/pollset_multipoller_with_epoll.c +71 -5
  111. data/src/core/iomgr/pollset_multipoller_with_poll_posix.c +9 -5
  112. data/src/core/iomgr/pollset_posix.c +44 -49
  113. data/src/core/iomgr/pollset_posix.h +14 -8
  114. data/src/core/iomgr/pollset_set.h +3 -9
  115. data/src/core/iomgr/pollset_set_posix.c +23 -3
  116. data/src/core/iomgr/pollset_set_posix.h +2 -18
  117. data/src/core/iomgr/pollset_set_windows.c +3 -3
  118. data/src/core/iomgr/pollset_set_windows.h +2 -2
  119. data/src/core/iomgr/pollset_windows.c +29 -37
  120. data/src/core/iomgr/pollset_windows.h +1 -5
  121. data/src/core/iomgr/resolve_address_posix.c +2 -2
  122. data/src/core/iomgr/resolve_address_windows.c +2 -2
  123. data/src/core/iomgr/sockaddr_utils.c +6 -6
  124. data/src/core/iomgr/sockaddr_win32.h +1 -6
  125. data/src/core/iomgr/tcp_client_posix.c +14 -12
  126. data/src/core/iomgr/tcp_client_windows.c +4 -4
  127. data/src/core/iomgr/tcp_posix.c +18 -10
  128. data/src/core/iomgr/tcp_posix.h +7 -1
  129. data/src/core/iomgr/tcp_server.h +40 -20
  130. data/src/core/iomgr/tcp_server_posix.c +106 -49
  131. data/src/core/iomgr/tcp_server_windows.c +98 -49
  132. data/src/core/iomgr/tcp_windows.c +11 -15
  133. data/src/core/iomgr/timer.c +10 -11
  134. data/src/core/iomgr/timer.h +22 -2
  135. data/src/core/iomgr/timer_heap.c +10 -10
  136. data/src/core/iomgr/timer_heap.h +2 -2
  137. data/src/core/iomgr/udp_server.c +7 -16
  138. data/src/core/iomgr/udp_server.h +2 -9
  139. data/src/core/iomgr/workqueue.h +2 -4
  140. data/src/core/iomgr/workqueue_posix.c +4 -3
  141. data/src/core/iomgr/workqueue_posix.h +3 -1
  142. data/src/core/json/json_reader.c +11 -12
  143. data/src/core/json/json_reader.h +4 -4
  144. data/src/core/json/json_string.c +19 -19
  145. data/src/core/json/json_writer.c +7 -9
  146. data/src/core/profiling/basic_timers.c +1 -1
  147. data/src/core/proto/grpc/lb/v0/load_balancer.pb.c +119 -0
  148. data/src/core/proto/grpc/lb/v0/load_balancer.pb.h +182 -0
  149. data/src/core/security/{base64.c → b64.c} +10 -10
  150. data/src/core/security/{base64.h → b64.h} +1 -1
  151. data/src/core/security/client_auth_filter.c +4 -5
  152. data/src/core/security/credentials.c +17 -10
  153. data/src/core/security/credentials.h +3 -3
  154. data/src/core/security/google_default_credentials.c +27 -22
  155. data/src/core/security/handshake.c +21 -12
  156. data/src/core/security/handshake.h +2 -1
  157. data/src/core/security/json_token.c +14 -8
  158. data/src/core/security/jwt_verifier.c +4 -3
  159. data/src/core/security/secure_endpoint.c +16 -16
  160. data/src/core/security/security_connector.c +131 -81
  161. data/src/core/security/security_connector.h +47 -27
  162. data/src/core/security/security_context.c +8 -3
  163. data/src/core/security/server_auth_filter.c +5 -5
  164. data/src/core/security/server_secure_chttp2.c +36 -37
  165. data/src/core/statistics/census_interface.h +2 -2
  166. data/src/core/statistics/census_rpc_stats.h +3 -3
  167. data/src/core/support/alloc.c +1 -1
  168. data/src/core/support/avl.c +2 -2
  169. data/src/core/support/cpu_posix.c +2 -2
  170. data/src/core/support/env_linux.c +28 -1
  171. data/src/core/support/env_win32.c +15 -7
  172. data/src/core/support/histogram.c +5 -5
  173. data/src/core/support/{file.c → load_file.c} +2 -2
  174. data/src/core/support/{file.h → load_file.h} +4 -12
  175. data/src/core/support/log_posix.c +1 -1
  176. data/src/core/support/log_win32.c +4 -3
  177. data/src/core/support/murmur_hash.c +11 -11
  178. data/src/core/support/murmur_hash.h +1 -1
  179. data/src/core/support/slice.c +11 -11
  180. data/src/core/support/slice_buffer.c +6 -6
  181. data/src/core/support/stack_lockfree.c +20 -10
  182. data/src/core/support/string.c +15 -15
  183. data/src/core/support/string.h +5 -5
  184. data/src/core/support/string_win32.c +5 -5
  185. data/src/core/support/subprocess_windows.c +141 -0
  186. data/src/core/support/sync.c +4 -4
  187. data/src/core/support/sync_posix.c +2 -2
  188. data/src/core/support/sync_win32.c +10 -5
  189. data/src/core/support/time.c +29 -29
  190. data/src/core/support/time_posix.c +15 -6
  191. data/src/core/support/time_precise.c +2 -2
  192. data/src/core/support/time_win32.c +18 -9
  193. data/src/core/support/tls_pthread.c +1 -1
  194. data/src/core/support/tmpfile.h +55 -0
  195. data/src/core/support/{file_posix.c → tmpfile_posix.c} +2 -2
  196. data/src/core/support/{file_win32.c → tmpfile_win32.c} +2 -2
  197. data/src/core/support/wrap_memcpy.c +53 -0
  198. data/src/core/surface/alarm.c +84 -0
  199. data/src/core/surface/byte_buffer_reader.c +1 -1
  200. data/src/core/surface/call.c +175 -116
  201. data/src/core/surface/call.h +2 -2
  202. data/src/core/surface/call_test_only.h +2 -2
  203. data/src/core/surface/channel.c +9 -9
  204. data/src/core/surface/channel.h +1 -1
  205. data/src/core/surface/channel_connectivity.c +3 -3
  206. data/src/core/surface/channel_create.c +4 -4
  207. data/src/core/surface/channel_ping.c +2 -2
  208. data/src/core/surface/completion_queue.c +84 -53
  209. data/src/core/surface/completion_queue.h +1 -1
  210. data/src/core/surface/init.c +11 -5
  211. data/src/core/surface/lame_client.c +2 -3
  212. data/src/core/surface/secure_channel_create.c +9 -10
  213. data/src/core/surface/server.c +30 -30
  214. data/src/core/surface/server_chttp2.c +8 -8
  215. data/src/core/surface/server_create.c +1 -4
  216. data/src/core/surface/validate_metadata.c +4 -4
  217. data/src/core/surface/version.c +2 -2
  218. data/src/core/transport/byte_stream.c +8 -6
  219. data/src/core/transport/byte_stream.h +6 -5
  220. data/src/core/transport/chttp2/bin_encoder.c +29 -29
  221. data/src/core/transport/chttp2/frame_data.c +29 -26
  222. data/src/core/transport/chttp2/frame_data.h +6 -6
  223. data/src/core/transport/chttp2/frame_goaway.c +30 -30
  224. data/src/core/transport/chttp2/frame_goaway.h +6 -6
  225. data/src/core/transport/chttp2/frame_ping.c +6 -6
  226. data/src/core/transport/chttp2/frame_ping.h +5 -5
  227. data/src/core/transport/chttp2/frame_rst_stream.c +18 -19
  228. data/src/core/transport/chttp2/frame_rst_stream.h +4 -4
  229. data/src/core/transport/chttp2/frame_settings.c +30 -30
  230. data/src/core/transport/chttp2/frame_settings.h +13 -13
  231. data/src/core/transport/chttp2/frame_window_update.c +17 -18
  232. data/src/core/transport/chttp2/frame_window_update.h +5 -7
  233. data/src/core/transport/chttp2/hpack_encoder.c +69 -73
  234. data/src/core/transport/chttp2/hpack_encoder.h +16 -16
  235. data/src/core/transport/chttp2/hpack_parser.c +167 -167
  236. data/src/core/transport/chttp2/hpack_parser.h +16 -16
  237. data/src/core/transport/chttp2/hpack_table.c +13 -13
  238. data/src/core/transport/chttp2/hpack_table.h +11 -11
  239. data/src/core/transport/chttp2/internal.h +103 -87
  240. data/src/core/transport/chttp2/parsing.c +25 -25
  241. data/src/core/transport/chttp2/stream_lists.c +38 -1
  242. data/src/core/transport/chttp2/stream_map.c +13 -14
  243. data/src/core/transport/chttp2/stream_map.h +6 -7
  244. data/src/core/transport/chttp2/timeout_encoding.c +19 -16
  245. data/src/core/transport/chttp2/varint.c +8 -9
  246. data/src/core/transport/chttp2/varint.h +7 -8
  247. data/src/core/transport/chttp2/writing.c +25 -22
  248. data/src/core/transport/chttp2_transport.c +147 -100
  249. data/src/core/transport/connectivity_state.c +6 -6
  250. data/src/core/transport/metadata.c +18 -18
  251. data/src/core/transport/metadata.h +5 -5
  252. data/src/core/transport/static_metadata.c +32 -33
  253. data/src/core/transport/static_metadata.h +8 -8
  254. data/src/core/transport/transport.c +6 -5
  255. data/src/core/transport/transport.h +17 -1
  256. data/src/core/tsi/fake_transport_security.c +7 -7
  257. data/src/core/tsi/ssl_transport_security.c +6 -4
  258. data/src/core/{iomgr/timer_internal.h → tsi/ssl_types.h} +19 -25
  259. data/src/ruby/ext/grpc/extconf.rb +52 -14
  260. data/src/ruby/ext/grpc/rb_byte_buffer.c +3 -1
  261. data/src/ruby/ext/grpc/rb_call.c +7 -3
  262. data/src/ruby/ext/grpc/rb_call_credentials.c +4 -0
  263. data/src/ruby/ext/grpc/rb_channel.c +4 -2
  264. data/src/ruby/ext/grpc/rb_channel_args.c +3 -1
  265. data/src/ruby/ext/grpc/rb_channel_credentials.c +3 -1
  266. data/src/ruby/ext/grpc/rb_completion_queue.c +3 -1
  267. data/src/ruby/ext/grpc/rb_event_thread.c +5 -0
  268. data/src/ruby/ext/grpc/rb_grpc.c +28 -19
  269. data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +562 -0
  270. data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +846 -0
  271. data/src/ruby/ext/grpc/rb_loader.c +72 -0
  272. data/src/ruby/ext/grpc/rb_loader.h +40 -0
  273. data/src/ruby/ext/grpc/rb_server.c +3 -1
  274. data/src/ruby/ext/grpc/rb_server_credentials.c +4 -2
  275. data/src/ruby/lib/grpc/core/time_consts.rb +2 -2
  276. data/src/ruby/lib/grpc/errors.rb +2 -2
  277. data/src/ruby/lib/grpc/generic/bidi_call.rb +1 -1
  278. data/src/ruby/lib/grpc/generic/rpc_desc.rb +1 -1
  279. data/src/ruby/lib/grpc/generic/rpc_server.rb +1 -1
  280. data/src/ruby/lib/grpc/grpc.rb +34 -0
  281. data/src/ruby/lib/grpc/version.rb +1 -1
  282. data/src/ruby/pb/README.md +2 -2
  283. data/src/ruby/pb/generate_proto_ruby.sh +2 -2
  284. data/src/ruby/pb/grpc/health/checker.rb +11 -11
  285. data/src/ruby/pb/grpc/health/v1/health.rb +28 -0
  286. data/src/ruby/pb/grpc/health/{v1alpha → v1}/health_services.rb +4 -4
  287. data/src/ruby/spec/client_server_spec.rb +2 -1
  288. data/src/ruby/spec/pb/health/checker_spec.rb +23 -37
  289. data/third_party/boringssl/crypto/aes/aes.c +1142 -0
  290. data/third_party/boringssl/crypto/aes/internal.h +87 -0
  291. data/third_party/boringssl/crypto/aes/mode_wrappers.c +108 -0
  292. data/third_party/boringssl/crypto/asn1/a_bitstr.c +255 -0
  293. data/third_party/boringssl/crypto/asn1/a_bool.c +112 -0
  294. data/third_party/boringssl/crypto/asn1/a_bytes.c +317 -0
  295. data/third_party/boringssl/crypto/asn1/a_d2i_fp.c +286 -0
  296. data/third_party/boringssl/crypto/asn1/a_dup.c +103 -0
  297. data/third_party/boringssl/crypto/asn1/a_enum.c +183 -0
  298. data/third_party/boringssl/crypto/asn1/a_gentm.c +255 -0
  299. data/third_party/boringssl/crypto/asn1/a_i2d_fp.c +154 -0
  300. data/third_party/boringssl/crypto/asn1/a_int.c +456 -0
  301. data/third_party/boringssl/crypto/asn1/a_mbstr.c +390 -0
  302. data/third_party/boringssl/crypto/asn1/a_object.c +412 -0
  303. data/third_party/boringssl/crypto/asn1/a_octet.c +70 -0
  304. data/third_party/boringssl/crypto/asn1/a_print.c +119 -0
  305. data/third_party/boringssl/crypto/asn1/a_strnid.c +286 -0
  306. data/third_party/boringssl/crypto/asn1/a_time.c +221 -0
  307. data/third_party/boringssl/crypto/asn1/a_type.c +160 -0
  308. data/third_party/boringssl/crypto/asn1/a_utctm.c +342 -0
  309. data/third_party/boringssl/crypto/asn1/a_utf8.c +210 -0
  310. data/third_party/boringssl/crypto/asn1/asn1_lib.c +510 -0
  311. data/third_party/boringssl/crypto/asn1/asn1_locl.h +73 -0
  312. data/third_party/boringssl/crypto/asn1/asn1_par.c +444 -0
  313. data/third_party/boringssl/crypto/asn1/asn_pack.c +104 -0
  314. data/third_party/boringssl/crypto/asn1/bio_asn1.c +496 -0
  315. data/third_party/boringssl/crypto/asn1/bio_ndef.c +254 -0
  316. data/third_party/boringssl/crypto/asn1/f_enum.c +206 -0
  317. data/third_party/boringssl/crypto/asn1/f_int.c +210 -0
  318. data/third_party/boringssl/crypto/asn1/f_string.c +204 -0
  319. data/third_party/boringssl/crypto/asn1/t_bitst.c +102 -0
  320. data/third_party/boringssl/crypto/asn1/t_pkey.c +112 -0
  321. data/third_party/boringssl/crypto/asn1/tasn_dec.c +1342 -0
  322. data/third_party/boringssl/crypto/asn1/tasn_enc.c +695 -0
  323. data/third_party/boringssl/crypto/asn1/tasn_fre.c +264 -0
  324. data/third_party/boringssl/crypto/asn1/tasn_new.c +398 -0
  325. data/third_party/boringssl/crypto/asn1/tasn_prn.c +642 -0
  326. data/third_party/boringssl/crypto/asn1/tasn_typ.c +137 -0
  327. data/third_party/boringssl/crypto/asn1/tasn_utl.c +266 -0
  328. data/third_party/boringssl/crypto/asn1/x_bignum.c +143 -0
  329. data/third_party/boringssl/crypto/asn1/x_long.c +182 -0
  330. data/third_party/boringssl/crypto/base64/base64.c +478 -0
  331. data/third_party/boringssl/crypto/bio/bio.c +608 -0
  332. data/third_party/boringssl/crypto/bio/bio_mem.c +327 -0
  333. data/third_party/boringssl/crypto/bio/buffer.c +496 -0
  334. data/third_party/boringssl/crypto/bio/connect.c +544 -0
  335. data/third_party/boringssl/crypto/bio/fd.c +270 -0
  336. data/third_party/boringssl/crypto/bio/file.c +349 -0
  337. data/third_party/boringssl/crypto/bio/hexdump.c +192 -0
  338. data/third_party/boringssl/crypto/bio/internal.h +108 -0
  339. data/third_party/boringssl/crypto/bio/pair.c +803 -0
  340. data/third_party/boringssl/crypto/bio/printf.c +119 -0
  341. data/third_party/boringssl/crypto/bio/socket.c +195 -0
  342. data/third_party/boringssl/crypto/bio/socket_helper.c +113 -0
  343. data/third_party/boringssl/crypto/bn/add.c +377 -0
  344. data/third_party/boringssl/crypto/bn/asm/x86_64-gcc.c +599 -0
  345. data/third_party/boringssl/crypto/bn/bn.c +341 -0
  346. data/third_party/boringssl/crypto/bn/bn_asn1.c +93 -0
  347. data/third_party/boringssl/crypto/bn/cmp.c +200 -0
  348. data/third_party/boringssl/crypto/bn/convert.c +597 -0
  349. data/third_party/boringssl/crypto/bn/ctx.c +311 -0
  350. data/third_party/boringssl/crypto/bn/div.c +625 -0
  351. data/third_party/boringssl/crypto/bn/exponentiation.c +1544 -0
  352. data/third_party/boringssl/crypto/bn/gcd.c +711 -0
  353. data/third_party/boringssl/crypto/bn/generic.c +1019 -0
  354. data/third_party/boringssl/crypto/bn/internal.h +294 -0
  355. data/third_party/boringssl/crypto/bn/kronecker.c +175 -0
  356. data/third_party/boringssl/crypto/bn/montgomery.c +561 -0
  357. data/third_party/boringssl/crypto/bn/mul.c +888 -0
  358. data/third_party/boringssl/crypto/bn/prime.c +845 -0
  359. data/third_party/boringssl/crypto/bn/random.c +326 -0
  360. data/third_party/boringssl/crypto/bn/rsaz_exp.c +326 -0
  361. data/third_party/boringssl/crypto/bn/rsaz_exp.h +56 -0
  362. data/third_party/boringssl/crypto/bn/shift.c +299 -0
  363. data/third_party/boringssl/crypto/bn/sqrt.c +505 -0
  364. data/third_party/boringssl/crypto/buf/buf.c +235 -0
  365. data/third_party/boringssl/crypto/bytestring/ber.c +221 -0
  366. data/third_party/boringssl/crypto/bytestring/cbb.c +411 -0
  367. data/third_party/boringssl/crypto/bytestring/cbs.c +415 -0
  368. data/third_party/boringssl/crypto/bytestring/internal.h +46 -0
  369. data/third_party/boringssl/crypto/chacha/chacha_generic.c +140 -0
  370. data/third_party/boringssl/crypto/chacha/chacha_vec.c +323 -0
  371. data/third_party/boringssl/crypto/cipher/aead.c +167 -0
  372. data/third_party/boringssl/crypto/cipher/cipher.c +652 -0
  373. data/third_party/boringssl/crypto/cipher/derive_key.c +154 -0
  374. data/third_party/boringssl/crypto/cipher/e_aes.c +1767 -0
  375. data/third_party/boringssl/crypto/cipher/e_chacha20poly1305.c +311 -0
  376. data/third_party/boringssl/crypto/cipher/e_des.c +207 -0
  377. data/third_party/boringssl/crypto/cipher/e_null.c +85 -0
  378. data/third_party/boringssl/crypto/cipher/e_rc2.c +443 -0
  379. data/third_party/boringssl/crypto/cipher/e_rc4.c +87 -0
  380. data/third_party/boringssl/crypto/cipher/e_ssl3.c +463 -0
  381. data/third_party/boringssl/crypto/cipher/e_tls.c +673 -0
  382. data/third_party/boringssl/crypto/cipher/internal.h +164 -0
  383. data/third_party/boringssl/crypto/cipher/tls_cbc.c +495 -0
  384. data/third_party/boringssl/crypto/cmac/cmac.c +239 -0
  385. data/third_party/boringssl/crypto/conf/conf.c +778 -0
  386. data/third_party/boringssl/crypto/conf/conf_def.h +127 -0
  387. data/third_party/boringssl/crypto/conf/internal.h +31 -0
  388. data/third_party/boringssl/crypto/cpu-arm.c +199 -0
  389. data/third_party/boringssl/crypto/cpu-intel.c +261 -0
  390. data/third_party/boringssl/crypto/crypto.c +140 -0
  391. data/third_party/boringssl/crypto/curve25519/curve25519.c +4897 -0
  392. data/third_party/boringssl/crypto/des/des.c +771 -0
  393. data/third_party/boringssl/crypto/des/internal.h +212 -0
  394. data/third_party/boringssl/crypto/dh/check.c +180 -0
  395. data/third_party/boringssl/crypto/dh/dh.c +463 -0
  396. data/third_party/boringssl/crypto/dh/dh_asn1.c +84 -0
  397. data/third_party/boringssl/crypto/dh/internal.h +80 -0
  398. data/third_party/boringssl/crypto/dh/params.c +301 -0
  399. data/third_party/boringssl/crypto/digest/digest.c +248 -0
  400. data/third_party/boringssl/crypto/digest/digests.c +321 -0
  401. data/third_party/boringssl/crypto/digest/internal.h +112 -0
  402. data/third_party/boringssl/crypto/digest/md32_common.h +322 -0
  403. data/third_party/boringssl/crypto/directory.h +66 -0
  404. data/third_party/boringssl/crypto/directory_posix.c +108 -0
  405. data/third_party/boringssl/crypto/directory_win.c +144 -0
  406. data/third_party/boringssl/crypto/dsa/dsa.c +908 -0
  407. data/third_party/boringssl/crypto/dsa/dsa_asn1.c +150 -0
  408. data/third_party/boringssl/crypto/dsa/internal.h +78 -0
  409. data/third_party/boringssl/crypto/ec/ec.c +889 -0
  410. data/third_party/boringssl/crypto/ec/ec_asn1.c +586 -0
  411. data/third_party/boringssl/crypto/ec/ec_key.c +482 -0
  412. data/third_party/boringssl/crypto/ec/ec_montgomery.c +280 -0
  413. data/third_party/boringssl/crypto/ec/internal.h +318 -0
  414. data/third_party/boringssl/crypto/ec/oct.c +416 -0
  415. data/third_party/boringssl/crypto/ec/p224-64.c +1305 -0
  416. data/third_party/boringssl/crypto/ec/p256-64.c +1878 -0
  417. data/third_party/boringssl/crypto/ec/p256-x86_64-table.h +9548 -0
  418. data/third_party/boringssl/crypto/ec/p256-x86_64.c +596 -0
  419. data/third_party/boringssl/crypto/ec/simple.c +1313 -0
  420. data/third_party/boringssl/crypto/ec/util-64.c +183 -0
  421. data/third_party/boringssl/crypto/ec/wnaf.c +449 -0
  422. data/third_party/boringssl/crypto/ecdh/ecdh.c +153 -0
  423. data/third_party/boringssl/crypto/ecdsa/ecdsa.c +496 -0
  424. data/third_party/boringssl/crypto/ecdsa/ecdsa_asn1.c +240 -0
  425. data/third_party/boringssl/crypto/engine/engine.c +96 -0
  426. data/third_party/boringssl/crypto/err/err.c +756 -0
  427. data/third_party/boringssl/crypto/evp/algorithm.c +153 -0
  428. data/third_party/boringssl/crypto/evp/digestsign.c +159 -0
  429. data/third_party/boringssl/crypto/evp/evp.c +411 -0
  430. data/third_party/boringssl/crypto/evp/evp_asn1.c +179 -0
  431. data/third_party/boringssl/crypto/evp/evp_ctx.c +477 -0
  432. data/third_party/boringssl/crypto/evp/internal.h +278 -0
  433. data/third_party/boringssl/crypto/evp/p_dsa_asn1.c +588 -0
  434. data/third_party/boringssl/crypto/evp/p_ec.c +283 -0
  435. data/third_party/boringssl/crypto/evp/p_ec_asn1.c +562 -0
  436. data/third_party/boringssl/crypto/evp/p_rsa.c +596 -0
  437. data/third_party/boringssl/crypto/evp/p_rsa_asn1.c +737 -0
  438. data/third_party/boringssl/crypto/evp/pbkdf.c +151 -0
  439. data/third_party/boringssl/crypto/evp/sign.c +151 -0
  440. data/third_party/boringssl/crypto/ex_data.c +294 -0
  441. data/third_party/boringssl/crypto/hkdf/hkdf.c +89 -0
  442. data/third_party/boringssl/crypto/hmac/hmac.c +213 -0
  443. data/third_party/boringssl/crypto/internal.h +532 -0
  444. data/third_party/boringssl/crypto/lhash/lhash.c +346 -0
  445. data/third_party/boringssl/crypto/md4/md4.c +225 -0
  446. data/third_party/boringssl/crypto/md5/md5.c +275 -0
  447. data/third_party/boringssl/crypto/mem.c +200 -0
  448. data/third_party/boringssl/crypto/modes/cbc.c +216 -0
  449. data/third_party/boringssl/crypto/modes/cfb.c +231 -0
  450. data/third_party/boringssl/crypto/modes/ctr.c +226 -0
  451. data/third_party/boringssl/crypto/modes/gcm.c +1252 -0
  452. data/third_party/boringssl/crypto/modes/internal.h +370 -0
  453. data/third_party/boringssl/crypto/modes/ofb.c +108 -0
  454. data/third_party/boringssl/crypto/obj/obj.c +664 -0
  455. data/third_party/boringssl/crypto/obj/obj_dat.h +5257 -0
  456. data/third_party/boringssl/crypto/obj/obj_xref.c +124 -0
  457. data/third_party/boringssl/crypto/obj/obj_xref.h +96 -0
  458. data/third_party/boringssl/crypto/pem/pem_all.c +281 -0
  459. data/third_party/boringssl/crypto/pem/pem_info.c +404 -0
  460. data/third_party/boringssl/crypto/pem/pem_lib.c +835 -0
  461. data/third_party/boringssl/crypto/pem/pem_oth.c +89 -0
  462. data/third_party/boringssl/crypto/pem/pem_pk8.c +244 -0
  463. data/third_party/boringssl/crypto/pem/pem_pkey.c +312 -0
  464. data/third_party/boringssl/crypto/pem/pem_x509.c +65 -0
  465. data/third_party/boringssl/crypto/pem/pem_xaux.c +66 -0
  466. data/third_party/boringssl/crypto/pkcs8/internal.h +83 -0
  467. data/third_party/boringssl/crypto/pkcs8/p5_pbe.c +150 -0
  468. data/third_party/boringssl/crypto/pkcs8/p5_pbev2.c +440 -0
  469. data/third_party/boringssl/crypto/pkcs8/p8_pkey.c +85 -0
  470. data/third_party/boringssl/crypto/pkcs8/pkcs8.c +1217 -0
  471. data/third_party/boringssl/crypto/poly1305/poly1305.c +331 -0
  472. data/third_party/boringssl/crypto/poly1305/poly1305_arm.c +301 -0
  473. data/third_party/boringssl/crypto/poly1305/poly1305_vec.c +892 -0
  474. data/third_party/boringssl/crypto/rand/internal.h +32 -0
  475. data/third_party/boringssl/crypto/rand/rand.c +239 -0
  476. data/third_party/boringssl/crypto/rand/urandom.c +223 -0
  477. data/third_party/boringssl/crypto/rand/windows.c +56 -0
  478. data/third_party/boringssl/crypto/rc4/rc4.c +283 -0
  479. data/third_party/boringssl/crypto/refcount_c11.c +67 -0
  480. data/third_party/boringssl/crypto/refcount_lock.c +53 -0
  481. data/third_party/boringssl/crypto/rsa/blinding.c +462 -0
  482. data/third_party/boringssl/crypto/rsa/internal.h +164 -0
  483. data/third_party/boringssl/crypto/rsa/padding.c +711 -0
  484. data/third_party/boringssl/crypto/rsa/rsa.c +808 -0
  485. data/third_party/boringssl/crypto/rsa/rsa_asn1.c +473 -0
  486. data/third_party/boringssl/crypto/rsa/rsa_impl.c +1138 -0
  487. data/third_party/boringssl/crypto/sha/sha1.c +337 -0
  488. data/third_party/boringssl/crypto/sha/sha256.c +327 -0
  489. data/third_party/boringssl/crypto/sha/sha512.c +607 -0
  490. data/third_party/boringssl/crypto/stack/stack.c +386 -0
  491. data/third_party/boringssl/crypto/test/scoped_types.h +137 -0
  492. data/third_party/boringssl/crypto/test/test_util.h +35 -0
  493. data/third_party/boringssl/crypto/thread.c +101 -0
  494. data/third_party/boringssl/crypto/thread_none.c +55 -0
  495. data/third_party/boringssl/crypto/thread_pthread.c +167 -0
  496. data/third_party/boringssl/crypto/thread_win.c +282 -0
  497. data/third_party/boringssl/crypto/time_support.c +212 -0
  498. data/third_party/boringssl/crypto/x509/a_digest.c +97 -0
  499. data/third_party/boringssl/crypto/x509/a_sign.c +136 -0
  500. data/third_party/boringssl/crypto/x509/a_strex.c +564 -0
  501. data/third_party/boringssl/crypto/x509/a_verify.c +133 -0
  502. data/third_party/boringssl/crypto/x509/asn1_gen.c +873 -0
  503. data/third_party/boringssl/crypto/x509/by_dir.c +491 -0
  504. data/third_party/boringssl/crypto/x509/by_file.c +295 -0
  505. data/third_party/boringssl/crypto/x509/charmap.h +15 -0
  506. data/third_party/boringssl/crypto/x509/i2d_pr.c +84 -0
  507. data/third_party/boringssl/crypto/x509/pkcs7.c +353 -0
  508. data/third_party/boringssl/crypto/x509/t_crl.c +129 -0
  509. data/third_party/boringssl/crypto/x509/t_req.c +246 -0
  510. data/third_party/boringssl/crypto/x509/t_x509.c +500 -0
  511. data/third_party/boringssl/crypto/x509/t_x509a.c +109 -0
  512. data/third_party/boringssl/crypto/x509/vpm_int.h +70 -0
  513. data/third_party/boringssl/crypto/x509/x509.c +152 -0
  514. data/third_party/boringssl/crypto/x509/x509_att.c +353 -0
  515. data/third_party/boringssl/crypto/x509/x509_cmp.c +490 -0
  516. data/third_party/boringssl/crypto/x509/x509_d2.c +105 -0
  517. data/third_party/boringssl/crypto/x509/x509_def.c +88 -0
  518. data/third_party/boringssl/crypto/x509/x509_ext.c +206 -0
  519. data/third_party/boringssl/crypto/x509/x509_lu.c +738 -0
  520. data/third_party/boringssl/crypto/x509/x509_obj.c +191 -0
  521. data/third_party/boringssl/crypto/x509/x509_r2x.c +113 -0
  522. data/third_party/boringssl/crypto/x509/x509_req.c +315 -0
  523. data/third_party/boringssl/crypto/x509/x509_set.c +154 -0
  524. data/third_party/boringssl/crypto/x509/x509_trs.c +304 -0
  525. data/third_party/boringssl/crypto/x509/x509_txt.c +209 -0
  526. data/third_party/boringssl/crypto/x509/x509_v3.c +271 -0
  527. data/third_party/boringssl/crypto/x509/x509_vfy.c +2456 -0
  528. data/third_party/boringssl/crypto/x509/x509_vpm.c +672 -0
  529. data/third_party/boringssl/crypto/x509/x509cset.c +172 -0
  530. data/third_party/boringssl/crypto/x509/x509name.c +381 -0
  531. data/third_party/boringssl/crypto/x509/x509rset.c +80 -0
  532. data/third_party/boringssl/crypto/x509/x509spki.c +135 -0
  533. data/third_party/boringssl/crypto/x509/x509type.c +128 -0
  534. data/third_party/boringssl/crypto/x509/x_algor.c +154 -0
  535. data/third_party/boringssl/crypto/x509/x_all.c +547 -0
  536. data/third_party/boringssl/crypto/x509/x_attrib.c +117 -0
  537. data/third_party/boringssl/crypto/x509/x_crl.c +560 -0
  538. data/third_party/boringssl/crypto/x509/x_exten.c +75 -0
  539. data/third_party/boringssl/crypto/x509/x_info.c +95 -0
  540. data/third_party/boringssl/crypto/x509/x_name.c +538 -0
  541. data/third_party/boringssl/crypto/x509/x_pkey.c +100 -0
  542. data/third_party/boringssl/crypto/x509/x_pubkey.c +384 -0
  543. data/third_party/boringssl/crypto/x509/x_req.c +112 -0
  544. data/third_party/boringssl/crypto/x509/x_sig.c +69 -0
  545. data/third_party/boringssl/crypto/x509/x_spki.c +78 -0
  546. data/third_party/boringssl/crypto/x509/x_val.c +69 -0
  547. data/third_party/boringssl/crypto/x509/x_x509.c +227 -0
  548. data/third_party/boringssl/crypto/x509/x_x509a.c +197 -0
  549. data/third_party/boringssl/crypto/x509v3/ext_dat.h +129 -0
  550. data/third_party/boringssl/crypto/x509v3/pcy_cache.c +299 -0
  551. data/third_party/boringssl/crypto/x509v3/pcy_data.c +137 -0
  552. data/third_party/boringssl/crypto/x509v3/pcy_int.h +212 -0
  553. data/third_party/boringssl/crypto/x509v3/pcy_lib.c +165 -0
  554. data/third_party/boringssl/crypto/x509v3/pcy_map.c +133 -0
  555. data/third_party/boringssl/crypto/x509v3/pcy_node.c +197 -0
  556. data/third_party/boringssl/crypto/x509v3/pcy_tree.c +876 -0
  557. data/third_party/boringssl/crypto/x509v3/v3_akey.c +212 -0
  558. data/third_party/boringssl/crypto/x509v3/v3_akeya.c +71 -0
  559. data/third_party/boringssl/crypto/x509v3/v3_alt.c +622 -0
  560. data/third_party/boringssl/crypto/x509v3/v3_bcons.c +126 -0
  561. data/third_party/boringssl/crypto/x509v3/v3_bitst.c +141 -0
  562. data/third_party/boringssl/crypto/x509v3/v3_conf.c +459 -0
  563. data/third_party/boringssl/crypto/x509v3/v3_cpols.c +475 -0
  564. data/third_party/boringssl/crypto/x509v3/v3_crld.c +616 -0
  565. data/third_party/boringssl/crypto/x509v3/v3_enum.c +98 -0
  566. data/third_party/boringssl/crypto/x509v3/v3_extku.c +145 -0
  567. data/third_party/boringssl/crypto/x509v3/v3_genn.c +252 -0
  568. data/third_party/boringssl/crypto/x509v3/v3_ia5.c +117 -0
  569. data/third_party/boringssl/crypto/x509v3/v3_info.c +200 -0
  570. data/third_party/boringssl/crypto/x509v3/v3_int.c +87 -0
  571. data/third_party/boringssl/crypto/x509v3/v3_lib.c +335 -0
  572. data/third_party/boringssl/crypto/x509v3/v3_ncons.c +510 -0
  573. data/third_party/boringssl/crypto/x509v3/v3_pci.c +335 -0
  574. data/third_party/boringssl/crypto/x509v3/v3_pcia.c +56 -0
  575. data/third_party/boringssl/crypto/x509v3/v3_pcons.c +142 -0
  576. data/third_party/boringssl/crypto/x509v3/v3_pku.c +109 -0
  577. data/third_party/boringssl/crypto/x509v3/v3_pmaps.c +156 -0
  578. data/third_party/boringssl/crypto/x509v3/v3_prn.c +207 -0
  579. data/third_party/boringssl/crypto/x509v3/v3_purp.c +805 -0
  580. data/third_party/boringssl/crypto/x509v3/v3_skey.c +148 -0
  581. data/third_party/boringssl/crypto/x509v3/v3_sxnet.c +266 -0
  582. data/third_party/boringssl/crypto/x509v3/v3_utl.c +1322 -0
  583. data/third_party/boringssl/include/openssl/aead.h +346 -0
  584. data/third_party/boringssl/include/openssl/aes.h +158 -0
  585. data/third_party/boringssl/include/openssl/arm_arch.h +127 -0
  586. data/third_party/boringssl/include/openssl/asn1.h +1168 -0
  587. data/third_party/boringssl/include/openssl/asn1_mac.h +75 -0
  588. data/third_party/boringssl/include/openssl/asn1t.h +906 -0
  589. data/third_party/boringssl/include/openssl/base.h +261 -0
  590. data/third_party/boringssl/include/openssl/base64.h +184 -0
  591. data/third_party/boringssl/include/openssl/bio.h +902 -0
  592. data/third_party/boringssl/include/openssl/blowfish.h +93 -0
  593. data/third_party/boringssl/include/openssl/bn.h +885 -0
  594. data/third_party/boringssl/include/openssl/buf.h +118 -0
  595. data/third_party/boringssl/include/openssl/buffer.h +18 -0
  596. data/third_party/boringssl/include/openssl/bytestring.h +360 -0
  597. data/third_party/boringssl/include/openssl/cast.h +96 -0
  598. data/third_party/boringssl/include/openssl/chacha.h +37 -0
  599. data/third_party/boringssl/include/openssl/cipher.h +571 -0
  600. data/third_party/boringssl/include/openssl/cmac.h +76 -0
  601. data/third_party/boringssl/include/openssl/conf.h +145 -0
  602. data/third_party/boringssl/include/openssl/cpu.h +184 -0
  603. data/third_party/boringssl/include/openssl/crypto.h +68 -0
  604. data/third_party/boringssl/include/openssl/curve25519.h +88 -0
  605. data/third_party/boringssl/include/openssl/des.h +177 -0
  606. data/third_party/boringssl/include/openssl/dh.h +238 -0
  607. data/third_party/boringssl/include/openssl/digest.h +258 -0
  608. data/third_party/boringssl/include/openssl/dsa.h +343 -0
  609. data/third_party/boringssl/include/openssl/dtls1.h +16 -0
  610. data/third_party/boringssl/include/openssl/ec.h +355 -0
  611. data/third_party/boringssl/include/openssl/ec_key.h +280 -0
  612. data/third_party/boringssl/include/openssl/ecdh.h +102 -0
  613. data/third_party/boringssl/include/openssl/ecdsa.h +206 -0
  614. data/third_party/boringssl/include/openssl/engine.h +98 -0
  615. data/third_party/boringssl/include/openssl/err.h +487 -0
  616. data/third_party/boringssl/include/openssl/evp.h +750 -0
  617. data/third_party/boringssl/include/openssl/ex_data.h +213 -0
  618. data/third_party/boringssl/include/openssl/hkdf.h +44 -0
  619. data/third_party/boringssl/include/openssl/hmac.h +160 -0
  620. data/third_party/boringssl/include/openssl/lhash.h +192 -0
  621. data/third_party/boringssl/include/openssl/lhash_macros.h +132 -0
  622. data/third_party/boringssl/include/openssl/md4.h +102 -0
  623. data/third_party/boringssl/include/openssl/md5.h +107 -0
  624. data/third_party/boringssl/include/openssl/mem.h +140 -0
  625. data/third_party/boringssl/include/openssl/obj.h +198 -0
  626. data/third_party/boringssl/include/openssl/obj_mac.h +4140 -0
  627. data/third_party/boringssl/include/openssl/objects.h +18 -0
  628. data/third_party/boringssl/include/openssl/opensslfeatures.h +60 -0
  629. data/third_party/boringssl/include/openssl/opensslv.h +18 -0
  630. data/third_party/boringssl/include/openssl/ossl_typ.h +18 -0
  631. data/third_party/boringssl/include/openssl/pem.h +521 -0
  632. data/third_party/boringssl/include/openssl/pkcs12.h +18 -0
  633. data/third_party/boringssl/include/openssl/pkcs7.h +16 -0
  634. data/third_party/boringssl/include/openssl/pkcs8.h +220 -0
  635. data/third_party/boringssl/include/openssl/poly1305.h +51 -0
  636. data/third_party/boringssl/include/openssl/pqueue.h +146 -0
  637. data/third_party/boringssl/include/openssl/rand.h +113 -0
  638. data/third_party/boringssl/include/openssl/rc4.h +90 -0
  639. data/third_party/boringssl/include/openssl/rsa.h +637 -0
  640. data/third_party/boringssl/include/openssl/safestack.h +16 -0
  641. data/third_party/boringssl/include/openssl/sha.h +256 -0
  642. data/third_party/boringssl/include/openssl/srtp.h +18 -0
  643. data/third_party/boringssl/include/openssl/ssl.h +4466 -0
  644. data/third_party/boringssl/include/openssl/ssl3.h +441 -0
  645. data/third_party/boringssl/include/openssl/stack.h +298 -0
  646. data/third_party/boringssl/include/openssl/stack_macros.h +4190 -0
  647. data/third_party/boringssl/include/openssl/thread.h +173 -0
  648. data/third_party/boringssl/include/openssl/time_support.h +90 -0
  649. data/third_party/boringssl/include/openssl/tls1.h +653 -0
  650. data/third_party/boringssl/include/openssl/type_check.h +91 -0
  651. data/third_party/boringssl/include/openssl/x509.h +1258 -0
  652. data/third_party/boringssl/include/openssl/x509_vfy.h +611 -0
  653. data/third_party/boringssl/include/openssl/x509v3.h +798 -0
  654. data/third_party/boringssl/ssl/custom_extensions.c +257 -0
  655. data/third_party/boringssl/ssl/d1_both.c +880 -0
  656. data/third_party/boringssl/ssl/d1_clnt.c +566 -0
  657. data/third_party/boringssl/ssl/d1_lib.c +340 -0
  658. data/third_party/boringssl/ssl/d1_meth.c +130 -0
  659. data/third_party/boringssl/ssl/d1_pkt.c +578 -0
  660. data/third_party/boringssl/ssl/d1_srtp.c +234 -0
  661. data/third_party/boringssl/ssl/d1_srvr.c +485 -0
  662. data/third_party/boringssl/ssl/dtls_record.c +308 -0
  663. data/third_party/boringssl/ssl/internal.h +1276 -0
  664. data/third_party/boringssl/ssl/pqueue/pqueue.c +197 -0
  665. data/third_party/boringssl/ssl/s3_both.c +571 -0
  666. data/third_party/boringssl/ssl/s3_clnt.c +2241 -0
  667. data/third_party/boringssl/ssl/s3_enc.c +494 -0
  668. data/third_party/boringssl/ssl/s3_lib.c +587 -0
  669. data/third_party/boringssl/ssl/s3_meth.c +166 -0
  670. data/third_party/boringssl/ssl/s3_pkt.c +732 -0
  671. data/third_party/boringssl/ssl/s3_srvr.c +2536 -0
  672. data/third_party/boringssl/ssl/ssl_aead_ctx.c +300 -0
  673. data/third_party/boringssl/ssl/ssl_asn1.c +718 -0
  674. data/third_party/boringssl/ssl/ssl_buffer.c +319 -0
  675. data/third_party/boringssl/ssl/ssl_cert.c +539 -0
  676. data/third_party/boringssl/ssl/ssl_cipher.c +2003 -0
  677. data/third_party/boringssl/ssl/ssl_file.c +633 -0
  678. data/third_party/boringssl/ssl/ssl_lib.c +2653 -0
  679. data/third_party/boringssl/ssl/ssl_rsa.c +423 -0
  680. data/third_party/boringssl/ssl/ssl_session.c +764 -0
  681. data/third_party/boringssl/ssl/ssl_stat.c +591 -0
  682. data/third_party/boringssl/ssl/t1_enc.c +708 -0
  683. data/third_party/boringssl/ssl/t1_lib.c +2905 -0
  684. data/third_party/boringssl/ssl/test/async_bio.h +45 -0
  685. data/third_party/boringssl/ssl/test/packeted_bio.h +44 -0
  686. data/third_party/boringssl/ssl/test/scoped_types.h +28 -0
  687. data/third_party/boringssl/ssl/test/test_config.h +108 -0
  688. data/third_party/boringssl/ssl/tls_record.c +342 -0
  689. data/third_party/nanopb/pb.h +547 -0
  690. data/third_party/nanopb/pb_common.c +97 -0
  691. data/third_party/nanopb/pb_common.h +42 -0
  692. data/third_party/nanopb/pb_decode.c +1319 -0
  693. data/third_party/nanopb/pb_decode.h +149 -0
  694. data/third_party/nanopb/pb_encode.c +690 -0
  695. data/third_party/nanopb/pb_encode.h +154 -0
  696. data/third_party/zlib/adler32.c +179 -0
  697. data/third_party/zlib/compress.c +80 -0
  698. data/third_party/zlib/crc32.c +425 -0
  699. data/third_party/zlib/crc32.h +441 -0
  700. data/third_party/zlib/deflate.c +1967 -0
  701. data/third_party/zlib/deflate.h +346 -0
  702. data/third_party/zlib/gzclose.c +25 -0
  703. data/third_party/zlib/gzguts.h +209 -0
  704. data/third_party/zlib/gzlib.c +634 -0
  705. data/third_party/zlib/gzread.c +594 -0
  706. data/third_party/zlib/gzwrite.c +577 -0
  707. data/third_party/zlib/infback.c +640 -0
  708. data/third_party/zlib/inffast.c +340 -0
  709. data/third_party/zlib/inffast.h +11 -0
  710. data/third_party/zlib/inffixed.h +94 -0
  711. data/third_party/zlib/inflate.c +1512 -0
  712. data/third_party/zlib/inflate.h +122 -0
  713. data/third_party/zlib/inftrees.c +306 -0
  714. data/third_party/zlib/inftrees.h +62 -0
  715. data/third_party/zlib/trees.c +1226 -0
  716. data/third_party/zlib/trees.h +128 -0
  717. data/third_party/zlib/uncompr.c +59 -0
  718. data/third_party/zlib/zconf.h +511 -0
  719. data/third_party/zlib/zlib.h +1768 -0
  720. data/third_party/zlib/zutil.c +324 -0
  721. data/third_party/zlib/zutil.h +253 -0
  722. metadata +504 -20
  723. data/Rakefile +0 -63
  724. data/src/ruby/pb/grpc/health/v1alpha/health.rb +0 -29
@@ -0,0 +1,148 @@
1
+ /* v3_skey.c */
2
+ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3
+ * project 1999.
4
+ */
5
+ /* ====================================================================
6
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7
+ *
8
+ * Redistribution and use in source and binary forms, with or without
9
+ * modification, are permitted provided that the following conditions
10
+ * are met:
11
+ *
12
+ * 1. Redistributions of source code must retain the above copyright
13
+ * notice, this list of conditions and the following disclaimer.
14
+ *
15
+ * 2. Redistributions in binary form must reproduce the above copyright
16
+ * notice, this list of conditions and the following disclaimer in
17
+ * the documentation and/or other materials provided with the
18
+ * distribution.
19
+ *
20
+ * 3. All advertising materials mentioning features or use of this
21
+ * software must display the following acknowledgment:
22
+ * "This product includes software developed by the OpenSSL Project
23
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24
+ *
25
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26
+ * endorse or promote products derived from this software without
27
+ * prior written permission. For written permission, please contact
28
+ * licensing@OpenSSL.org.
29
+ *
30
+ * 5. Products derived from this software may not be called "OpenSSL"
31
+ * nor may "OpenSSL" appear in their names without prior written
32
+ * permission of the OpenSSL Project.
33
+ *
34
+ * 6. Redistributions of any form whatsoever must retain the following
35
+ * acknowledgment:
36
+ * "This product includes software developed by the OpenSSL Project
37
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38
+ *
39
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
51
+ * ====================================================================
52
+ *
53
+ * This product includes cryptographic software written by Eric Young
54
+ * (eay@cryptsoft.com). This product includes software written by Tim
55
+ * Hudson (tjh@cryptsoft.com). */
56
+
57
+
58
+ #include <stdio.h>
59
+ #include <string.h>
60
+
61
+ #include <openssl/digest.h>
62
+ #include <openssl/err.h>
63
+ #include <openssl/obj.h>
64
+ #include <openssl/x509v3.h>
65
+
66
+
67
+ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
68
+ const X509V3_EXT_METHOD v3_skey_id = {
69
+ NID_subject_key_identifier, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING),
70
+ 0,0,0,0,
71
+ (X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING,
72
+ (X509V3_EXT_S2I)s2i_skey_id,
73
+ 0,0,0,0,
74
+ NULL};
75
+
76
+ char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
77
+ ASN1_OCTET_STRING *oct)
78
+ {
79
+ return hex_to_string(oct->data, oct->length);
80
+ }
81
+
82
+ ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
83
+ X509V3_CTX *ctx, char *str)
84
+ {
85
+ ASN1_OCTET_STRING *oct;
86
+ long length;
87
+
88
+ if(!(oct = M_ASN1_OCTET_STRING_new())) {
89
+ OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
90
+ return NULL;
91
+ }
92
+
93
+ if(!(oct->data = string_to_hex(str, &length))) {
94
+ M_ASN1_OCTET_STRING_free(oct);
95
+ return NULL;
96
+ }
97
+
98
+ oct->length = length;
99
+
100
+ return oct;
101
+
102
+ }
103
+
104
+ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
105
+ X509V3_CTX *ctx, char *str)
106
+ {
107
+ ASN1_OCTET_STRING *oct;
108
+ ASN1_BIT_STRING *pk;
109
+ unsigned char pkey_dig[EVP_MAX_MD_SIZE];
110
+ unsigned int diglen;
111
+
112
+ if(strcmp(str, "hash")) return s2i_ASN1_OCTET_STRING(method, ctx, str);
113
+
114
+ if(!(oct = M_ASN1_OCTET_STRING_new())) {
115
+ OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
116
+ return NULL;
117
+ }
118
+
119
+ if(ctx && (ctx->flags == CTX_TEST)) return oct;
120
+
121
+ if(!ctx || (!ctx->subject_req && !ctx->subject_cert)) {
122
+ OPENSSL_PUT_ERROR(X509V3, X509V3_R_NO_PUBLIC_KEY);
123
+ goto err;
124
+ }
125
+
126
+ if(ctx->subject_req)
127
+ pk = ctx->subject_req->req_info->pubkey->public_key;
128
+ else pk = ctx->subject_cert->cert_info->key->public_key;
129
+
130
+ if(!pk) {
131
+ OPENSSL_PUT_ERROR(X509V3, X509V3_R_NO_PUBLIC_KEY);
132
+ goto err;
133
+ }
134
+
135
+ if (!EVP_Digest(pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL))
136
+ goto err;
137
+
138
+ if(!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {
139
+ OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
140
+ goto err;
141
+ }
142
+
143
+ return oct;
144
+
145
+ err:
146
+ M_ASN1_OCTET_STRING_free(oct);
147
+ return NULL;
148
+ }
@@ -0,0 +1,266 @@
1
+ /* v3_sxnet.c */
2
+ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3
+ * project 1999.
4
+ */
5
+ /* ====================================================================
6
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7
+ *
8
+ * Redistribution and use in source and binary forms, with or without
9
+ * modification, are permitted provided that the following conditions
10
+ * are met:
11
+ *
12
+ * 1. Redistributions of source code must retain the above copyright
13
+ * notice, this list of conditions and the following disclaimer.
14
+ *
15
+ * 2. Redistributions in binary form must reproduce the above copyright
16
+ * notice, this list of conditions and the following disclaimer in
17
+ * the documentation and/or other materials provided with the
18
+ * distribution.
19
+ *
20
+ * 3. All advertising materials mentioning features or use of this
21
+ * software must display the following acknowledgment:
22
+ * "This product includes software developed by the OpenSSL Project
23
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24
+ *
25
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26
+ * endorse or promote products derived from this software without
27
+ * prior written permission. For written permission, please contact
28
+ * licensing@OpenSSL.org.
29
+ *
30
+ * 5. Products derived from this software may not be called "OpenSSL"
31
+ * nor may "OpenSSL" appear in their names without prior written
32
+ * permission of the OpenSSL Project.
33
+ *
34
+ * 6. Redistributions of any form whatsoever must retain the following
35
+ * acknowledgment:
36
+ * "This product includes software developed by the OpenSSL Project
37
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38
+ *
39
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
51
+ * ====================================================================
52
+ *
53
+ * This product includes cryptographic software written by Eric Young
54
+ * (eay@cryptsoft.com). This product includes software written by Tim
55
+ * Hudson (tjh@cryptsoft.com).
56
+ *
57
+ */
58
+
59
+ #include <stdio.h>
60
+ #include <string.h>
61
+
62
+ #include <openssl/asn1.h>
63
+ #include <openssl/asn1t.h>
64
+ #include <openssl/conf.h>
65
+ #include <openssl/err.h>
66
+ #include <openssl/mem.h>
67
+ #include <openssl/obj.h>
68
+ #include <openssl/x509v3.h>
69
+
70
+
71
+ /* Support for Thawte strong extranet extension */
72
+
73
+ #define SXNET_TEST
74
+
75
+ static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, int indent);
76
+ #ifdef SXNET_TEST
77
+ static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
78
+ STACK_OF(CONF_VALUE) *nval);
79
+ #endif
80
+ const X509V3_EXT_METHOD v3_sxnet = {
81
+ NID_sxnet, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(SXNET),
82
+ 0,0,0,0,
83
+ 0,0,
84
+ 0,
85
+ #ifdef SXNET_TEST
86
+ (X509V3_EXT_V2I)sxnet_v2i,
87
+ #else
88
+ 0,
89
+ #endif
90
+ (X509V3_EXT_I2R)sxnet_i2r,
91
+ 0,
92
+ NULL
93
+ };
94
+
95
+ ASN1_SEQUENCE(SXNETID) = {
96
+ ASN1_SIMPLE(SXNETID, zone, ASN1_INTEGER),
97
+ ASN1_SIMPLE(SXNETID, user, ASN1_OCTET_STRING)
98
+ } ASN1_SEQUENCE_END(SXNETID)
99
+
100
+ IMPLEMENT_ASN1_FUNCTIONS(SXNETID)
101
+
102
+ ASN1_SEQUENCE(SXNET) = {
103
+ ASN1_SIMPLE(SXNET, version, ASN1_INTEGER),
104
+ ASN1_SEQUENCE_OF(SXNET, ids, SXNETID)
105
+ } ASN1_SEQUENCE_END(SXNET)
106
+
107
+ IMPLEMENT_ASN1_FUNCTIONS(SXNET)
108
+
109
+ static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
110
+ int indent)
111
+ {
112
+ long v;
113
+ char *tmp;
114
+ SXNETID *id;
115
+ size_t i;
116
+ v = ASN1_INTEGER_get(sx->version);
117
+ BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", v + 1, v);
118
+ for(i = 0; i < sk_SXNETID_num(sx->ids); i++) {
119
+ id = sk_SXNETID_value(sx->ids, i);
120
+ tmp = i2s_ASN1_INTEGER(NULL, id->zone);
121
+ BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp);
122
+ OPENSSL_free(tmp);
123
+ M_ASN1_OCTET_STRING_print(out, id->user);
124
+ }
125
+ return 1;
126
+ }
127
+
128
+ #ifdef SXNET_TEST
129
+
130
+ /* NBB: this is used for testing only. It should *not* be used for anything
131
+ * else because it will just take static IDs from the configuration file and
132
+ * they should really be separate values for each user.
133
+ */
134
+
135
+
136
+ static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
137
+ STACK_OF(CONF_VALUE) *nval)
138
+ {
139
+ CONF_VALUE *cnf;
140
+ SXNET *sx = NULL;
141
+ size_t i;
142
+ for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
143
+ cnf = sk_CONF_VALUE_value(nval, i);
144
+ if(!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1))
145
+ return NULL;
146
+ }
147
+ return sx;
148
+ }
149
+
150
+
151
+ #endif
152
+
153
+ /* Strong Extranet utility functions */
154
+
155
+ /* Add an id given the zone as an ASCII number */
156
+
157
+ int SXNET_add_id_asc(SXNET **psx, char *zone, char *user,
158
+ int userlen)
159
+ {
160
+ ASN1_INTEGER *izone = NULL;
161
+ if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
162
+ OPENSSL_PUT_ERROR(X509V3, X509V3_R_ERROR_CONVERTING_ZONE);
163
+ return 0;
164
+ }
165
+ return SXNET_add_id_INTEGER(psx, izone, user, userlen);
166
+ }
167
+
168
+ /* Add an id given the zone as an unsigned long */
169
+
170
+ int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user,
171
+ int userlen)
172
+ {
173
+ ASN1_INTEGER *izone = NULL;
174
+ if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
175
+ OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
176
+ M_ASN1_INTEGER_free(izone);
177
+ return 0;
178
+ }
179
+ return SXNET_add_id_INTEGER(psx, izone, user, userlen);
180
+
181
+ }
182
+
183
+ /* Add an id given the zone as an ASN1_INTEGER.
184
+ * Note this version uses the passed integer and doesn't make a copy so don't
185
+ * free it up afterwards.
186
+ */
187
+
188
+ int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user,
189
+ int userlen)
190
+ {
191
+ SXNET *sx = NULL;
192
+ SXNETID *id = NULL;
193
+ if(!psx || !zone || !user) {
194
+ OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_NULL_ARGUMENT);
195
+ return 0;
196
+ }
197
+ if(userlen == -1) userlen = strlen(user);
198
+ if(userlen > 64) {
199
+ OPENSSL_PUT_ERROR(X509V3, X509V3_R_USER_TOO_LONG);
200
+ return 0;
201
+ }
202
+ if(!*psx) {
203
+ if(!(sx = SXNET_new())) goto err;
204
+ if(!ASN1_INTEGER_set(sx->version, 0)) goto err;
205
+ *psx = sx;
206
+ } else sx = *psx;
207
+ if(SXNET_get_id_INTEGER(sx, zone)) {
208
+ OPENSSL_PUT_ERROR(X509V3, X509V3_R_DUPLICATE_ZONE_ID);
209
+ return 0;
210
+ }
211
+
212
+ if(!(id = SXNETID_new())) goto err;
213
+ if(userlen == -1) userlen = strlen(user);
214
+
215
+ if(!M_ASN1_OCTET_STRING_set(id->user, user, userlen)) goto err;
216
+ if(!sk_SXNETID_push(sx->ids, id)) goto err;
217
+ id->zone = zone;
218
+ return 1;
219
+
220
+ err:
221
+ OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
222
+ SXNETID_free(id);
223
+ SXNET_free(sx);
224
+ *psx = NULL;
225
+ return 0;
226
+ }
227
+
228
+ ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone)
229
+ {
230
+ ASN1_INTEGER *izone = NULL;
231
+ ASN1_OCTET_STRING *oct;
232
+ if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
233
+ OPENSSL_PUT_ERROR(X509V3, X509V3_R_ERROR_CONVERTING_ZONE);
234
+ return NULL;
235
+ }
236
+ oct = SXNET_get_id_INTEGER(sx, izone);
237
+ M_ASN1_INTEGER_free(izone);
238
+ return oct;
239
+ }
240
+
241
+ ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone)
242
+ {
243
+ ASN1_INTEGER *izone = NULL;
244
+ ASN1_OCTET_STRING *oct;
245
+ if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
246
+ OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
247
+ M_ASN1_INTEGER_free(izone);
248
+ return NULL;
249
+ }
250
+ oct = SXNET_get_id_INTEGER(sx, izone);
251
+ M_ASN1_INTEGER_free(izone);
252
+ return oct;
253
+ }
254
+
255
+ ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone)
256
+ {
257
+ SXNETID *id;
258
+ size_t i;
259
+ for(i = 0; i < sk_SXNETID_num(sx->ids); i++) {
260
+ id = sk_SXNETID_value(sx->ids, i);
261
+ if(!M_ASN1_INTEGER_cmp(id->zone, zone)) return id->user;
262
+ }
263
+ return NULL;
264
+ }
265
+
266
+ IMPLEMENT_ASN1_SET_OF(SXNETID)
@@ -0,0 +1,1322 @@
1
+ /* v3_utl.c */
2
+ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3
+ * project.
4
+ */
5
+ /* ====================================================================
6
+ * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved.
7
+ *
8
+ * Redistribution and use in source and binary forms, with or without
9
+ * modification, are permitted provided that the following conditions
10
+ * are met:
11
+ *
12
+ * 1. Redistributions of source code must retain the above copyright
13
+ * notice, this list of conditions and the following disclaimer.
14
+ *
15
+ * 2. Redistributions in binary form must reproduce the above copyright
16
+ * notice, this list of conditions and the following disclaimer in
17
+ * the documentation and/or other materials provided with the
18
+ * distribution.
19
+ *
20
+ * 3. All advertising materials mentioning features or use of this
21
+ * software must display the following acknowledgment:
22
+ * "This product includes software developed by the OpenSSL Project
23
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24
+ *
25
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26
+ * endorse or promote products derived from this software without
27
+ * prior written permission. For written permission, please contact
28
+ * licensing@OpenSSL.org.
29
+ *
30
+ * 5. Products derived from this software may not be called "OpenSSL"
31
+ * nor may "OpenSSL" appear in their names without prior written
32
+ * permission of the OpenSSL Project.
33
+ *
34
+ * 6. Redistributions of any form whatsoever must retain the following
35
+ * acknowledgment:
36
+ * "This product includes software developed by the OpenSSL Project
37
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38
+ *
39
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
51
+ * ====================================================================
52
+ *
53
+ * This product includes cryptographic software written by Eric Young
54
+ * (eay@cryptsoft.com). This product includes software written by Tim
55
+ * Hudson (tjh@cryptsoft.com).
56
+ *
57
+ */
58
+ /* X509 v3 extension utilities */
59
+
60
+
61
+ #include <ctype.h>
62
+ #include <stdio.h>
63
+ #include <string.h>
64
+
65
+ #include <openssl/bn.h>
66
+ #include <openssl/buf.h>
67
+ #include <openssl/conf.h>
68
+ #include <openssl/err.h>
69
+ #include <openssl/mem.h>
70
+ #include <openssl/obj.h>
71
+ #include <openssl/x509v3.h>
72
+
73
+ #include "../conf/internal.h"
74
+
75
+
76
+ static char *strip_spaces(char *name);
77
+ static int sk_strcmp(const OPENSSL_STRING *a, const OPENSSL_STRING *b);
78
+ static STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name, GENERAL_NAMES *gens);
79
+ static void str_free(OPENSSL_STRING str);
80
+ static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email);
81
+
82
+ static int ipv4_from_asc(unsigned char *v4, const char *in);
83
+ static int ipv6_from_asc(unsigned char *v6, const char *in);
84
+ static int ipv6_cb(const char *elem, int len, void *usr);
85
+ static int ipv6_hex(unsigned char *out, const char *in, int inlen);
86
+
87
+ /* Add a CONF_VALUE name value pair to stack */
88
+
89
+ int X509V3_add_value(const char *name, const char *value,
90
+ STACK_OF(CONF_VALUE) **extlist)
91
+ {
92
+ CONF_VALUE *vtmp = NULL;
93
+ char *tname = NULL, *tvalue = NULL;
94
+ if(name && !(tname = BUF_strdup(name))) goto err;
95
+ if(value && !(tvalue = BUF_strdup(value))) goto err;
96
+ if(!(vtmp = CONF_VALUE_new())) goto err;
97
+ if(!*extlist && !(*extlist = sk_CONF_VALUE_new_null())) goto err;
98
+ vtmp->section = NULL;
99
+ vtmp->name = tname;
100
+ vtmp->value = tvalue;
101
+ if(!sk_CONF_VALUE_push(*extlist, vtmp)) goto err;
102
+ return 1;
103
+ err:
104
+ OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
105
+ if(vtmp) OPENSSL_free(vtmp);
106
+ if(tname) OPENSSL_free(tname);
107
+ if(tvalue) OPENSSL_free(tvalue);
108
+ return 0;
109
+ }
110
+
111
+ int X509V3_add_value_uchar(const char *name, const unsigned char *value,
112
+ STACK_OF(CONF_VALUE) **extlist)
113
+ {
114
+ return X509V3_add_value(name,(const char *)value,extlist);
115
+ }
116
+
117
+ /* Free function for STACK_OF(CONF_VALUE) */
118
+
119
+ void X509V3_conf_free(CONF_VALUE *conf)
120
+ {
121
+ if(!conf) return;
122
+ if(conf->name) OPENSSL_free(conf->name);
123
+ if(conf->value) OPENSSL_free(conf->value);
124
+ if(conf->section) OPENSSL_free(conf->section);
125
+ OPENSSL_free(conf);
126
+ }
127
+
128
+ int X509V3_add_value_bool(const char *name, int asn1_bool,
129
+ STACK_OF(CONF_VALUE) **extlist)
130
+ {
131
+ if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist);
132
+ return X509V3_add_value(name, "FALSE", extlist);
133
+ }
134
+
135
+ int X509V3_add_value_bool_nf(char *name, int asn1_bool,
136
+ STACK_OF(CONF_VALUE) **extlist)
137
+ {
138
+ if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist);
139
+ return 1;
140
+ }
141
+
142
+
143
+ char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *a)
144
+ {
145
+ BIGNUM *bntmp = NULL;
146
+ char *strtmp = NULL;
147
+ if(!a) return NULL;
148
+ if(!(bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) ||
149
+ !(strtmp = BN_bn2dec(bntmp)) )
150
+ OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
151
+ BN_free(bntmp);
152
+ return strtmp;
153
+ }
154
+
155
+ char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, ASN1_INTEGER *a)
156
+ {
157
+ BIGNUM *bntmp = NULL;
158
+ char *strtmp = NULL;
159
+ if(!a) return NULL;
160
+ if(!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) ||
161
+ !(strtmp = BN_bn2dec(bntmp)) )
162
+ OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
163
+ BN_free(bntmp);
164
+ return strtmp;
165
+ }
166
+
167
+ ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value)
168
+ {
169
+ BIGNUM *bn = NULL;
170
+ ASN1_INTEGER *aint;
171
+ int isneg, ishex;
172
+ int ret;
173
+ if (!value) {
174
+ OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_NULL_VALUE);
175
+ return 0;
176
+ }
177
+ bn = BN_new();
178
+ if (value[0] == '-') {
179
+ value++;
180
+ isneg = 1;
181
+ } else isneg = 0;
182
+
183
+ if (value[0] == '0' && ((value[1] == 'x') || (value[1] == 'X'))) {
184
+ value += 2;
185
+ ishex = 1;
186
+ } else ishex = 0;
187
+
188
+ if (ishex) ret = BN_hex2bn(&bn, value);
189
+ else ret = BN_dec2bn(&bn, value);
190
+
191
+ if (!ret || value[ret]) {
192
+ BN_free(bn);
193
+ OPENSSL_PUT_ERROR(X509V3, X509V3_R_BN_DEC2BN_ERROR);
194
+ return 0;
195
+ }
196
+
197
+ if (isneg && BN_is_zero(bn)) isneg = 0;
198
+
199
+ aint = BN_to_ASN1_INTEGER(bn, NULL);
200
+ BN_free(bn);
201
+ if (!aint) {
202
+ OPENSSL_PUT_ERROR(X509V3, X509V3_R_BN_TO_ASN1_INTEGER_ERROR);
203
+ return 0;
204
+ }
205
+ if (isneg) aint->type |= V_ASN1_NEG;
206
+ return aint;
207
+ }
208
+
209
+ int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
210
+ STACK_OF(CONF_VALUE) **extlist)
211
+ {
212
+ char *strtmp;
213
+ int ret;
214
+ if(!aint) return 1;
215
+ if(!(strtmp = i2s_ASN1_INTEGER(NULL, aint))) return 0;
216
+ ret = X509V3_add_value(name, strtmp, extlist);
217
+ OPENSSL_free(strtmp);
218
+ return ret;
219
+ }
220
+
221
+ int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool)
222
+ {
223
+ char *btmp;
224
+ if(!(btmp = value->value)) goto err;
225
+ if(!strcmp(btmp, "TRUE") || !strcmp(btmp, "true")
226
+ || !strcmp(btmp, "Y") || !strcmp(btmp, "y")
227
+ || !strcmp(btmp, "YES") || !strcmp(btmp, "yes")) {
228
+ *asn1_bool = 0xff;
229
+ return 1;
230
+ } else if(!strcmp(btmp, "FALSE") || !strcmp(btmp, "false")
231
+ || !strcmp(btmp, "N") || !strcmp(btmp, "n")
232
+ || !strcmp(btmp, "NO") || !strcmp(btmp, "no")) {
233
+ *asn1_bool = 0;
234
+ return 1;
235
+ }
236
+ err:
237
+ OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_BOOLEAN_STRING);
238
+ X509V3_conf_err(value);
239
+ return 0;
240
+ }
241
+
242
+ int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint)
243
+ {
244
+ ASN1_INTEGER *itmp;
245
+ if(!(itmp = s2i_ASN1_INTEGER(NULL, value->value))) {
246
+ X509V3_conf_err(value);
247
+ return 0;
248
+ }
249
+ *aint = itmp;
250
+ return 1;
251
+ }
252
+
253
+ #define HDR_NAME 1
254
+ #define HDR_VALUE 2
255
+
256
+ /*#define DEBUG*/
257
+
258
+ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line)
259
+ {
260
+ char *p, *q, c;
261
+ char *ntmp, *vtmp;
262
+ STACK_OF(CONF_VALUE) *values = NULL;
263
+ char *linebuf;
264
+ int state;
265
+ /* We are going to modify the line so copy it first */
266
+ linebuf = BUF_strdup(line);
267
+ if (linebuf == NULL)
268
+ {
269
+ OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
270
+ goto err;
271
+ }
272
+ state = HDR_NAME;
273
+ ntmp = NULL;
274
+ /* Go through all characters */
275
+ for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) {
276
+
277
+ switch(state) {
278
+ case HDR_NAME:
279
+ if(c == ':') {
280
+ state = HDR_VALUE;
281
+ *p = 0;
282
+ ntmp = strip_spaces(q);
283
+ if(!ntmp) {
284
+ OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_NULL_NAME);
285
+ goto err;
286
+ }
287
+ q = p + 1;
288
+ } else if(c == ',') {
289
+ *p = 0;
290
+ ntmp = strip_spaces(q);
291
+ q = p + 1;
292
+ #if 0
293
+ printf("%s\n", ntmp);
294
+ #endif
295
+ if(!ntmp) {
296
+ OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_NULL_NAME);
297
+ goto err;
298
+ }
299
+ X509V3_add_value(ntmp, NULL, &values);
300
+ }
301
+ break ;
302
+
303
+ case HDR_VALUE:
304
+ if(c == ',') {
305
+ state = HDR_NAME;
306
+ *p = 0;
307
+ vtmp = strip_spaces(q);
308
+ #if 0
309
+ printf("%s\n", ntmp);
310
+ #endif
311
+ if(!vtmp) {
312
+ OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_NULL_VALUE);
313
+ goto err;
314
+ }
315
+ X509V3_add_value(ntmp, vtmp, &values);
316
+ ntmp = NULL;
317
+ q = p + 1;
318
+ }
319
+
320
+ }
321
+ }
322
+
323
+ if(state == HDR_VALUE) {
324
+ vtmp = strip_spaces(q);
325
+ #if 0
326
+ printf("%s=%s\n", ntmp, vtmp);
327
+ #endif
328
+ if(!vtmp) {
329
+ OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_NULL_VALUE);
330
+ goto err;
331
+ }
332
+ X509V3_add_value(ntmp, vtmp, &values);
333
+ } else {
334
+ ntmp = strip_spaces(q);
335
+ #if 0
336
+ printf("%s\n", ntmp);
337
+ #endif
338
+ if(!ntmp) {
339
+ OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_NULL_NAME);
340
+ goto err;
341
+ }
342
+ X509V3_add_value(ntmp, NULL, &values);
343
+ }
344
+ OPENSSL_free(linebuf);
345
+ return values;
346
+
347
+ err:
348
+ OPENSSL_free(linebuf);
349
+ sk_CONF_VALUE_pop_free(values, X509V3_conf_free);
350
+ return NULL;
351
+
352
+ }
353
+
354
+ /* Delete leading and trailing spaces from a string */
355
+ static char *strip_spaces(char *name)
356
+ {
357
+ char *p, *q;
358
+ /* Skip over leading spaces */
359
+ p = name;
360
+ while(*p && isspace((unsigned char)*p)) p++;
361
+ if(!*p) return NULL;
362
+ q = p + strlen(p) - 1;
363
+ while((q != p) && isspace((unsigned char)*q)) q--;
364
+ if(p != q) q[1] = 0;
365
+ if(!*p) return NULL;
366
+ return p;
367
+ }
368
+
369
+ /* hex string utilities */
370
+
371
+ /* Given a buffer of length 'len' return a OPENSSL_malloc'ed string with its
372
+ * hex representation
373
+ * @@@ (Contents of buffer are always kept in ASCII, also on EBCDIC machines)
374
+ */
375
+
376
+ char *hex_to_string(const unsigned char *buffer, long len)
377
+ {
378
+ char *tmp, *q;
379
+ const unsigned char *p;
380
+ int i;
381
+ static const char hexdig[] = "0123456789ABCDEF";
382
+ if(!buffer || !len) return NULL;
383
+ if(!(tmp = OPENSSL_malloc(len * 3 + 1))) {
384
+ OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
385
+ return NULL;
386
+ }
387
+ q = tmp;
388
+ for(i = 0, p = buffer; i < len; i++,p++) {
389
+ *q++ = hexdig[(*p >> 4) & 0xf];
390
+ *q++ = hexdig[*p & 0xf];
391
+ *q++ = ':';
392
+ }
393
+ q[-1] = 0;
394
+
395
+ return tmp;
396
+ }
397
+
398
+ /* Give a string of hex digits convert to
399
+ * a buffer
400
+ */
401
+
402
+ unsigned char *string_to_hex(const char *str, long *len)
403
+ {
404
+ unsigned char *hexbuf, *q;
405
+ unsigned char ch, cl, *p;
406
+ if(!str) {
407
+ OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_NULL_ARGUMENT);
408
+ return NULL;
409
+ }
410
+ if(!(hexbuf = OPENSSL_malloc(strlen(str) >> 1))) goto err;
411
+ for(p = (unsigned char *)str, q = hexbuf; *p;) {
412
+ ch = *p++;
413
+ if(ch == ':') continue;
414
+ cl = *p++;
415
+ if(!cl) {
416
+ OPENSSL_PUT_ERROR(X509V3, X509V3_R_ODD_NUMBER_OF_DIGITS);
417
+ OPENSSL_free(hexbuf);
418
+ return NULL;
419
+ }
420
+ if(isupper(ch)) ch = tolower(ch);
421
+ if(isupper(cl)) cl = tolower(cl);
422
+
423
+ if((ch >= '0') && (ch <= '9')) ch -= '0';
424
+ else if ((ch >= 'a') && (ch <= 'f')) ch -= 'a' - 10;
425
+ else goto badhex;
426
+
427
+ if((cl >= '0') && (cl <= '9')) cl -= '0';
428
+ else if ((cl >= 'a') && (cl <= 'f')) cl -= 'a' - 10;
429
+ else goto badhex;
430
+
431
+ *q++ = (ch << 4) | cl;
432
+ }
433
+
434
+ if(len) *len = q - hexbuf;
435
+
436
+ return hexbuf;
437
+
438
+ err:
439
+ if(hexbuf) OPENSSL_free(hexbuf);
440
+ OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
441
+ return NULL;
442
+
443
+ badhex:
444
+ OPENSSL_free(hexbuf);
445
+ OPENSSL_PUT_ERROR(X509V3, X509V3_R_ILLEGAL_HEX_DIGIT);
446
+ return NULL;
447
+
448
+ }
449
+
450
+ /* V2I name comparison function: returns zero if 'name' matches
451
+ * cmp or cmp.*
452
+ */
453
+
454
+ int name_cmp(const char *name, const char *cmp)
455
+ {
456
+ int len, ret;
457
+ char c;
458
+ len = strlen(cmp);
459
+ if((ret = strncmp(name, cmp, len))) return ret;
460
+ c = name[len];
461
+ if(!c || (c=='.')) return 0;
462
+ return 1;
463
+ }
464
+
465
+ static int sk_strcmp(const OPENSSL_STRING *a, const OPENSSL_STRING *b)
466
+ {
467
+ return strcmp(*a, *b);
468
+ }
469
+
470
+ STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x)
471
+ {
472
+ GENERAL_NAMES *gens;
473
+ STACK_OF(OPENSSL_STRING) *ret;
474
+
475
+ gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
476
+ ret = get_email(X509_get_subject_name(x), gens);
477
+ sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
478
+ return ret;
479
+ }
480
+
481
+ STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x)
482
+ {
483
+ AUTHORITY_INFO_ACCESS *info;
484
+ STACK_OF(OPENSSL_STRING) *ret = NULL;
485
+ size_t i;
486
+
487
+ info = X509_get_ext_d2i(x, NID_info_access, NULL, NULL);
488
+ if (!info)
489
+ return NULL;
490
+ for (i = 0; i < sk_ACCESS_DESCRIPTION_num(info); i++)
491
+ {
492
+ ACCESS_DESCRIPTION *ad = sk_ACCESS_DESCRIPTION_value(info, i);
493
+ if (OBJ_obj2nid(ad->method) == NID_ad_OCSP)
494
+ {
495
+ if (ad->location->type == GEN_URI)
496
+ {
497
+ if (!append_ia5(&ret, ad->location->d.uniformResourceIdentifier))
498
+ break;
499
+ }
500
+ }
501
+ }
502
+ AUTHORITY_INFO_ACCESS_free(info);
503
+ return ret;
504
+ }
505
+
506
+ STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x)
507
+ {
508
+ GENERAL_NAMES *gens;
509
+ STACK_OF(X509_EXTENSION) *exts;
510
+ STACK_OF(OPENSSL_STRING) *ret;
511
+
512
+ exts = X509_REQ_get_extensions(x);
513
+ gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL);
514
+ ret = get_email(X509_REQ_get_subject_name(x), gens);
515
+ sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
516
+ sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
517
+ return ret;
518
+ }
519
+
520
+
521
+ static STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name, GENERAL_NAMES *gens)
522
+ {
523
+ STACK_OF(OPENSSL_STRING) *ret = NULL;
524
+ X509_NAME_ENTRY *ne;
525
+ ASN1_IA5STRING *email;
526
+ GENERAL_NAME *gen;
527
+ int i;
528
+ size_t j;
529
+ /* Now add any email address(es) to STACK */
530
+ i = -1;
531
+ /* First supplied X509_NAME */
532
+ while((i = X509_NAME_get_index_by_NID(name,
533
+ NID_pkcs9_emailAddress, i)) >= 0) {
534
+ ne = X509_NAME_get_entry(name, i);
535
+ email = X509_NAME_ENTRY_get_data(ne);
536
+ if(!append_ia5(&ret, email)) return NULL;
537
+ }
538
+ for(j = 0; j < sk_GENERAL_NAME_num(gens); j++)
539
+ {
540
+ gen = sk_GENERAL_NAME_value(gens, j);
541
+ if(gen->type != GEN_EMAIL) continue;
542
+ if(!append_ia5(&ret, gen->d.ia5)) return NULL;
543
+ }
544
+ return ret;
545
+ }
546
+
547
+ static void str_free(OPENSSL_STRING str)
548
+ {
549
+ OPENSSL_free(str);
550
+ }
551
+
552
+ static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email)
553
+ {
554
+ char *emtmp;
555
+ /* First some sanity checks */
556
+ if(email->type != V_ASN1_IA5STRING) return 1;
557
+ if(!email->data || !email->length) return 1;
558
+ if(!*sk) *sk = sk_OPENSSL_STRING_new(sk_strcmp);
559
+ if(!*sk) return 0;
560
+ /* Don't add duplicates */
561
+ if(sk_OPENSSL_STRING_find(*sk, NULL, (char *)email->data)) return 1;
562
+ emtmp = BUF_strdup((char *)email->data);
563
+ if(!emtmp || !sk_OPENSSL_STRING_push(*sk, emtmp)) {
564
+ X509_email_free(*sk);
565
+ *sk = NULL;
566
+ return 0;
567
+ }
568
+ return 1;
569
+ }
570
+
571
+ void X509_email_free(STACK_OF(OPENSSL_STRING) *sk)
572
+ {
573
+ sk_OPENSSL_STRING_pop_free(sk, str_free);
574
+ }
575
+
576
+ typedef int (*equal_fn)(const unsigned char *pattern, size_t pattern_len,
577
+ const unsigned char *subject, size_t subject_len,
578
+ unsigned int flags);
579
+
580
+ /* Skip pattern prefix to match "wildcard" subject */
581
+ static void skip_prefix(const unsigned char **p, size_t *plen,
582
+ const unsigned char *subject, size_t subject_len,
583
+ unsigned int flags)
584
+ {
585
+ const unsigned char *pattern = *p;
586
+ size_t pattern_len = *plen;
587
+
588
+ /*
589
+ * If subject starts with a leading '.' followed by more octets, and
590
+ * pattern is longer, compare just an equal-length suffix with the
591
+ * full subject (starting at the '.'), provided the prefix contains
592
+ * no NULs.
593
+ */
594
+ if ((flags & _X509_CHECK_FLAG_DOT_SUBDOMAINS) == 0)
595
+ return;
596
+
597
+ while (pattern_len > subject_len && *pattern)
598
+ {
599
+ if ((flags & X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS) &&
600
+ *pattern == '.')
601
+ break;
602
+ ++pattern;
603
+ --pattern_len;
604
+ }
605
+
606
+ /* Skip if entire prefix acceptable */
607
+ if (pattern_len == subject_len)
608
+ {
609
+ *p = pattern;
610
+ *plen = pattern_len;
611
+ }
612
+ }
613
+
614
+ /* Compare while ASCII ignoring case. */
615
+ static int equal_nocase(const unsigned char *pattern, size_t pattern_len,
616
+ const unsigned char *subject, size_t subject_len,
617
+ unsigned int flags)
618
+ {
619
+ skip_prefix(&pattern, &pattern_len, subject, subject_len, flags);
620
+ if (pattern_len != subject_len)
621
+ return 0;
622
+ while (pattern_len)
623
+ {
624
+ unsigned char l = *pattern;
625
+ unsigned char r = *subject;
626
+ /* The pattern must not contain NUL characters. */
627
+ if (l == 0)
628
+ return 0;
629
+ if (l != r)
630
+ {
631
+ if ('A' <= l && l <= 'Z')
632
+ l = (l - 'A') + 'a';
633
+ if ('A' <= r && r <= 'Z')
634
+ r = (r - 'A') + 'a';
635
+ if (l != r)
636
+ return 0;
637
+ }
638
+ ++pattern;
639
+ ++subject;
640
+ --pattern_len;
641
+ }
642
+ return 1;
643
+ }
644
+
645
+ /* Compare using memcmp. */
646
+ static int equal_case(const unsigned char *pattern, size_t pattern_len,
647
+ const unsigned char *subject, size_t subject_len,
648
+ unsigned int flags)
649
+ {
650
+ skip_prefix(&pattern, &pattern_len, subject, subject_len, flags);
651
+ if (pattern_len != subject_len)
652
+ return 0;
653
+ return !memcmp(pattern, subject, pattern_len);
654
+ }
655
+
656
+ /* RFC 5280, section 7.5, requires that only the domain is compared in
657
+ a case-insensitive manner. */
658
+ static int equal_email(const unsigned char *a, size_t a_len,
659
+ const unsigned char *b, size_t b_len,
660
+ unsigned int unused_flags)
661
+ {
662
+ size_t i = a_len;
663
+ if (a_len != b_len)
664
+ return 0;
665
+ /* We search backwards for the '@' character, so that we do
666
+ not have to deal with quoted local-parts. The domain part
667
+ is compared in a case-insensitive manner. */
668
+ while (i > 0)
669
+ {
670
+ --i;
671
+ if (a[i] == '@' || b[i] == '@')
672
+ {
673
+ if (!equal_nocase(a + i, a_len - i,
674
+ b + i, a_len - i, 0))
675
+ return 0;
676
+ break;
677
+ }
678
+ }
679
+ if (i == 0)
680
+ i = a_len;
681
+ return equal_case(a, i, b, i, 0);
682
+ }
683
+
684
+ /* Compare the prefix and suffix with the subject, and check that the
685
+ characters in-between are valid. */
686
+ static int wildcard_match(const unsigned char *prefix, size_t prefix_len,
687
+ const unsigned char *suffix, size_t suffix_len,
688
+ const unsigned char *subject, size_t subject_len,
689
+ unsigned int flags)
690
+ {
691
+ const unsigned char *wildcard_start;
692
+ const unsigned char *wildcard_end;
693
+ const unsigned char *p;
694
+ int allow_multi = 0;
695
+ int allow_idna = 0;
696
+
697
+ if (subject_len < prefix_len + suffix_len)
698
+ return 0;
699
+ if (!equal_nocase(prefix, prefix_len, subject, prefix_len, flags))
700
+ return 0;
701
+ wildcard_start = subject + prefix_len;
702
+ wildcard_end = subject + (subject_len - suffix_len);
703
+ if (!equal_nocase(wildcard_end, suffix_len, suffix, suffix_len, flags))
704
+ return 0;
705
+ /*
706
+ * If the wildcard makes up the entire first label, it must match at
707
+ * least one character.
708
+ */
709
+ if (prefix_len == 0 && *suffix == '.')
710
+ {
711
+ if (wildcard_start == wildcard_end)
712
+ return 0;
713
+ allow_idna = 1;
714
+ if (flags & X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS)
715
+ allow_multi = 1;
716
+ }
717
+ /* IDNA labels cannot match partial wildcards */
718
+ if (!allow_idna &&
719
+ subject_len >= 4 && OPENSSL_strncasecmp((char *)subject, "xn--", 4) == 0)
720
+ return 0;
721
+ /* The wildcard may match a literal '*' */
722
+ if (wildcard_end == wildcard_start + 1 && *wildcard_start == '*')
723
+ return 1;
724
+ /*
725
+ * Check that the part matched by the wildcard contains only
726
+ * permitted characters and only matches a single label unless
727
+ * allow_multi is set.
728
+ */
729
+ for (p = wildcard_start; p != wildcard_end; ++p)
730
+ if (!(('0' <= *p && *p <= '9') ||
731
+ ('A' <= *p && *p <= 'Z') ||
732
+ ('a' <= *p && *p <= 'z') ||
733
+ *p == '-' || (allow_multi && *p == '.')))
734
+ return 0;
735
+ return 1;
736
+ }
737
+
738
+ #define LABEL_START (1 << 0)
739
+ #define LABEL_END (1 << 1)
740
+ #define LABEL_HYPHEN (1 << 2)
741
+ #define LABEL_IDNA (1 << 3)
742
+
743
+ static const unsigned char *valid_star(const unsigned char *p, size_t len,
744
+ unsigned int flags)
745
+ {
746
+ const unsigned char *star = 0;
747
+ size_t i;
748
+ int state = LABEL_START;
749
+ int dots = 0;
750
+ for (i = 0; i < len; ++i)
751
+ {
752
+ /*
753
+ * Locate first and only legal wildcard, either at the start
754
+ * or end of a non-IDNA first and not final label.
755
+ */
756
+ if (p[i] == '*')
757
+ {
758
+ int atstart = (state & LABEL_START);
759
+ int atend = (i == len - 1 || p[i+1] == '.');
760
+ /*
761
+ * At most one wildcard per pattern.
762
+ * No wildcards in IDNA labels.
763
+ * No wildcards after the first label.
764
+ */
765
+ if (star != NULL || (state & LABEL_IDNA) != 0 || dots)
766
+ return NULL;
767
+ /* Only full-label '*.example.com' wildcards? */
768
+ if ((flags & X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS)
769
+ && (!atstart || !atend))
770
+ return NULL;
771
+ /* No 'foo*bar' wildcards */
772
+ if (!atstart && !atend)
773
+ return NULL;
774
+ star = &p[i];
775
+ state &= ~LABEL_START;
776
+ }
777
+ else if ((state & LABEL_START) != 0)
778
+ {
779
+ /*
780
+ * At the start of a label, skip any "xn--" and
781
+ * remain in the LABEL_START state, but set the
782
+ * IDNA label state
783
+ */
784
+ if ((state & LABEL_IDNA) == 0 && len - i >= 4
785
+ && OPENSSL_strncasecmp((char *)&p[i], "xn--", 4) == 0)
786
+ {
787
+ i += 3;
788
+ state |= LABEL_IDNA;
789
+ continue;
790
+ }
791
+ /* Labels must start with a letter or digit */
792
+ state &= ~LABEL_START;
793
+ if (('a' <= p[i] && p[i] <= 'z')
794
+ || ('A' <= p[i] && p[i] <= 'Z')
795
+ || ('0' <= p[i] && p[i] <= '9'))
796
+ continue;
797
+ return NULL;
798
+ }
799
+ else if (('a' <= p[i] && p[i] <= 'z')
800
+ || ('A' <= p[i] && p[i] <= 'Z')
801
+ || ('0' <= p[i] && p[i] <= '9'))
802
+ {
803
+ state &= LABEL_IDNA;
804
+ continue;
805
+ }
806
+ else if (p[i] == '.')
807
+ {
808
+ if (state & (LABEL_HYPHEN | LABEL_START))
809
+ return NULL;
810
+ state = LABEL_START;
811
+ ++dots;
812
+ }
813
+ else if (p[i] == '-')
814
+ {
815
+ if (state & LABEL_HYPHEN)
816
+ return NULL;
817
+ state |= LABEL_HYPHEN;
818
+ }
819
+ else
820
+ return NULL;
821
+ }
822
+
823
+ /*
824
+ * The final label must not end in a hyphen or ".", and
825
+ * there must be at least two dots after the star.
826
+ */
827
+ if ((state & (LABEL_START | LABEL_HYPHEN)) != 0
828
+ || dots < 2)
829
+ return NULL;
830
+ return star;
831
+ }
832
+
833
+ /* Compare using wildcards. */
834
+ static int equal_wildcard(const unsigned char *pattern, size_t pattern_len,
835
+ const unsigned char *subject, size_t subject_len,
836
+ unsigned int flags)
837
+ {
838
+ const unsigned char *star = NULL;
839
+
840
+ /*
841
+ * Subject names starting with '.' can only match a wildcard pattern
842
+ * via a subject sub-domain pattern suffix match.
843
+ */
844
+ if (!(subject_len > 1 && subject[0] == '.'))
845
+ star = valid_star(pattern, pattern_len, flags);
846
+ if (star == NULL)
847
+ return equal_nocase(pattern, pattern_len,
848
+ subject, subject_len, flags);
849
+ return wildcard_match(pattern, star - pattern,
850
+ star + 1, (pattern + pattern_len) - star - 1,
851
+ subject, subject_len, flags);
852
+ }
853
+
854
+ /* Compare an ASN1_STRING to a supplied string. If they match
855
+ * return 1. If cmp_type > 0 only compare if string matches the
856
+ * type, otherwise convert it to UTF8.
857
+ */
858
+
859
+ static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal,
860
+ unsigned int flags, const char *b, size_t blen,
861
+ char **peername)
862
+ {
863
+ int rv = 0;
864
+
865
+ if (!a->data || !a->length)
866
+ return 0;
867
+ if (cmp_type > 0)
868
+ {
869
+ if (cmp_type != a->type)
870
+ return 0;
871
+ if (cmp_type == V_ASN1_IA5STRING)
872
+ rv = equal(a->data, a->length,
873
+ (unsigned char *)b, blen, flags);
874
+ else if (a->length == (int)blen && !memcmp(a->data, b, blen))
875
+ rv = 1;
876
+ if (rv > 0 && peername)
877
+ *peername = BUF_strndup((char *)a->data, a->length);
878
+ }
879
+ else
880
+ {
881
+ int astrlen;
882
+ unsigned char *astr;
883
+ astrlen = ASN1_STRING_to_UTF8(&astr, a);
884
+ if (astrlen < 0)
885
+ return -1;
886
+ rv = equal(astr, astrlen, (unsigned char *)b, blen, flags);
887
+ if (rv > 0 && peername)
888
+ *peername = BUF_strndup((char *)astr, astrlen);
889
+ OPENSSL_free(astr);
890
+ }
891
+ return rv;
892
+ }
893
+
894
+ static int do_x509_check(X509 *x, const char *chk, size_t chklen,
895
+ unsigned int flags, int check_type,
896
+ char **peername)
897
+ {
898
+ GENERAL_NAMES *gens = NULL;
899
+ X509_NAME *name = NULL;
900
+ size_t i;
901
+ int j;
902
+ int cnid = NID_undef;
903
+ int alt_type;
904
+ int san_present = 0;
905
+ int rv = 0;
906
+ equal_fn equal;
907
+
908
+ /* See below, this flag is internal-only */
909
+ flags &= ~_X509_CHECK_FLAG_DOT_SUBDOMAINS;
910
+ if (check_type == GEN_EMAIL)
911
+ {
912
+ cnid = NID_pkcs9_emailAddress;
913
+ alt_type = V_ASN1_IA5STRING;
914
+ equal = equal_email;
915
+ }
916
+ else if (check_type == GEN_DNS)
917
+ {
918
+ cnid = NID_commonName;
919
+ /* Implicit client-side DNS sub-domain pattern */
920
+ if (chklen > 1 && chk[0] == '.')
921
+ flags |= _X509_CHECK_FLAG_DOT_SUBDOMAINS;
922
+ alt_type = V_ASN1_IA5STRING;
923
+ if (flags & X509_CHECK_FLAG_NO_WILDCARDS)
924
+ equal = equal_nocase;
925
+ else
926
+ equal = equal_wildcard;
927
+ }
928
+ else
929
+ {
930
+ alt_type = V_ASN1_OCTET_STRING;
931
+ equal = equal_case;
932
+ }
933
+
934
+ gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
935
+ if (gens)
936
+ {
937
+ for (i = 0; i < sk_GENERAL_NAME_num(gens); i++)
938
+ {
939
+ GENERAL_NAME *gen;
940
+ ASN1_STRING *cstr;
941
+ gen = sk_GENERAL_NAME_value(gens, i);
942
+ if (gen->type != check_type)
943
+ continue;
944
+ san_present = 1;
945
+ if (check_type == GEN_EMAIL)
946
+ cstr = gen->d.rfc822Name;
947
+ else if (check_type == GEN_DNS)
948
+ cstr = gen->d.dNSName;
949
+ else
950
+ cstr = gen->d.iPAddress;
951
+ /* Positive on success, negative on error! */
952
+ if ((rv = do_check_string(cstr, alt_type, equal, flags,
953
+ chk, chklen, peername)) != 0)
954
+ break;
955
+ }
956
+ GENERAL_NAMES_free(gens);
957
+ if (rv != 0)
958
+ return rv;
959
+ if (cnid == NID_undef
960
+ || (san_present
961
+ && !(flags & X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT)))
962
+ return 0;
963
+ }
964
+
965
+ /* We're done if CN-ID is not pertinent */
966
+ if (cnid == NID_undef)
967
+ return 0;
968
+
969
+ j = -1;
970
+ name = X509_get_subject_name(x);
971
+ while((j = X509_NAME_get_index_by_NID(name, cnid, j)) >= 0)
972
+ {
973
+ X509_NAME_ENTRY *ne;
974
+ ASN1_STRING *str;
975
+ ne = X509_NAME_get_entry(name, j);
976
+ str = X509_NAME_ENTRY_get_data(ne);
977
+ /* Positive on success, negative on error! */
978
+ if ((rv = do_check_string(str, -1, equal, flags,
979
+ chk, chklen, peername)) != 0)
980
+ return rv;
981
+ }
982
+ return 0;
983
+ }
984
+
985
+ int X509_check_host(X509 *x, const char *chk, size_t chklen,
986
+ unsigned int flags, char **peername)
987
+ {
988
+ if (chk == NULL)
989
+ return -2;
990
+ if (memchr(chk, '\0', chklen))
991
+ return -2;
992
+ return do_x509_check(x, chk, chklen, flags, GEN_DNS, peername);
993
+ }
994
+
995
+ int X509_check_email(X509 *x, const char *chk, size_t chklen,
996
+ unsigned int flags)
997
+ {
998
+ if (chk == NULL)
999
+ return -2;
1000
+ if (memchr(chk, '\0', chklen))
1001
+ return -2;
1002
+ return do_x509_check(x, chk, chklen, flags, GEN_EMAIL, NULL);
1003
+ }
1004
+
1005
+ int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen,
1006
+ unsigned int flags)
1007
+ {
1008
+ if (chk == NULL)
1009
+ return -2;
1010
+ return do_x509_check(x, (char *)chk, chklen, flags, GEN_IPADD, NULL);
1011
+ }
1012
+
1013
+ int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags)
1014
+ {
1015
+ unsigned char ipout[16];
1016
+ size_t iplen;
1017
+
1018
+ if (ipasc == NULL)
1019
+ return -2;
1020
+ iplen = (size_t) a2i_ipadd(ipout, ipasc);
1021
+ if (iplen == 0)
1022
+ return -2;
1023
+ return do_x509_check(x, (char *)ipout, iplen, flags, GEN_IPADD, NULL);
1024
+ }
1025
+
1026
+ /* Convert IP addresses both IPv4 and IPv6 into an
1027
+ * OCTET STRING compatible with RFC3280.
1028
+ */
1029
+
1030
+ ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc)
1031
+ {
1032
+ unsigned char ipout[16];
1033
+ ASN1_OCTET_STRING *ret;
1034
+ int iplen;
1035
+
1036
+ /* If string contains a ':' assume IPv6 */
1037
+
1038
+ iplen = a2i_ipadd(ipout, ipasc);
1039
+
1040
+ if (!iplen)
1041
+ return NULL;
1042
+
1043
+ ret = ASN1_OCTET_STRING_new();
1044
+ if (!ret)
1045
+ return NULL;
1046
+ if (!ASN1_OCTET_STRING_set(ret, ipout, iplen))
1047
+ {
1048
+ ASN1_OCTET_STRING_free(ret);
1049
+ return NULL;
1050
+ }
1051
+ return ret;
1052
+ }
1053
+
1054
+ ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc)
1055
+ {
1056
+ ASN1_OCTET_STRING *ret = NULL;
1057
+ unsigned char ipout[32];
1058
+ char *iptmp = NULL, *p;
1059
+ int iplen1, iplen2;
1060
+ p = strchr(ipasc,'/');
1061
+ if (!p)
1062
+ return NULL;
1063
+ iptmp = BUF_strdup(ipasc);
1064
+ if (!iptmp)
1065
+ return NULL;
1066
+ p = iptmp + (p - ipasc);
1067
+ *p++ = 0;
1068
+
1069
+ iplen1 = a2i_ipadd(ipout, iptmp);
1070
+
1071
+ if (!iplen1)
1072
+ goto err;
1073
+
1074
+ iplen2 = a2i_ipadd(ipout + iplen1, p);
1075
+
1076
+ OPENSSL_free(iptmp);
1077
+ iptmp = NULL;
1078
+
1079
+ if (!iplen2 || (iplen1 != iplen2))
1080
+ goto err;
1081
+
1082
+ ret = ASN1_OCTET_STRING_new();
1083
+ if (!ret)
1084
+ goto err;
1085
+ if (!ASN1_OCTET_STRING_set(ret, ipout, iplen1 + iplen2))
1086
+ goto err;
1087
+
1088
+ return ret;
1089
+
1090
+ err:
1091
+ if (iptmp)
1092
+ OPENSSL_free(iptmp);
1093
+ if (ret)
1094
+ ASN1_OCTET_STRING_free(ret);
1095
+ return NULL;
1096
+ }
1097
+
1098
+
1099
+ int a2i_ipadd(unsigned char *ipout, const char *ipasc)
1100
+ {
1101
+ /* If string contains a ':' assume IPv6 */
1102
+
1103
+ if (strchr(ipasc, ':'))
1104
+ {
1105
+ if (!ipv6_from_asc(ipout, ipasc))
1106
+ return 0;
1107
+ return 16;
1108
+ }
1109
+ else
1110
+ {
1111
+ if (!ipv4_from_asc(ipout, ipasc))
1112
+ return 0;
1113
+ return 4;
1114
+ }
1115
+ }
1116
+
1117
+ static int ipv4_from_asc(unsigned char *v4, const char *in)
1118
+ {
1119
+ int a0, a1, a2, a3;
1120
+ if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4)
1121
+ return 0;
1122
+ if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255)
1123
+ || (a2 < 0) || (a2 > 255) || (a3 < 0) || (a3 > 255))
1124
+ return 0;
1125
+ v4[0] = a0;
1126
+ v4[1] = a1;
1127
+ v4[2] = a2;
1128
+ v4[3] = a3;
1129
+ return 1;
1130
+ }
1131
+
1132
+ typedef struct {
1133
+ /* Temporary store for IPV6 output */
1134
+ unsigned char tmp[16];
1135
+ /* Total number of bytes in tmp */
1136
+ int total;
1137
+ /* The position of a zero (corresponding to '::') */
1138
+ int zero_pos;
1139
+ /* Number of zeroes */
1140
+ int zero_cnt;
1141
+ } IPV6_STAT;
1142
+
1143
+
1144
+ static int ipv6_from_asc(unsigned char *v6, const char *in)
1145
+ {
1146
+ IPV6_STAT v6stat;
1147
+ v6stat.total = 0;
1148
+ v6stat.zero_pos = -1;
1149
+ v6stat.zero_cnt = 0;
1150
+ /* Treat the IPv6 representation as a list of values
1151
+ * separated by ':'. The presence of a '::' will parse
1152
+ * as one, two or three zero length elements.
1153
+ */
1154
+ if (!CONF_parse_list(in, ':', 0, ipv6_cb, &v6stat))
1155
+ return 0;
1156
+
1157
+ /* Now for some sanity checks */
1158
+
1159
+ if (v6stat.zero_pos == -1)
1160
+ {
1161
+ /* If no '::' must have exactly 16 bytes */
1162
+ if (v6stat.total != 16)
1163
+ return 0;
1164
+ }
1165
+ else
1166
+ {
1167
+ /* If '::' must have less than 16 bytes */
1168
+ if (v6stat.total == 16)
1169
+ return 0;
1170
+ /* More than three zeroes is an error */
1171
+ if (v6stat.zero_cnt > 3)
1172
+ return 0;
1173
+ /* Can only have three zeroes if nothing else present */
1174
+ else if (v6stat.zero_cnt == 3)
1175
+ {
1176
+ if (v6stat.total > 0)
1177
+ return 0;
1178
+ }
1179
+ /* Can only have two zeroes if at start or end */
1180
+ else if (v6stat.zero_cnt == 2)
1181
+ {
1182
+ if ((v6stat.zero_pos != 0)
1183
+ && (v6stat.zero_pos != v6stat.total))
1184
+ return 0;
1185
+ }
1186
+ else
1187
+ /* Can only have one zero if *not* start or end */
1188
+ {
1189
+ if ((v6stat.zero_pos == 0)
1190
+ || (v6stat.zero_pos == v6stat.total))
1191
+ return 0;
1192
+ }
1193
+ }
1194
+
1195
+ /* Format result */
1196
+
1197
+ if (v6stat.zero_pos >= 0)
1198
+ {
1199
+ /* Copy initial part */
1200
+ memcpy(v6, v6stat.tmp, v6stat.zero_pos);
1201
+ /* Zero middle */
1202
+ memset(v6 + v6stat.zero_pos, 0, 16 - v6stat.total);
1203
+ /* Copy final part */
1204
+ if (v6stat.total != v6stat.zero_pos)
1205
+ memcpy(v6 + v6stat.zero_pos + 16 - v6stat.total,
1206
+ v6stat.tmp + v6stat.zero_pos,
1207
+ v6stat.total - v6stat.zero_pos);
1208
+ }
1209
+ else
1210
+ memcpy(v6, v6stat.tmp, 16);
1211
+
1212
+ return 1;
1213
+ }
1214
+
1215
+ static int ipv6_cb(const char *elem, int len, void *usr)
1216
+ {
1217
+ IPV6_STAT *s = usr;
1218
+ /* Error if 16 bytes written */
1219
+ if (s->total == 16)
1220
+ return 0;
1221
+ if (len == 0)
1222
+ {
1223
+ /* Zero length element, corresponds to '::' */
1224
+ if (s->zero_pos == -1)
1225
+ s->zero_pos = s->total;
1226
+ /* If we've already got a :: its an error */
1227
+ else if (s->zero_pos != s->total)
1228
+ return 0;
1229
+ s->zero_cnt++;
1230
+ }
1231
+ else
1232
+ {
1233
+ /* If more than 4 characters could be final a.b.c.d form */
1234
+ if (len > 4)
1235
+ {
1236
+ /* Need at least 4 bytes left */
1237
+ if (s->total > 12)
1238
+ return 0;
1239
+ /* Must be end of string */
1240
+ if (elem[len])
1241
+ return 0;
1242
+ if (!ipv4_from_asc(s->tmp + s->total, elem))
1243
+ return 0;
1244
+ s->total += 4;
1245
+ }
1246
+ else
1247
+ {
1248
+ if (!ipv6_hex(s->tmp + s->total, elem, len))
1249
+ return 0;
1250
+ s->total += 2;
1251
+ }
1252
+ }
1253
+ return 1;
1254
+ }
1255
+
1256
+ /* Convert a string of up to 4 hex digits into the corresponding
1257
+ * IPv6 form.
1258
+ */
1259
+
1260
+ static int ipv6_hex(unsigned char *out, const char *in, int inlen)
1261
+ {
1262
+ unsigned char c;
1263
+ unsigned int num = 0;
1264
+ if (inlen > 4)
1265
+ return 0;
1266
+ while(inlen--)
1267
+ {
1268
+ c = *in++;
1269
+ num <<= 4;
1270
+ if ((c >= '0') && (c <= '9'))
1271
+ num |= c - '0';
1272
+ else if ((c >= 'A') && (c <= 'F'))
1273
+ num |= c - 'A' + 10;
1274
+ else if ((c >= 'a') && (c <= 'f'))
1275
+ num |= c - 'a' + 10;
1276
+ else
1277
+ return 0;
1278
+ }
1279
+ out[0] = num >> 8;
1280
+ out[1] = num & 0xff;
1281
+ return 1;
1282
+ }
1283
+
1284
+
1285
+ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk,
1286
+ unsigned long chtype)
1287
+ {
1288
+ CONF_VALUE *v;
1289
+ int mval;
1290
+ size_t i;
1291
+ char *p, *type;
1292
+ if (!nm)
1293
+ return 0;
1294
+
1295
+ for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++)
1296
+ {
1297
+ v=sk_CONF_VALUE_value(dn_sk,i);
1298
+ type=v->name;
1299
+ /* Skip past any leading X. X: X, etc to allow for
1300
+ * multiple instances
1301
+ */
1302
+ for(p = type; *p ; p++)
1303
+ if ((*p == ':') || (*p == ',') || (*p == '.'))
1304
+ {
1305
+ p++;
1306
+ if(*p) type = p;
1307
+ break;
1308
+ }
1309
+ if (*type == '+')
1310
+ {
1311
+ mval = -1;
1312
+ type++;
1313
+ }
1314
+ else
1315
+ mval = 0;
1316
+ if (!X509_NAME_add_entry_by_txt(nm,type, chtype,
1317
+ (unsigned char *) v->value,-1,-1,mval))
1318
+ return 0;
1319
+
1320
+ }
1321
+ return 1;
1322
+ }