grpc-flamingo 1.11.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (1318) hide show
  1. checksums.yaml +7 -0
  2. data/.yardopts +1 -0
  3. data/Makefile +23896 -0
  4. data/etc/roots.pem +4475 -0
  5. data/include/grpc/byte_buffer.h +27 -0
  6. data/include/grpc/byte_buffer_reader.h +26 -0
  7. data/include/grpc/census.h +40 -0
  8. data/include/grpc/compression.h +75 -0
  9. data/include/grpc/fork.h +26 -0
  10. data/include/grpc/grpc.h +469 -0
  11. data/include/grpc/grpc_cronet.h +38 -0
  12. data/include/grpc/grpc_posix.h +67 -0
  13. data/include/grpc/grpc_security.h +495 -0
  14. data/include/grpc/grpc_security_constants.h +107 -0
  15. data/include/grpc/impl/codegen/atm.h +95 -0
  16. data/include/grpc/impl/codegen/atm_gcc_atomic.h +91 -0
  17. data/include/grpc/impl/codegen/atm_gcc_sync.h +83 -0
  18. data/include/grpc/impl/codegen/atm_windows.h +126 -0
  19. data/include/grpc/impl/codegen/byte_buffer.h +88 -0
  20. data/include/grpc/impl/codegen/byte_buffer_reader.h +42 -0
  21. data/include/grpc/impl/codegen/compression_types.h +107 -0
  22. data/include/grpc/impl/codegen/connectivity_state.h +44 -0
  23. data/include/grpc/impl/codegen/fork.h +48 -0
  24. data/include/grpc/impl/codegen/gpr_slice.h +69 -0
  25. data/include/grpc/impl/codegen/gpr_types.h +59 -0
  26. data/include/grpc/impl/codegen/grpc_types.h +669 -0
  27. data/include/grpc/impl/codegen/port_platform.h +507 -0
  28. data/include/grpc/impl/codegen/propagation_bits.h +52 -0
  29. data/include/grpc/impl/codegen/slice.h +147 -0
  30. data/include/grpc/impl/codegen/status.h +153 -0
  31. data/include/grpc/impl/codegen/sync.h +63 -0
  32. data/include/grpc/impl/codegen/sync_custom.h +38 -0
  33. data/include/grpc/impl/codegen/sync_generic.h +48 -0
  34. data/include/grpc/impl/codegen/sync_posix.h +34 -0
  35. data/include/grpc/impl/codegen/sync_windows.h +36 -0
  36. data/include/grpc/load_reporting.h +48 -0
  37. data/include/grpc/module.modulemap +74 -0
  38. data/include/grpc/slice.h +172 -0
  39. data/include/grpc/slice_buffer.h +84 -0
  40. data/include/grpc/status.h +26 -0
  41. data/include/grpc/support/alloc.h +68 -0
  42. data/include/grpc/support/atm.h +26 -0
  43. data/include/grpc/support/atm_gcc_atomic.h +26 -0
  44. data/include/grpc/support/atm_gcc_sync.h +26 -0
  45. data/include/grpc/support/atm_windows.h +26 -0
  46. data/include/grpc/support/cpu.h +44 -0
  47. data/include/grpc/support/log.h +104 -0
  48. data/include/grpc/support/log_windows.h +38 -0
  49. data/include/grpc/support/port_platform.h +24 -0
  50. data/include/grpc/support/string_util.h +49 -0
  51. data/include/grpc/support/sync.h +298 -0
  52. data/include/grpc/support/sync_custom.h +26 -0
  53. data/include/grpc/support/sync_generic.h +26 -0
  54. data/include/grpc/support/sync_posix.h +26 -0
  55. data/include/grpc/support/sync_windows.h +26 -0
  56. data/include/grpc/support/thd_id.h +44 -0
  57. data/include/grpc/support/time.h +92 -0
  58. data/include/grpc/support/workaround_list.h +31 -0
  59. data/src/boringssl/err_data.c +1348 -0
  60. data/src/core/ext/census/grpc_context.cc +38 -0
  61. data/src/core/ext/filters/client_channel/backup_poller.cc +174 -0
  62. data/src/core/ext/filters/client_channel/backup_poller.h +35 -0
  63. data/src/core/ext/filters/client_channel/channel_connectivity.cc +248 -0
  64. data/src/core/ext/filters/client_channel/client_channel.cc +3209 -0
  65. data/src/core/ext/filters/client_channel/client_channel.h +57 -0
  66. data/src/core/ext/filters/client_channel/client_channel_factory.cc +67 -0
  67. data/src/core/ext/filters/client_channel/client_channel_factory.h +74 -0
  68. data/src/core/ext/filters/client_channel/client_channel_plugin.cc +62 -0
  69. data/src/core/ext/filters/client_channel/connector.cc +41 -0
  70. data/src/core/ext/filters/client_channel/connector.h +73 -0
  71. data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +370 -0
  72. data/src/core/ext/filters/client_channel/http_connect_handshaker.h +34 -0
  73. data/src/core/ext/filters/client_channel/http_proxy.cc +195 -0
  74. data/src/core/ext/filters/client_channel/http_proxy.h +24 -0
  75. data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +138 -0
  76. data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.h +29 -0
  77. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +1906 -0
  78. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +36 -0
  79. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +108 -0
  80. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +152 -0
  81. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +67 -0
  82. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +304 -0
  83. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +88 -0
  84. data/src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.c +102 -0
  85. data/src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.h +190 -0
  86. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +591 -0
  87. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +687 -0
  88. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.cc +253 -0
  89. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +136 -0
  90. data/src/core/ext/filters/client_channel/lb_policy.cc +59 -0
  91. data/src/core/ext/filters/client_channel/lb_policy.h +201 -0
  92. data/src/core/ext/filters/client_channel/lb_policy_factory.cc +155 -0
  93. data/src/core/ext/filters/client_channel/lb_policy_factory.h +127 -0
  94. data/src/core/ext/filters/client_channel/lb_policy_registry.cc +97 -0
  95. data/src/core/ext/filters/client_channel/lb_policy_registry.h +54 -0
  96. data/src/core/ext/filters/client_channel/method_params.cc +178 -0
  97. data/src/core/ext/filters/client_channel/method_params.h +74 -0
  98. data/src/core/ext/filters/client_channel/parse_address.cc +192 -0
  99. data/src/core/ext/filters/client_channel/parse_address.h +50 -0
  100. data/src/core/ext/filters/client_channel/proxy_mapper.cc +48 -0
  101. data/src/core/ext/filters/client_channel/proxy_mapper.h +74 -0
  102. data/src/core/ext/filters/client_channel/proxy_mapper_registry.cc +122 -0
  103. data/src/core/ext/filters/client_channel/proxy_mapper_registry.h +44 -0
  104. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +493 -0
  105. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +53 -0
  106. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +351 -0
  107. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +593 -0
  108. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +74 -0
  109. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +59 -0
  110. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +340 -0
  111. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +297 -0
  112. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +83 -0
  113. data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +214 -0
  114. data/src/core/ext/filters/client_channel/resolver.cc +35 -0
  115. data/src/core/ext/filters/client_channel/resolver.h +134 -0
  116. data/src/core/ext/filters/client_channel/resolver_factory.h +71 -0
  117. data/src/core/ext/filters/client_channel/resolver_registry.cc +178 -0
  118. data/src/core/ext/filters/client_channel/resolver_registry.h +83 -0
  119. data/src/core/ext/filters/client_channel/retry_throttle.cc +191 -0
  120. data/src/core/ext/filters/client_channel/retry_throttle.h +77 -0
  121. data/src/core/ext/filters/client_channel/subchannel.cc +815 -0
  122. data/src/core/ext/filters/client_channel/subchannel.h +183 -0
  123. data/src/core/ext/filters/client_channel/subchannel_index.cc +254 -0
  124. data/src/core/ext/filters/client_channel/subchannel_index.h +79 -0
  125. data/src/core/ext/filters/client_channel/uri_parser.cc +314 -0
  126. data/src/core/ext/filters/client_channel/uri_parser.h +50 -0
  127. data/src/core/ext/filters/deadline/deadline_filter.cc +386 -0
  128. data/src/core/ext/filters/deadline/deadline_filter.h +93 -0
  129. data/src/core/ext/filters/http/client/http_client_filter.cc +558 -0
  130. data/src/core/ext/filters/http/client/http_client_filter.h +31 -0
  131. data/src/core/ext/filters/http/client_authority_filter.cc +156 -0
  132. data/src/core/ext/filters/http/client_authority_filter.h +34 -0
  133. data/src/core/ext/filters/http/http_filters_plugin.cc +89 -0
  134. data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +499 -0
  135. data/src/core/ext/filters/http/message_compress/message_compress_filter.h +53 -0
  136. data/src/core/ext/filters/http/server/http_server_filter.cc +434 -0
  137. data/src/core/ext/filters/http/server/http_server_filter.h +29 -0
  138. data/src/core/ext/filters/load_reporting/server_load_reporting_filter.cc +222 -0
  139. data/src/core/ext/filters/load_reporting/server_load_reporting_filter.h +30 -0
  140. data/src/core/ext/filters/load_reporting/server_load_reporting_plugin.cc +71 -0
  141. data/src/core/ext/filters/load_reporting/server_load_reporting_plugin.h +61 -0
  142. data/src/core/ext/filters/max_age/max_age_filter.cc +543 -0
  143. data/src/core/ext/filters/max_age/max_age_filter.h +26 -0
  144. data/src/core/ext/filters/message_size/message_size_filter.cc +324 -0
  145. data/src/core/ext/filters/message_size/message_size_filter.h +26 -0
  146. data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +208 -0
  147. data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.h +27 -0
  148. data/src/core/ext/filters/workarounds/workaround_utils.cc +53 -0
  149. data/src/core/ext/filters/workarounds/workaround_utils.h +39 -0
  150. data/src/core/ext/transport/chttp2/alpn/alpn.cc +44 -0
  151. data/src/core/ext/transport/chttp2/alpn/alpn.h +36 -0
  152. data/src/core/ext/transport/chttp2/client/authority.cc +42 -0
  153. data/src/core/ext/transport/chttp2/client/authority.h +36 -0
  154. data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +229 -0
  155. data/src/core/ext/transport/chttp2/client/chttp2_connector.h +28 -0
  156. data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +110 -0
  157. data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +79 -0
  158. data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +230 -0
  159. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +353 -0
  160. data/src/core/ext/transport/chttp2/server/chttp2_server.h +33 -0
  161. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +45 -0
  162. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +74 -0
  163. data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +89 -0
  164. data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +249 -0
  165. data/src/core/ext/transport/chttp2/transport/bin_decoder.h +56 -0
  166. data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +231 -0
  167. data/src/core/ext/transport/chttp2/transport/bin_encoder.h +41 -0
  168. data/src/core/ext/transport/chttp2/transport/chttp2_plugin.cc +35 -0
  169. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +3102 -0
  170. data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +45 -0
  171. data/src/core/ext/transport/chttp2/transport/flow_control.cc +405 -0
  172. data/src/core/ext/transport/chttp2/transport/flow_control.h +482 -0
  173. data/src/core/ext/transport/chttp2/transport/frame.h +47 -0
  174. data/src/core/ext/transport/chttp2/transport/frame_data.cc +314 -0
  175. data/src/core/ext/transport/chttp2/transport/frame_data.h +84 -0
  176. data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +186 -0
  177. data/src/core/ext/transport/chttp2/transport/frame_goaway.h +62 -0
  178. data/src/core/ext/transport/chttp2/transport/frame_ping.cc +131 -0
  179. data/src/core/ext/transport/chttp2/transport/frame_ping.h +45 -0
  180. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +112 -0
  181. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +43 -0
  182. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +238 -0
  183. data/src/core/ext/transport/chttp2/transport/frame_settings.h +60 -0
  184. data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +122 -0
  185. data/src/core/ext/transport/chttp2/transport/frame_window_update.h +45 -0
  186. data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +699 -0
  187. data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +95 -0
  188. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +1680 -0
  189. data/src/core/ext/transport/chttp2/transport/hpack_parser.h +109 -0
  190. data/src/core/ext/transport/chttp2/transport/hpack_table.cc +368 -0
  191. data/src/core/ext/transport/chttp2/transport/hpack_table.h +95 -0
  192. data/src/core/ext/transport/chttp2/transport/http2_settings.cc +62 -0
  193. data/src/core/ext/transport/chttp2/transport/http2_settings.h +62 -0
  194. data/src/core/ext/transport/chttp2/transport/huffsyms.cc +92 -0
  195. data/src/core/ext/transport/chttp2/transport/huffsyms.h +33 -0
  196. data/src/core/ext/transport/chttp2/transport/incoming_metadata.cc +73 -0
  197. data/src/core/ext/transport/chttp2/transport/incoming_metadata.h +49 -0
  198. data/src/core/ext/transport/chttp2/transport/internal.h +799 -0
  199. data/src/core/ext/transport/chttp2/transport/parsing.cc +745 -0
  200. data/src/core/ext/transport/chttp2/transport/stream_lists.cc +216 -0
  201. data/src/core/ext/transport/chttp2/transport/stream_map.cc +167 -0
  202. data/src/core/ext/transport/chttp2/transport/stream_map.h +68 -0
  203. data/src/core/ext/transport/chttp2/transport/varint.cc +56 -0
  204. data/src/core/ext/transport/chttp2/transport/varint.h +60 -0
  205. data/src/core/ext/transport/chttp2/transport/writing.cc +641 -0
  206. data/src/core/ext/transport/inproc/inproc_plugin.cc +28 -0
  207. data/src/core/ext/transport/inproc/inproc_transport.cc +1240 -0
  208. data/src/core/ext/transport/inproc/inproc_transport.h +35 -0
  209. data/src/core/lib/avl/avl.cc +306 -0
  210. data/src/core/lib/avl/avl.h +94 -0
  211. data/src/core/lib/backoff/backoff.cc +78 -0
  212. data/src/core/lib/backoff/backoff.h +89 -0
  213. data/src/core/lib/channel/channel_args.cc +413 -0
  214. data/src/core/lib/channel/channel_args.h +127 -0
  215. data/src/core/lib/channel/channel_stack.cc +258 -0
  216. data/src/core/lib/channel/channel_stack.h +280 -0
  217. data/src/core/lib/channel/channel_stack_builder.cc +314 -0
  218. data/src/core/lib/channel/channel_stack_builder.h +160 -0
  219. data/src/core/lib/channel/channel_trace.cc +239 -0
  220. data/src/core/lib/channel/channel_trace.h +133 -0
  221. data/src/core/lib/channel/channel_trace_registry.cc +80 -0
  222. data/src/core/lib/channel/channel_trace_registry.h +43 -0
  223. data/src/core/lib/channel/connected_channel.cc +236 -0
  224. data/src/core/lib/channel/connected_channel.h +34 -0
  225. data/src/core/lib/channel/context.h +49 -0
  226. data/src/core/lib/channel/handshaker.cc +259 -0
  227. data/src/core/lib/channel/handshaker.h +166 -0
  228. data/src/core/lib/channel/handshaker_factory.cc +41 -0
  229. data/src/core/lib/channel/handshaker_factory.h +50 -0
  230. data/src/core/lib/channel/handshaker_registry.cc +97 -0
  231. data/src/core/lib/channel/handshaker_registry.h +48 -0
  232. data/src/core/lib/channel/status_util.cc +100 -0
  233. data/src/core/lib/channel/status_util.h +58 -0
  234. data/src/core/lib/compression/algorithm_metadata.h +61 -0
  235. data/src/core/lib/compression/compression.cc +174 -0
  236. data/src/core/lib/compression/compression_internal.cc +276 -0
  237. data/src/core/lib/compression/compression_internal.h +88 -0
  238. data/src/core/lib/compression/message_compress.cc +187 -0
  239. data/src/core/lib/compression/message_compress.h +40 -0
  240. data/src/core/lib/compression/stream_compression.cc +79 -0
  241. data/src/core/lib/compression/stream_compression.h +116 -0
  242. data/src/core/lib/compression/stream_compression_gzip.cc +230 -0
  243. data/src/core/lib/compression/stream_compression_gzip.h +28 -0
  244. data/src/core/lib/compression/stream_compression_identity.cc +94 -0
  245. data/src/core/lib/compression/stream_compression_identity.h +29 -0
  246. data/src/core/lib/debug/stats.cc +178 -0
  247. data/src/core/lib/debug/stats.h +61 -0
  248. data/src/core/lib/debug/stats_data.cc +682 -0
  249. data/src/core/lib/debug/stats_data.h +435 -0
  250. data/src/core/lib/debug/trace.cc +144 -0
  251. data/src/core/lib/debug/trace.h +104 -0
  252. data/src/core/lib/gpr/alloc.cc +99 -0
  253. data/src/core/lib/gpr/arena.cc +152 -0
  254. data/src/core/lib/gpr/arena.h +41 -0
  255. data/src/core/lib/gpr/atm.cc +35 -0
  256. data/src/core/lib/gpr/cpu_iphone.cc +36 -0
  257. data/src/core/lib/gpr/cpu_linux.cc +82 -0
  258. data/src/core/lib/gpr/cpu_posix.cc +81 -0
  259. data/src/core/lib/gpr/cpu_windows.cc +33 -0
  260. data/src/core/lib/gpr/env.h +43 -0
  261. data/src/core/lib/gpr/env_linux.cc +82 -0
  262. data/src/core/lib/gpr/env_posix.cc +47 -0
  263. data/src/core/lib/gpr/env_windows.cc +72 -0
  264. data/src/core/lib/gpr/fork.cc +78 -0
  265. data/src/core/lib/gpr/fork.h +35 -0
  266. data/src/core/lib/gpr/host_port.cc +98 -0
  267. data/src/core/lib/gpr/host_port.h +43 -0
  268. data/src/core/lib/gpr/log.cc +96 -0
  269. data/src/core/lib/gpr/log_android.cc +72 -0
  270. data/src/core/lib/gpr/log_linux.cc +93 -0
  271. data/src/core/lib/gpr/log_posix.cc +90 -0
  272. data/src/core/lib/gpr/log_windows.cc +97 -0
  273. data/src/core/lib/gpr/mpscq.cc +117 -0
  274. data/src/core/lib/gpr/mpscq.h +86 -0
  275. data/src/core/lib/gpr/murmur_hash.cc +80 -0
  276. data/src/core/lib/gpr/murmur_hash.h +29 -0
  277. data/src/core/lib/gpr/spinlock.h +46 -0
  278. data/src/core/lib/gpr/string.cc +319 -0
  279. data/src/core/lib/gpr/string.h +109 -0
  280. data/src/core/lib/gpr/string_posix.cc +72 -0
  281. data/src/core/lib/gpr/string_util_windows.cc +82 -0
  282. data/src/core/lib/gpr/string_windows.cc +69 -0
  283. data/src/core/lib/gpr/string_windows.h +32 -0
  284. data/src/core/lib/gpr/sync.cc +124 -0
  285. data/src/core/lib/gpr/sync_posix.cc +107 -0
  286. data/src/core/lib/gpr/sync_windows.cc +118 -0
  287. data/src/core/lib/gpr/time.cc +251 -0
  288. data/src/core/lib/gpr/time_posix.cc +167 -0
  289. data/src/core/lib/gpr/time_precise.cc +78 -0
  290. data/src/core/lib/gpr/time_precise.h +29 -0
  291. data/src/core/lib/gpr/time_windows.cc +98 -0
  292. data/src/core/lib/gpr/tls.h +68 -0
  293. data/src/core/lib/gpr/tls_gcc.h +52 -0
  294. data/src/core/lib/gpr/tls_msvc.h +52 -0
  295. data/src/core/lib/gpr/tls_pthread.cc +30 -0
  296. data/src/core/lib/gpr/tls_pthread.h +56 -0
  297. data/src/core/lib/gpr/tmpfile.h +32 -0
  298. data/src/core/lib/gpr/tmpfile_msys.cc +58 -0
  299. data/src/core/lib/gpr/tmpfile_posix.cc +70 -0
  300. data/src/core/lib/gpr/tmpfile_windows.cc +69 -0
  301. data/src/core/lib/gpr/useful.h +65 -0
  302. data/src/core/lib/gpr/wrap_memcpy.cc +42 -0
  303. data/src/core/lib/gprpp/abstract.h +34 -0
  304. data/src/core/lib/gprpp/atomic.h +30 -0
  305. data/src/core/lib/gprpp/atomic_with_atm.h +57 -0
  306. data/src/core/lib/gprpp/atomic_with_std.h +35 -0
  307. data/src/core/lib/gprpp/debug_location.h +52 -0
  308. data/src/core/lib/gprpp/inlined_vector.h +136 -0
  309. data/src/core/lib/gprpp/manual_constructor.h +213 -0
  310. data/src/core/lib/gprpp/memory.h +111 -0
  311. data/src/core/lib/gprpp/orphanable.h +199 -0
  312. data/src/core/lib/gprpp/ref_counted.h +169 -0
  313. data/src/core/lib/gprpp/ref_counted_ptr.h +112 -0
  314. data/src/core/lib/gprpp/thd.h +135 -0
  315. data/src/core/lib/gprpp/thd_posix.cc +209 -0
  316. data/src/core/lib/gprpp/thd_windows.cc +162 -0
  317. data/src/core/lib/http/format_request.cc +122 -0
  318. data/src/core/lib/http/format_request.h +34 -0
  319. data/src/core/lib/http/httpcli.cc +303 -0
  320. data/src/core/lib/http/httpcli.h +127 -0
  321. data/src/core/lib/http/httpcli_security_connector.cc +202 -0
  322. data/src/core/lib/http/parser.cc +371 -0
  323. data/src/core/lib/http/parser.h +113 -0
  324. data/src/core/lib/iomgr/block_annotate.h +57 -0
  325. data/src/core/lib/iomgr/call_combiner.cc +212 -0
  326. data/src/core/lib/iomgr/call_combiner.h +112 -0
  327. data/src/core/lib/iomgr/closure.h +351 -0
  328. data/src/core/lib/iomgr/combiner.cc +358 -0
  329. data/src/core/lib/iomgr/combiner.h +66 -0
  330. data/src/core/lib/iomgr/endpoint.cc +63 -0
  331. data/src/core/lib/iomgr/endpoint.h +98 -0
  332. data/src/core/lib/iomgr/endpoint_pair.h +34 -0
  333. data/src/core/lib/iomgr/endpoint_pair_posix.cc +73 -0
  334. data/src/core/lib/iomgr/endpoint_pair_uv.cc +40 -0
  335. data/src/core/lib/iomgr/endpoint_pair_windows.cc +87 -0
  336. data/src/core/lib/iomgr/error.cc +793 -0
  337. data/src/core/lib/iomgr/error.h +207 -0
  338. data/src/core/lib/iomgr/error_internal.h +63 -0
  339. data/src/core/lib/iomgr/ev_epoll1_linux.cc +1248 -0
  340. data/src/core/lib/iomgr/ev_epoll1_linux.h +31 -0
  341. data/src/core/lib/iomgr/ev_epollex_linux.cc +1494 -0
  342. data/src/core/lib/iomgr/ev_epollex_linux.h +30 -0
  343. data/src/core/lib/iomgr/ev_epollsig_linux.cc +1735 -0
  344. data/src/core/lib/iomgr/ev_epollsig_linux.h +35 -0
  345. data/src/core/lib/iomgr/ev_poll_posix.cc +1758 -0
  346. data/src/core/lib/iomgr/ev_poll_posix.h +29 -0
  347. data/src/core/lib/iomgr/ev_posix.cc +330 -0
  348. data/src/core/lib/iomgr/ev_posix.h +145 -0
  349. data/src/core/lib/iomgr/ev_windows.cc +30 -0
  350. data/src/core/lib/iomgr/exec_ctx.cc +147 -0
  351. data/src/core/lib/iomgr/exec_ctx.h +210 -0
  352. data/src/core/lib/iomgr/executor.cc +301 -0
  353. data/src/core/lib/iomgr/executor.h +50 -0
  354. data/src/core/lib/iomgr/fork_posix.cc +89 -0
  355. data/src/core/lib/iomgr/fork_windows.cc +41 -0
  356. data/src/core/lib/iomgr/gethostname.h +26 -0
  357. data/src/core/lib/iomgr/gethostname_fallback.cc +30 -0
  358. data/src/core/lib/iomgr/gethostname_host_name_max.cc +40 -0
  359. data/src/core/lib/iomgr/gethostname_sysconf.cc +40 -0
  360. data/src/core/lib/iomgr/iocp_windows.cc +152 -0
  361. data/src/core/lib/iomgr/iocp_windows.h +48 -0
  362. data/src/core/lib/iomgr/iomgr.cc +178 -0
  363. data/src/core/lib/iomgr/iomgr.h +36 -0
  364. data/src/core/lib/iomgr/iomgr_custom.cc +63 -0
  365. data/src/core/lib/iomgr/iomgr_custom.h +47 -0
  366. data/src/core/lib/iomgr/iomgr_internal.cc +43 -0
  367. data/src/core/lib/iomgr/iomgr_internal.h +57 -0
  368. data/src/core/lib/iomgr/iomgr_posix.cc +67 -0
  369. data/src/core/lib/iomgr/iomgr_posix.h +26 -0
  370. data/src/core/lib/iomgr/iomgr_uv.cc +40 -0
  371. data/src/core/lib/iomgr/iomgr_windows.cc +87 -0
  372. data/src/core/lib/iomgr/is_epollexclusive_available.cc +104 -0
  373. data/src/core/lib/iomgr/is_epollexclusive_available.h +36 -0
  374. data/src/core/lib/iomgr/load_file.cc +80 -0
  375. data/src/core/lib/iomgr/load_file.h +35 -0
  376. data/src/core/lib/iomgr/lockfree_event.cc +250 -0
  377. data/src/core/lib/iomgr/lockfree_event.h +72 -0
  378. data/src/core/lib/iomgr/nameser.h +106 -0
  379. data/src/core/lib/iomgr/network_status_tracker.cc +36 -0
  380. data/src/core/lib/iomgr/network_status_tracker.h +32 -0
  381. data/src/core/lib/iomgr/polling_entity.cc +87 -0
  382. data/src/core/lib/iomgr/polling_entity.h +68 -0
  383. data/src/core/lib/iomgr/pollset.cc +56 -0
  384. data/src/core/lib/iomgr/pollset.h +99 -0
  385. data/src/core/lib/iomgr/pollset_custom.cc +106 -0
  386. data/src/core/lib/iomgr/pollset_custom.h +35 -0
  387. data/src/core/lib/iomgr/pollset_set.cc +55 -0
  388. data/src/core/lib/iomgr/pollset_set.h +55 -0
  389. data/src/core/lib/iomgr/pollset_set_custom.cc +48 -0
  390. data/src/core/lib/iomgr/pollset_set_custom.h +26 -0
  391. data/src/core/lib/iomgr/pollset_set_windows.cc +51 -0
  392. data/src/core/lib/iomgr/pollset_set_windows.h +26 -0
  393. data/src/core/lib/iomgr/pollset_uv.cc +93 -0
  394. data/src/core/lib/iomgr/pollset_windows.cc +229 -0
  395. data/src/core/lib/iomgr/pollset_windows.h +70 -0
  396. data/src/core/lib/iomgr/port.h +147 -0
  397. data/src/core/lib/iomgr/resolve_address.cc +50 -0
  398. data/src/core/lib/iomgr/resolve_address.h +83 -0
  399. data/src/core/lib/iomgr/resolve_address_custom.cc +187 -0
  400. data/src/core/lib/iomgr/resolve_address_custom.h +43 -0
  401. data/src/core/lib/iomgr/resolve_address_posix.cc +180 -0
  402. data/src/core/lib/iomgr/resolve_address_windows.cc +165 -0
  403. data/src/core/lib/iomgr/resource_quota.cc +871 -0
  404. data/src/core/lib/iomgr/resource_quota.h +142 -0
  405. data/src/core/lib/iomgr/sockaddr.h +32 -0
  406. data/src/core/lib/iomgr/sockaddr_custom.h +54 -0
  407. data/src/core/lib/iomgr/sockaddr_posix.h +55 -0
  408. data/src/core/lib/iomgr/sockaddr_utils.cc +298 -0
  409. data/src/core/lib/iomgr/sockaddr_utils.h +84 -0
  410. data/src/core/lib/iomgr/sockaddr_windows.h +55 -0
  411. data/src/core/lib/iomgr/socket_factory_posix.cc +94 -0
  412. data/src/core/lib/iomgr/socket_factory_posix.h +69 -0
  413. data/src/core/lib/iomgr/socket_mutator.cc +83 -0
  414. data/src/core/lib/iomgr/socket_mutator.h +61 -0
  415. data/src/core/lib/iomgr/socket_utils.h +38 -0
  416. data/src/core/lib/iomgr/socket_utils_common_posix.cc +327 -0
  417. data/src/core/lib/iomgr/socket_utils_linux.cc +43 -0
  418. data/src/core/lib/iomgr/socket_utils_posix.cc +59 -0
  419. data/src/core/lib/iomgr/socket_utils_posix.h +134 -0
  420. data/src/core/lib/iomgr/socket_utils_uv.cc +45 -0
  421. data/src/core/lib/iomgr/socket_utils_windows.cc +43 -0
  422. data/src/core/lib/iomgr/socket_windows.cc +151 -0
  423. data/src/core/lib/iomgr/socket_windows.h +113 -0
  424. data/src/core/lib/iomgr/sys_epoll_wrapper.h +30 -0
  425. data/src/core/lib/iomgr/tcp_client.cc +36 -0
  426. data/src/core/lib/iomgr/tcp_client.h +52 -0
  427. data/src/core/lib/iomgr/tcp_client_custom.cc +151 -0
  428. data/src/core/lib/iomgr/tcp_client_posix.cc +359 -0
  429. data/src/core/lib/iomgr/tcp_client_posix.h +68 -0
  430. data/src/core/lib/iomgr/tcp_client_windows.cc +231 -0
  431. data/src/core/lib/iomgr/tcp_custom.cc +365 -0
  432. data/src/core/lib/iomgr/tcp_custom.h +81 -0
  433. data/src/core/lib/iomgr/tcp_posix.cc +814 -0
  434. data/src/core/lib/iomgr/tcp_posix.h +57 -0
  435. data/src/core/lib/iomgr/tcp_server.cc +73 -0
  436. data/src/core/lib/iomgr/tcp_server.h +122 -0
  437. data/src/core/lib/iomgr/tcp_server_custom.cc +472 -0
  438. data/src/core/lib/iomgr/tcp_server_posix.cc +582 -0
  439. data/src/core/lib/iomgr/tcp_server_utils_posix.h +122 -0
  440. data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +208 -0
  441. data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +184 -0
  442. data/src/core/lib/iomgr/tcp_server_utils_posix_noifaddrs.cc +36 -0
  443. data/src/core/lib/iomgr/tcp_server_windows.cc +559 -0
  444. data/src/core/lib/iomgr/tcp_uv.cc +417 -0
  445. data/src/core/lib/iomgr/tcp_windows.cc +455 -0
  446. data/src/core/lib/iomgr/tcp_windows.h +51 -0
  447. data/src/core/lib/iomgr/time_averaged_stats.cc +64 -0
  448. data/src/core/lib/iomgr/time_averaged_stats.h +73 -0
  449. data/src/core/lib/iomgr/timer.cc +45 -0
  450. data/src/core/lib/iomgr/timer.h +125 -0
  451. data/src/core/lib/iomgr/timer_custom.cc +93 -0
  452. data/src/core/lib/iomgr/timer_custom.h +43 -0
  453. data/src/core/lib/iomgr/timer_generic.cc +663 -0
  454. data/src/core/lib/iomgr/timer_heap.cc +135 -0
  455. data/src/core/lib/iomgr/timer_heap.h +44 -0
  456. data/src/core/lib/iomgr/timer_manager.cc +347 -0
  457. data/src/core/lib/iomgr/timer_manager.h +39 -0
  458. data/src/core/lib/iomgr/timer_uv.cc +63 -0
  459. data/src/core/lib/iomgr/udp_server.cc +692 -0
  460. data/src/core/lib/iomgr/udp_server.h +103 -0
  461. data/src/core/lib/iomgr/unix_sockets_posix.cc +104 -0
  462. data/src/core/lib/iomgr/unix_sockets_posix.h +43 -0
  463. data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +49 -0
  464. data/src/core/lib/iomgr/wakeup_fd_cv.cc +107 -0
  465. data/src/core/lib/iomgr/wakeup_fd_cv.h +69 -0
  466. data/src/core/lib/iomgr/wakeup_fd_eventfd.cc +83 -0
  467. data/src/core/lib/iomgr/wakeup_fd_nospecial.cc +38 -0
  468. data/src/core/lib/iomgr/wakeup_fd_pipe.cc +100 -0
  469. data/src/core/lib/iomgr/wakeup_fd_pipe.h +28 -0
  470. data/src/core/lib/iomgr/wakeup_fd_posix.cc +87 -0
  471. data/src/core/lib/iomgr/wakeup_fd_posix.h +96 -0
  472. data/src/core/lib/json/json.cc +86 -0
  473. data/src/core/lib/json/json.h +94 -0
  474. data/src/core/lib/json/json_common.h +34 -0
  475. data/src/core/lib/json/json_reader.cc +663 -0
  476. data/src/core/lib/json/json_reader.h +146 -0
  477. data/src/core/lib/json/json_string.cc +367 -0
  478. data/src/core/lib/json/json_writer.cc +245 -0
  479. data/src/core/lib/json/json_writer.h +84 -0
  480. data/src/core/lib/profiling/basic_timers.cc +286 -0
  481. data/src/core/lib/profiling/stap_timers.cc +50 -0
  482. data/src/core/lib/profiling/timers.h +94 -0
  483. data/src/core/lib/security/context/security_context.cc +348 -0
  484. data/src/core/lib/security/context/security_context.h +115 -0
  485. data/src/core/lib/security/credentials/alts/alts_credentials.cc +119 -0
  486. data/src/core/lib/security/credentials/alts/alts_credentials.h +102 -0
  487. data/src/core/lib/security/credentials/alts/check_gcp_environment.cc +72 -0
  488. data/src/core/lib/security/credentials/alts/check_gcp_environment.h +57 -0
  489. data/src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc +67 -0
  490. data/src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc +33 -0
  491. data/src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc +114 -0
  492. data/src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc +126 -0
  493. data/src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc +46 -0
  494. data/src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h +112 -0
  495. data/src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc +58 -0
  496. data/src/core/lib/security/credentials/composite/composite_credentials.cc +269 -0
  497. data/src/core/lib/security/credentials/composite/composite_credentials.h +59 -0
  498. data/src/core/lib/security/credentials/credentials.cc +286 -0
  499. data/src/core/lib/security/credentials/credentials.h +246 -0
  500. data/src/core/lib/security/credentials/credentials_metadata.cc +62 -0
  501. data/src/core/lib/security/credentials/fake/fake_credentials.cc +136 -0
  502. data/src/core/lib/security/credentials/fake/fake_credentials.h +64 -0
  503. data/src/core/lib/security/credentials/google_default/credentials_generic.cc +41 -0
  504. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +322 -0
  505. data/src/core/lib/security/credentials/google_default/google_default_credentials.h +45 -0
  506. data/src/core/lib/security/credentials/iam/iam_credentials.cc +86 -0
  507. data/src/core/lib/security/credentials/iam/iam_credentials.h +31 -0
  508. data/src/core/lib/security/credentials/jwt/json_token.cc +314 -0
  509. data/src/core/lib/security/credentials/jwt/json_token.h +75 -0
  510. data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +190 -0
  511. data/src/core/lib/security/credentials/jwt/jwt_credentials.h +49 -0
  512. data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +934 -0
  513. data/src/core/lib/security/credentials/jwt/jwt_verifier.h +123 -0
  514. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +532 -0
  515. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +106 -0
  516. data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +271 -0
  517. data/src/core/lib/security/credentials/plugin/plugin_credentials.h +46 -0
  518. data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +349 -0
  519. data/src/core/lib/security/credentials/ssl/ssl_credentials.h +54 -0
  520. data/src/core/lib/security/security_connector/alts_security_connector.cc +287 -0
  521. data/src/core/lib/security/security_connector/alts_security_connector.h +69 -0
  522. data/src/core/lib/security/security_connector/security_connector.cc +1200 -0
  523. data/src/core/lib/security/security_connector/security_connector.h +283 -0
  524. data/src/core/lib/security/transport/auth_filters.h +37 -0
  525. data/src/core/lib/security/transport/client_auth_filter.cc +418 -0
  526. data/src/core/lib/security/transport/secure_endpoint.cc +429 -0
  527. data/src/core/lib/security/transport/secure_endpoint.h +41 -0
  528. data/src/core/lib/security/transport/security_handshaker.cc +526 -0
  529. data/src/core/lib/security/transport/security_handshaker.h +34 -0
  530. data/src/core/lib/security/transport/server_auth_filter.cc +269 -0
  531. data/src/core/lib/security/transport/target_authority_table.cc +75 -0
  532. data/src/core/lib/security/transport/target_authority_table.h +40 -0
  533. data/src/core/lib/security/transport/tsi_error.cc +29 -0
  534. data/src/core/lib/security/transport/tsi_error.h +29 -0
  535. data/src/core/lib/security/util/json_util.cc +48 -0
  536. data/src/core/lib/security/util/json_util.h +42 -0
  537. data/src/core/lib/slice/b64.cc +240 -0
  538. data/src/core/lib/slice/b64.h +51 -0
  539. data/src/core/lib/slice/percent_encoding.cc +169 -0
  540. data/src/core/lib/slice/percent_encoding.h +65 -0
  541. data/src/core/lib/slice/slice.cc +489 -0
  542. data/src/core/lib/slice/slice_buffer.cc +359 -0
  543. data/src/core/lib/slice/slice_hash_table.h +201 -0
  544. data/src/core/lib/slice/slice_intern.cc +332 -0
  545. data/src/core/lib/slice/slice_internal.h +49 -0
  546. data/src/core/lib/slice/slice_string_helpers.cc +118 -0
  547. data/src/core/lib/slice/slice_string_helpers.h +47 -0
  548. data/src/core/lib/slice/slice_weak_hash_table.h +105 -0
  549. data/src/core/lib/surface/api_trace.cc +24 -0
  550. data/src/core/lib/surface/api_trace.h +52 -0
  551. data/src/core/lib/surface/byte_buffer.cc +92 -0
  552. data/src/core/lib/surface/byte_buffer_reader.cc +129 -0
  553. data/src/core/lib/surface/call.cc +2002 -0
  554. data/src/core/lib/surface/call.h +109 -0
  555. data/src/core/lib/surface/call_details.cc +42 -0
  556. data/src/core/lib/surface/call_log_batch.cc +120 -0
  557. data/src/core/lib/surface/call_test_only.h +43 -0
  558. data/src/core/lib/surface/channel.cc +450 -0
  559. data/src/core/lib/surface/channel.h +83 -0
  560. data/src/core/lib/surface/channel_init.cc +109 -0
  561. data/src/core/lib/surface/channel_init.h +73 -0
  562. data/src/core/lib/surface/channel_ping.cc +65 -0
  563. data/src/core/lib/surface/channel_stack_type.cc +58 -0
  564. data/src/core/lib/surface/channel_stack_type.h +47 -0
  565. data/src/core/lib/surface/completion_queue.cc +1262 -0
  566. data/src/core/lib/surface/completion_queue.h +93 -0
  567. data/src/core/lib/surface/completion_queue_factory.cc +79 -0
  568. data/src/core/lib/surface/completion_queue_factory.h +38 -0
  569. data/src/core/lib/surface/event_string.cc +68 -0
  570. data/src/core/lib/surface/event_string.h +29 -0
  571. data/src/core/lib/surface/init.cc +196 -0
  572. data/src/core/lib/surface/init.h +27 -0
  573. data/src/core/lib/surface/init_secure.cc +81 -0
  574. data/src/core/lib/surface/lame_client.cc +180 -0
  575. data/src/core/lib/surface/lame_client.h +28 -0
  576. data/src/core/lib/surface/metadata_array.cc +36 -0
  577. data/src/core/lib/surface/server.cc +1445 -0
  578. data/src/core/lib/surface/server.h +58 -0
  579. data/src/core/lib/surface/validate_metadata.cc +95 -0
  580. data/src/core/lib/surface/validate_metadata.h +30 -0
  581. data/src/core/lib/surface/version.cc +28 -0
  582. data/src/core/lib/transport/bdp_estimator.cc +87 -0
  583. data/src/core/lib/transport/bdp_estimator.h +94 -0
  584. data/src/core/lib/transport/byte_stream.cc +160 -0
  585. data/src/core/lib/transport/byte_stream.h +164 -0
  586. data/src/core/lib/transport/connectivity_state.cc +196 -0
  587. data/src/core/lib/transport/connectivity_state.h +87 -0
  588. data/src/core/lib/transport/error_utils.cc +118 -0
  589. data/src/core/lib/transport/error_utils.h +46 -0
  590. data/src/core/lib/transport/http2_errors.h +41 -0
  591. data/src/core/lib/transport/metadata.cc +539 -0
  592. data/src/core/lib/transport/metadata.h +165 -0
  593. data/src/core/lib/transport/metadata_batch.cc +329 -0
  594. data/src/core/lib/transport/metadata_batch.h +150 -0
  595. data/src/core/lib/transport/pid_controller.cc +51 -0
  596. data/src/core/lib/transport/pid_controller.h +116 -0
  597. data/src/core/lib/transport/service_config.cc +106 -0
  598. data/src/core/lib/transport/service_config.h +249 -0
  599. data/src/core/lib/transport/static_metadata.cc +601 -0
  600. data/src/core/lib/transport/static_metadata.h +603 -0
  601. data/src/core/lib/transport/status_conversion.cc +100 -0
  602. data/src/core/lib/transport/status_conversion.h +38 -0
  603. data/src/core/lib/transport/status_metadata.cc +54 -0
  604. data/src/core/lib/transport/status_metadata.h +30 -0
  605. data/src/core/lib/transport/timeout_encoding.cc +144 -0
  606. data/src/core/lib/transport/timeout_encoding.h +37 -0
  607. data/src/core/lib/transport/transport.cc +278 -0
  608. data/src/core/lib/transport/transport.h +378 -0
  609. data/src/core/lib/transport/transport_impl.h +71 -0
  610. data/src/core/lib/transport/transport_op_string.cc +214 -0
  611. data/src/core/plugin_registry/grpc_plugin_registry.cc +97 -0
  612. data/src/core/tsi/alts/crypt/aes_gcm.cc +687 -0
  613. data/src/core/tsi/alts/crypt/gsec.cc +189 -0
  614. data/src/core/tsi/alts/crypt/gsec.h +454 -0
  615. data/src/core/tsi/alts/frame_protector/alts_counter.cc +118 -0
  616. data/src/core/tsi/alts/frame_protector/alts_counter.h +98 -0
  617. data/src/core/tsi/alts/frame_protector/alts_crypter.cc +66 -0
  618. data/src/core/tsi/alts/frame_protector/alts_crypter.h +255 -0
  619. data/src/core/tsi/alts/frame_protector/alts_frame_protector.cc +407 -0
  620. data/src/core/tsi/alts/frame_protector/alts_frame_protector.h +55 -0
  621. data/src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc +114 -0
  622. data/src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h +114 -0
  623. data/src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc +105 -0
  624. data/src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc +103 -0
  625. data/src/core/tsi/alts/frame_protector/frame_handler.cc +218 -0
  626. data/src/core/tsi/alts/frame_protector/frame_handler.h +236 -0
  627. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +316 -0
  628. data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +137 -0
  629. data/src/core/tsi/alts/handshaker/alts_handshaker_service_api.cc +520 -0
  630. data/src/core/tsi/alts/handshaker/alts_handshaker_service_api.h +323 -0
  631. data/src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.cc +143 -0
  632. data/src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.h +149 -0
  633. data/src/core/tsi/alts/handshaker/alts_tsi_event.cc +73 -0
  634. data/src/core/tsi/alts/handshaker/alts_tsi_event.h +93 -0
  635. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +483 -0
  636. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +83 -0
  637. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h +52 -0
  638. data/src/core/tsi/alts/handshaker/alts_tsi_utils.cc +58 -0
  639. data/src/core/tsi/alts/handshaker/alts_tsi_utils.h +52 -0
  640. data/src/core/tsi/alts/handshaker/altscontext.pb.c +48 -0
  641. data/src/core/tsi/alts/handshaker/altscontext.pb.h +64 -0
  642. data/src/core/tsi/alts/handshaker/handshaker.pb.c +123 -0
  643. data/src/core/tsi/alts/handshaker/handshaker.pb.h +255 -0
  644. data/src/core/tsi/alts/handshaker/transport_security_common.pb.c +50 -0
  645. data/src/core/tsi/alts/handshaker/transport_security_common.pb.h +78 -0
  646. data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +196 -0
  647. data/src/core/tsi/alts/handshaker/transport_security_common_api.h +163 -0
  648. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc +180 -0
  649. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h +52 -0
  650. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc +144 -0
  651. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h +49 -0
  652. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h +91 -0
  653. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc +174 -0
  654. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h +100 -0
  655. data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc +476 -0
  656. data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h +199 -0
  657. data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +296 -0
  658. data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h +52 -0
  659. data/src/core/tsi/alts_transport_security.cc +63 -0
  660. data/src/core/tsi/alts_transport_security.h +47 -0
  661. data/src/core/tsi/fake_transport_security.cc +787 -0
  662. data/src/core/tsi/fake_transport_security.h +45 -0
  663. data/src/core/tsi/ssl/session_cache/ssl_session.h +73 -0
  664. data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +58 -0
  665. data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +211 -0
  666. data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +93 -0
  667. data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +76 -0
  668. data/src/core/tsi/ssl_transport_security.cc +1831 -0
  669. data/src/core/tsi/ssl_transport_security.h +314 -0
  670. data/src/core/tsi/ssl_types.h +42 -0
  671. data/src/core/tsi/transport_security.cc +326 -0
  672. data/src/core/tsi/transport_security.h +127 -0
  673. data/src/core/tsi/transport_security_adapter.cc +235 -0
  674. data/src/core/tsi/transport_security_adapter.h +41 -0
  675. data/src/core/tsi/transport_security_grpc.cc +66 -0
  676. data/src/core/tsi/transport_security_grpc.h +74 -0
  677. data/src/core/tsi/transport_security_interface.h +454 -0
  678. data/src/ruby/bin/apis/google/protobuf/empty.rb +29 -0
  679. data/src/ruby/bin/apis/pubsub_demo.rb +241 -0
  680. data/src/ruby/bin/apis/tech/pubsub/proto/pubsub.rb +159 -0
  681. data/src/ruby/bin/apis/tech/pubsub/proto/pubsub_services.rb +88 -0
  682. data/src/ruby/bin/math_client.rb +132 -0
  683. data/src/ruby/bin/math_pb.rb +32 -0
  684. data/src/ruby/bin/math_server.rb +191 -0
  685. data/src/ruby/bin/math_services_pb.rb +51 -0
  686. data/src/ruby/bin/noproto_client.rb +93 -0
  687. data/src/ruby/bin/noproto_server.rb +97 -0
  688. data/src/ruby/ext/grpc/extconf.rb +118 -0
  689. data/src/ruby/ext/grpc/rb_byte_buffer.c +64 -0
  690. data/src/ruby/ext/grpc/rb_byte_buffer.h +35 -0
  691. data/src/ruby/ext/grpc/rb_call.c +1041 -0
  692. data/src/ruby/ext/grpc/rb_call.h +53 -0
  693. data/src/ruby/ext/grpc/rb_call_credentials.c +290 -0
  694. data/src/ruby/ext/grpc/rb_call_credentials.h +31 -0
  695. data/src/ruby/ext/grpc/rb_channel.c +828 -0
  696. data/src/ruby/ext/grpc/rb_channel.h +34 -0
  697. data/src/ruby/ext/grpc/rb_channel_args.c +155 -0
  698. data/src/ruby/ext/grpc/rb_channel_args.h +38 -0
  699. data/src/ruby/ext/grpc/rb_channel_credentials.c +263 -0
  700. data/src/ruby/ext/grpc/rb_channel_credentials.h +32 -0
  701. data/src/ruby/ext/grpc/rb_completion_queue.c +100 -0
  702. data/src/ruby/ext/grpc/rb_completion_queue.h +36 -0
  703. data/src/ruby/ext/grpc/rb_compression_options.c +468 -0
  704. data/src/ruby/ext/grpc/rb_compression_options.h +29 -0
  705. data/src/ruby/ext/grpc/rb_event_thread.c +141 -0
  706. data/src/ruby/ext/grpc/rb_event_thread.h +21 -0
  707. data/src/ruby/ext/grpc/rb_grpc.c +340 -0
  708. data/src/ruby/ext/grpc/rb_grpc.h +72 -0
  709. data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +507 -0
  710. data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +766 -0
  711. data/src/ruby/ext/grpc/rb_loader.c +57 -0
  712. data/src/ruby/ext/grpc/rb_loader.h +25 -0
  713. data/src/ruby/ext/grpc/rb_server.c +366 -0
  714. data/src/ruby/ext/grpc/rb_server.h +32 -0
  715. data/src/ruby/ext/grpc/rb_server_credentials.c +243 -0
  716. data/src/ruby/ext/grpc/rb_server_credentials.h +32 -0
  717. data/src/ruby/lib/grpc/core/time_consts.rb +56 -0
  718. data/src/ruby/lib/grpc/errors.rb +201 -0
  719. data/src/ruby/lib/grpc/generic/active_call.rb +674 -0
  720. data/src/ruby/lib/grpc/generic/bidi_call.rb +233 -0
  721. data/src/ruby/lib/grpc/generic/client_stub.rb +501 -0
  722. data/src/ruby/lib/grpc/generic/interceptor_registry.rb +53 -0
  723. data/src/ruby/lib/grpc/generic/interceptors.rb +186 -0
  724. data/src/ruby/lib/grpc/generic/rpc_desc.rb +204 -0
  725. data/src/ruby/lib/grpc/generic/rpc_server.rb +490 -0
  726. data/src/ruby/lib/grpc/generic/service.rb +210 -0
  727. data/src/ruby/lib/grpc/google_rpc_status_utils.rb +35 -0
  728. data/src/ruby/lib/grpc/grpc.rb +24 -0
  729. data/src/ruby/lib/grpc/logconfig.rb +44 -0
  730. data/src/ruby/lib/grpc/notifier.rb +45 -0
  731. data/src/ruby/lib/grpc/version.rb +18 -0
  732. data/src/ruby/lib/grpc.rb +35 -0
  733. data/src/ruby/pb/README.md +42 -0
  734. data/src/ruby/pb/generate_proto_ruby.sh +43 -0
  735. data/src/ruby/pb/grpc/health/checker.rb +76 -0
  736. data/src/ruby/pb/grpc/health/v1/health_pb.rb +28 -0
  737. data/src/ruby/pb/grpc/health/v1/health_services_pb.rb +41 -0
  738. data/src/ruby/pb/grpc/testing/duplicate/echo_duplicate_services_pb.rb +44 -0
  739. data/src/ruby/pb/grpc/testing/metrics_pb.rb +28 -0
  740. data/src/ruby/pb/grpc/testing/metrics_services_pb.rb +49 -0
  741. data/src/ruby/pb/src/proto/grpc/testing/empty_pb.rb +15 -0
  742. data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +82 -0
  743. data/src/ruby/pb/src/proto/grpc/testing/test_pb.rb +14 -0
  744. data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +102 -0
  745. data/src/ruby/pb/test/client.rb +764 -0
  746. data/src/ruby/pb/test/server.rb +252 -0
  747. data/src/ruby/spec/call_credentials_spec.rb +42 -0
  748. data/src/ruby/spec/call_spec.rb +180 -0
  749. data/src/ruby/spec/channel_connection_spec.rb +126 -0
  750. data/src/ruby/spec/channel_credentials_spec.rb +82 -0
  751. data/src/ruby/spec/channel_spec.rb +190 -0
  752. data/src/ruby/spec/client_auth_spec.rb +137 -0
  753. data/src/ruby/spec/client_server_spec.rb +664 -0
  754. data/src/ruby/spec/compression_options_spec.rb +149 -0
  755. data/src/ruby/spec/error_sanity_spec.rb +49 -0
  756. data/src/ruby/spec/generic/active_call_spec.rb +672 -0
  757. data/src/ruby/spec/generic/client_interceptors_spec.rb +153 -0
  758. data/src/ruby/spec/generic/client_stub_spec.rb +1067 -0
  759. data/src/ruby/spec/generic/interceptor_registry_spec.rb +65 -0
  760. data/src/ruby/spec/generic/rpc_desc_spec.rb +374 -0
  761. data/src/ruby/spec/generic/rpc_server_pool_spec.rb +127 -0
  762. data/src/ruby/spec/generic/rpc_server_spec.rb +726 -0
  763. data/src/ruby/spec/generic/server_interceptors_spec.rb +218 -0
  764. data/src/ruby/spec/generic/service_spec.rb +261 -0
  765. data/src/ruby/spec/google_rpc_status_utils_spec.rb +293 -0
  766. data/src/ruby/spec/pb/duplicate/codegen_spec.rb +56 -0
  767. data/src/ruby/spec/pb/health/checker_spec.rb +236 -0
  768. data/src/ruby/spec/pb/package_with_underscore/checker_spec.rb +54 -0
  769. data/src/ruby/spec/pb/package_with_underscore/data.proto +23 -0
  770. data/src/ruby/spec/pb/package_with_underscore/service.proto +23 -0
  771. data/src/ruby/spec/server_credentials_spec.rb +79 -0
  772. data/src/ruby/spec/server_spec.rb +209 -0
  773. data/src/ruby/spec/spec_helper.rb +60 -0
  774. data/src/ruby/spec/support/helpers.rb +107 -0
  775. data/src/ruby/spec/support/services.rb +147 -0
  776. data/src/ruby/spec/testdata/README +1 -0
  777. data/src/ruby/spec/testdata/ca.pem +15 -0
  778. data/src/ruby/spec/testdata/client.key +16 -0
  779. data/src/ruby/spec/testdata/client.pem +14 -0
  780. data/src/ruby/spec/testdata/server1.key +16 -0
  781. data/src/ruby/spec/testdata/server1.pem +16 -0
  782. data/src/ruby/spec/time_consts_spec.rb +74 -0
  783. data/third_party/address_sorting/address_sorting.c +369 -0
  784. data/third_party/address_sorting/address_sorting_internal.h +70 -0
  785. data/third_party/address_sorting/address_sorting_posix.c +97 -0
  786. data/third_party/address_sorting/address_sorting_windows.c +55 -0
  787. data/third_party/address_sorting/include/address_sorting/address_sorting.h +110 -0
  788. data/third_party/boringssl/crypto/asn1/a_bitstr.c +271 -0
  789. data/third_party/boringssl/crypto/asn1/a_bool.c +110 -0
  790. data/third_party/boringssl/crypto/asn1/a_d2i_fp.c +297 -0
  791. data/third_party/boringssl/crypto/asn1/a_dup.c +111 -0
  792. data/third_party/boringssl/crypto/asn1/a_enum.c +195 -0
  793. data/third_party/boringssl/crypto/asn1/a_gentm.c +261 -0
  794. data/third_party/boringssl/crypto/asn1/a_i2d_fp.c +150 -0
  795. data/third_party/boringssl/crypto/asn1/a_int.c +474 -0
  796. data/third_party/boringssl/crypto/asn1/a_mbstr.c +409 -0
  797. data/third_party/boringssl/crypto/asn1/a_object.c +275 -0
  798. data/third_party/boringssl/crypto/asn1/a_octet.c +77 -0
  799. data/third_party/boringssl/crypto/asn1/a_print.c +93 -0
  800. data/third_party/boringssl/crypto/asn1/a_strnid.c +312 -0
  801. data/third_party/boringssl/crypto/asn1/a_time.c +213 -0
  802. data/third_party/boringssl/crypto/asn1/a_type.c +151 -0
  803. data/third_party/boringssl/crypto/asn1/a_utctm.c +303 -0
  804. data/third_party/boringssl/crypto/asn1/a_utf8.c +234 -0
  805. data/third_party/boringssl/crypto/asn1/asn1_lib.c +442 -0
  806. data/third_party/boringssl/crypto/asn1/asn1_locl.h +101 -0
  807. data/third_party/boringssl/crypto/asn1/asn1_par.c +80 -0
  808. data/third_party/boringssl/crypto/asn1/asn_pack.c +105 -0
  809. data/third_party/boringssl/crypto/asn1/f_enum.c +93 -0
  810. data/third_party/boringssl/crypto/asn1/f_int.c +97 -0
  811. data/third_party/boringssl/crypto/asn1/f_string.c +91 -0
  812. data/third_party/boringssl/crypto/asn1/tasn_dec.c +1223 -0
  813. data/third_party/boringssl/crypto/asn1/tasn_enc.c +662 -0
  814. data/third_party/boringssl/crypto/asn1/tasn_fre.c +244 -0
  815. data/third_party/boringssl/crypto/asn1/tasn_new.c +387 -0
  816. data/third_party/boringssl/crypto/asn1/tasn_typ.c +131 -0
  817. data/third_party/boringssl/crypto/asn1/tasn_utl.c +280 -0
  818. data/third_party/boringssl/crypto/asn1/time_support.c +206 -0
  819. data/third_party/boringssl/crypto/base64/base64.c +466 -0
  820. data/third_party/boringssl/crypto/bio/bio.c +636 -0
  821. data/third_party/boringssl/crypto/bio/bio_mem.c +330 -0
  822. data/third_party/boringssl/crypto/bio/connect.c +542 -0
  823. data/third_party/boringssl/crypto/bio/fd.c +275 -0
  824. data/third_party/boringssl/crypto/bio/file.c +313 -0
  825. data/third_party/boringssl/crypto/bio/hexdump.c +192 -0
  826. data/third_party/boringssl/crypto/bio/internal.h +111 -0
  827. data/third_party/boringssl/crypto/bio/pair.c +489 -0
  828. data/third_party/boringssl/crypto/bio/printf.c +115 -0
  829. data/third_party/boringssl/crypto/bio/socket.c +202 -0
  830. data/third_party/boringssl/crypto/bio/socket_helper.c +114 -0
  831. data/third_party/boringssl/crypto/bn_extra/bn_asn1.c +64 -0
  832. data/third_party/boringssl/crypto/bn_extra/convert.c +465 -0
  833. data/third_party/boringssl/crypto/buf/buf.c +231 -0
  834. data/third_party/boringssl/crypto/bytestring/asn1_compat.c +52 -0
  835. data/third_party/boringssl/crypto/bytestring/ber.c +264 -0
  836. data/third_party/boringssl/crypto/bytestring/cbb.c +568 -0
  837. data/third_party/boringssl/crypto/bytestring/cbs.c +487 -0
  838. data/third_party/boringssl/crypto/bytestring/internal.h +75 -0
  839. data/third_party/boringssl/crypto/chacha/chacha.c +167 -0
  840. data/third_party/boringssl/crypto/cipher_extra/cipher_extra.c +114 -0
  841. data/third_party/boringssl/crypto/cipher_extra/derive_key.c +152 -0
  842. data/third_party/boringssl/crypto/cipher_extra/e_aesctrhmac.c +281 -0
  843. data/third_party/boringssl/crypto/cipher_extra/e_aesgcmsiv.c +867 -0
  844. data/third_party/boringssl/crypto/cipher_extra/e_chacha20poly1305.c +326 -0
  845. data/third_party/boringssl/crypto/cipher_extra/e_null.c +85 -0
  846. data/third_party/boringssl/crypto/cipher_extra/e_rc2.c +460 -0
  847. data/third_party/boringssl/crypto/cipher_extra/e_rc4.c +87 -0
  848. data/third_party/boringssl/crypto/cipher_extra/e_ssl3.c +460 -0
  849. data/third_party/boringssl/crypto/cipher_extra/e_tls.c +681 -0
  850. data/third_party/boringssl/crypto/cipher_extra/internal.h +128 -0
  851. data/third_party/boringssl/crypto/cipher_extra/tls_cbc.c +482 -0
  852. data/third_party/boringssl/crypto/cmac/cmac.c +241 -0
  853. data/third_party/boringssl/crypto/conf/conf.c +803 -0
  854. data/third_party/boringssl/crypto/conf/conf_def.h +127 -0
  855. data/third_party/boringssl/crypto/conf/internal.h +31 -0
  856. data/third_party/boringssl/crypto/cpu-aarch64-linux.c +61 -0
  857. data/third_party/boringssl/crypto/cpu-arm-linux.c +363 -0
  858. data/third_party/boringssl/crypto/cpu-arm.c +38 -0
  859. data/third_party/boringssl/crypto/cpu-intel.c +288 -0
  860. data/third_party/boringssl/crypto/cpu-ppc64le.c +38 -0
  861. data/third_party/boringssl/crypto/crypto.c +198 -0
  862. data/third_party/boringssl/crypto/curve25519/spake25519.c +539 -0
  863. data/third_party/boringssl/crypto/curve25519/x25519-x86_64.c +247 -0
  864. data/third_party/boringssl/crypto/dh/check.c +217 -0
  865. data/third_party/boringssl/crypto/dh/dh.c +519 -0
  866. data/third_party/boringssl/crypto/dh/dh_asn1.c +160 -0
  867. data/third_party/boringssl/crypto/dh/params.c +93 -0
  868. data/third_party/boringssl/crypto/digest_extra/digest_extra.c +240 -0
  869. data/third_party/boringssl/crypto/dsa/dsa.c +984 -0
  870. data/third_party/boringssl/crypto/dsa/dsa_asn1.c +339 -0
  871. data/third_party/boringssl/crypto/ec_extra/ec_asn1.c +563 -0
  872. data/third_party/boringssl/crypto/ecdh/ecdh.c +161 -0
  873. data/third_party/boringssl/crypto/ecdsa_extra/ecdsa_asn1.c +275 -0
  874. data/third_party/boringssl/crypto/engine/engine.c +98 -0
  875. data/third_party/boringssl/crypto/err/err.c +847 -0
  876. data/third_party/boringssl/crypto/err/internal.h +58 -0
  877. data/third_party/boringssl/crypto/evp/digestsign.c +231 -0
  878. data/third_party/boringssl/crypto/evp/evp.c +362 -0
  879. data/third_party/boringssl/crypto/evp/evp_asn1.c +337 -0
  880. data/third_party/boringssl/crypto/evp/evp_ctx.c +446 -0
  881. data/third_party/boringssl/crypto/evp/internal.h +252 -0
  882. data/third_party/boringssl/crypto/evp/p_dsa_asn1.c +268 -0
  883. data/third_party/boringssl/crypto/evp/p_ec.c +239 -0
  884. data/third_party/boringssl/crypto/evp/p_ec_asn1.c +256 -0
  885. data/third_party/boringssl/crypto/evp/p_ed25519.c +71 -0
  886. data/third_party/boringssl/crypto/evp/p_ed25519_asn1.c +190 -0
  887. data/third_party/boringssl/crypto/evp/p_rsa.c +634 -0
  888. data/third_party/boringssl/crypto/evp/p_rsa_asn1.c +189 -0
  889. data/third_party/boringssl/crypto/evp/pbkdf.c +146 -0
  890. data/third_party/boringssl/crypto/evp/print.c +489 -0
  891. data/third_party/boringssl/crypto/evp/scrypt.c +209 -0
  892. data/third_party/boringssl/crypto/evp/sign.c +151 -0
  893. data/third_party/boringssl/crypto/ex_data.c +261 -0
  894. data/third_party/boringssl/crypto/fipsmodule/aes/aes.c +1100 -0
  895. data/third_party/boringssl/crypto/fipsmodule/aes/internal.h +100 -0
  896. data/third_party/boringssl/crypto/fipsmodule/aes/key_wrap.c +138 -0
  897. data/third_party/boringssl/crypto/fipsmodule/aes/mode_wrappers.c +112 -0
  898. data/third_party/boringssl/crypto/fipsmodule/bcm.c +679 -0
  899. data/third_party/boringssl/crypto/fipsmodule/bn/add.c +371 -0
  900. data/third_party/boringssl/crypto/fipsmodule/bn/asm/x86_64-gcc.c +540 -0
  901. data/third_party/boringssl/crypto/fipsmodule/bn/bn.c +370 -0
  902. data/third_party/boringssl/crypto/fipsmodule/bn/bytes.c +269 -0
  903. data/third_party/boringssl/crypto/fipsmodule/bn/cmp.c +254 -0
  904. data/third_party/boringssl/crypto/fipsmodule/bn/ctx.c +303 -0
  905. data/third_party/boringssl/crypto/fipsmodule/bn/div.c +733 -0
  906. data/third_party/boringssl/crypto/fipsmodule/bn/exponentiation.c +1390 -0
  907. data/third_party/boringssl/crypto/fipsmodule/bn/gcd.c +627 -0
  908. data/third_party/boringssl/crypto/fipsmodule/bn/generic.c +710 -0
  909. data/third_party/boringssl/crypto/fipsmodule/bn/internal.h +413 -0
  910. data/third_party/boringssl/crypto/fipsmodule/bn/jacobi.c +146 -0
  911. data/third_party/boringssl/crypto/fipsmodule/bn/montgomery.c +483 -0
  912. data/third_party/boringssl/crypto/fipsmodule/bn/montgomery_inv.c +207 -0
  913. data/third_party/boringssl/crypto/fipsmodule/bn/mul.c +902 -0
  914. data/third_party/boringssl/crypto/fipsmodule/bn/prime.c +894 -0
  915. data/third_party/boringssl/crypto/fipsmodule/bn/random.c +299 -0
  916. data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.c +254 -0
  917. data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.h +53 -0
  918. data/third_party/boringssl/crypto/fipsmodule/bn/shift.c +305 -0
  919. data/third_party/boringssl/crypto/fipsmodule/bn/sqrt.c +502 -0
  920. data/third_party/boringssl/crypto/fipsmodule/cipher/aead.c +284 -0
  921. data/third_party/boringssl/crypto/fipsmodule/cipher/cipher.c +615 -0
  922. data/third_party/boringssl/crypto/fipsmodule/cipher/e_aes.c +1437 -0
  923. data/third_party/boringssl/crypto/fipsmodule/cipher/e_des.c +233 -0
  924. data/third_party/boringssl/crypto/fipsmodule/cipher/internal.h +129 -0
  925. data/third_party/boringssl/crypto/fipsmodule/delocate.h +88 -0
  926. data/third_party/boringssl/crypto/fipsmodule/des/des.c +785 -0
  927. data/third_party/boringssl/crypto/fipsmodule/des/internal.h +238 -0
  928. data/third_party/boringssl/crypto/fipsmodule/digest/digest.c +256 -0
  929. data/third_party/boringssl/crypto/fipsmodule/digest/digests.c +280 -0
  930. data/third_party/boringssl/crypto/fipsmodule/digest/internal.h +112 -0
  931. data/third_party/boringssl/crypto/fipsmodule/digest/md32_common.h +268 -0
  932. data/third_party/boringssl/crypto/fipsmodule/ec/ec.c +943 -0
  933. data/third_party/boringssl/crypto/fipsmodule/ec/ec_key.c +517 -0
  934. data/third_party/boringssl/crypto/fipsmodule/ec/ec_montgomery.c +277 -0
  935. data/third_party/boringssl/crypto/fipsmodule/ec/internal.h +316 -0
  936. data/third_party/boringssl/crypto/fipsmodule/ec/oct.c +404 -0
  937. data/third_party/boringssl/crypto/fipsmodule/ec/p224-64.c +1131 -0
  938. data/third_party/boringssl/crypto/fipsmodule/ec/p256-64.c +1674 -0
  939. data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64-table.h +9543 -0
  940. data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.c +456 -0
  941. data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.h +113 -0
  942. data/third_party/boringssl/crypto/fipsmodule/ec/simple.c +1052 -0
  943. data/third_party/boringssl/crypto/fipsmodule/ec/util-64.c +109 -0
  944. data/third_party/boringssl/crypto/fipsmodule/ec/wnaf.c +474 -0
  945. data/third_party/boringssl/crypto/fipsmodule/ecdsa/ecdsa.c +442 -0
  946. data/third_party/boringssl/crypto/fipsmodule/hmac/hmac.c +228 -0
  947. data/third_party/boringssl/crypto/fipsmodule/is_fips.c +27 -0
  948. data/third_party/boringssl/crypto/fipsmodule/md4/md4.c +254 -0
  949. data/third_party/boringssl/crypto/fipsmodule/md5/md5.c +298 -0
  950. data/third_party/boringssl/crypto/fipsmodule/modes/cbc.c +211 -0
  951. data/third_party/boringssl/crypto/fipsmodule/modes/cfb.c +234 -0
  952. data/third_party/boringssl/crypto/fipsmodule/modes/ctr.c +220 -0
  953. data/third_party/boringssl/crypto/fipsmodule/modes/gcm.c +1063 -0
  954. data/third_party/boringssl/crypto/fipsmodule/modes/internal.h +384 -0
  955. data/third_party/boringssl/crypto/fipsmodule/modes/ofb.c +95 -0
  956. data/third_party/boringssl/crypto/fipsmodule/modes/polyval.c +91 -0
  957. data/third_party/boringssl/crypto/fipsmodule/rand/ctrdrbg.c +200 -0
  958. data/third_party/boringssl/crypto/fipsmodule/rand/internal.h +92 -0
  959. data/third_party/boringssl/crypto/fipsmodule/rand/rand.c +358 -0
  960. data/third_party/boringssl/crypto/fipsmodule/rand/urandom.c +302 -0
  961. data/third_party/boringssl/crypto/fipsmodule/rsa/blinding.c +263 -0
  962. data/third_party/boringssl/crypto/fipsmodule/rsa/internal.h +131 -0
  963. data/third_party/boringssl/crypto/fipsmodule/rsa/padding.c +692 -0
  964. data/third_party/boringssl/crypto/fipsmodule/rsa/rsa.c +857 -0
  965. data/third_party/boringssl/crypto/fipsmodule/rsa/rsa_impl.c +1051 -0
  966. data/third_party/boringssl/crypto/fipsmodule/sha/sha1-altivec.c +361 -0
  967. data/third_party/boringssl/crypto/fipsmodule/sha/sha1.c +375 -0
  968. data/third_party/boringssl/crypto/fipsmodule/sha/sha256.c +337 -0
  969. data/third_party/boringssl/crypto/fipsmodule/sha/sha512.c +608 -0
  970. data/third_party/boringssl/crypto/hkdf/hkdf.c +112 -0
  971. data/third_party/boringssl/crypto/internal.h +676 -0
  972. data/third_party/boringssl/crypto/lhash/lhash.c +336 -0
  973. data/third_party/boringssl/crypto/mem.c +237 -0
  974. data/third_party/boringssl/crypto/obj/obj.c +621 -0
  975. data/third_party/boringssl/crypto/obj/obj_dat.h +6244 -0
  976. data/third_party/boringssl/crypto/obj/obj_xref.c +122 -0
  977. data/third_party/boringssl/crypto/pem/pem_all.c +262 -0
  978. data/third_party/boringssl/crypto/pem/pem_info.c +379 -0
  979. data/third_party/boringssl/crypto/pem/pem_lib.c +776 -0
  980. data/third_party/boringssl/crypto/pem/pem_oth.c +88 -0
  981. data/third_party/boringssl/crypto/pem/pem_pk8.c +258 -0
  982. data/third_party/boringssl/crypto/pem/pem_pkey.c +227 -0
  983. data/third_party/boringssl/crypto/pem/pem_x509.c +65 -0
  984. data/third_party/boringssl/crypto/pem/pem_xaux.c +65 -0
  985. data/third_party/boringssl/crypto/pkcs7/internal.h +49 -0
  986. data/third_party/boringssl/crypto/pkcs7/pkcs7.c +166 -0
  987. data/third_party/boringssl/crypto/pkcs7/pkcs7_x509.c +233 -0
  988. data/third_party/boringssl/crypto/pkcs8/internal.h +120 -0
  989. data/third_party/boringssl/crypto/pkcs8/p5_pbev2.c +307 -0
  990. data/third_party/boringssl/crypto/pkcs8/pkcs8.c +513 -0
  991. data/third_party/boringssl/crypto/pkcs8/pkcs8_x509.c +789 -0
  992. data/third_party/boringssl/crypto/poly1305/internal.h +41 -0
  993. data/third_party/boringssl/crypto/poly1305/poly1305.c +318 -0
  994. data/third_party/boringssl/crypto/poly1305/poly1305_arm.c +304 -0
  995. data/third_party/boringssl/crypto/poly1305/poly1305_vec.c +839 -0
  996. data/third_party/boringssl/crypto/pool/internal.h +45 -0
  997. data/third_party/boringssl/crypto/pool/pool.c +200 -0
  998. data/third_party/boringssl/crypto/rand_extra/deterministic.c +48 -0
  999. data/third_party/boringssl/crypto/rand_extra/forkunsafe.c +46 -0
  1000. data/third_party/boringssl/crypto/rand_extra/fuchsia.c +43 -0
  1001. data/third_party/boringssl/crypto/rand_extra/rand_extra.c +70 -0
  1002. data/third_party/boringssl/crypto/rand_extra/windows.c +53 -0
  1003. data/third_party/boringssl/crypto/rc4/rc4.c +98 -0
  1004. data/third_party/boringssl/crypto/refcount_c11.c +67 -0
  1005. data/third_party/boringssl/crypto/refcount_lock.c +53 -0
  1006. data/third_party/boringssl/crypto/rsa_extra/rsa_asn1.c +325 -0
  1007. data/third_party/boringssl/crypto/stack/stack.c +380 -0
  1008. data/third_party/boringssl/crypto/thread.c +110 -0
  1009. data/third_party/boringssl/crypto/thread_none.c +59 -0
  1010. data/third_party/boringssl/crypto/thread_pthread.c +176 -0
  1011. data/third_party/boringssl/crypto/thread_win.c +237 -0
  1012. data/third_party/boringssl/crypto/x509/a_digest.c +96 -0
  1013. data/third_party/boringssl/crypto/x509/a_sign.c +128 -0
  1014. data/third_party/boringssl/crypto/x509/a_strex.c +633 -0
  1015. data/third_party/boringssl/crypto/x509/a_verify.c +115 -0
  1016. data/third_party/boringssl/crypto/x509/algorithm.c +153 -0
  1017. data/third_party/boringssl/crypto/x509/asn1_gen.c +841 -0
  1018. data/third_party/boringssl/crypto/x509/by_dir.c +451 -0
  1019. data/third_party/boringssl/crypto/x509/by_file.c +274 -0
  1020. data/third_party/boringssl/crypto/x509/charmap.h +15 -0
  1021. data/third_party/boringssl/crypto/x509/i2d_pr.c +83 -0
  1022. data/third_party/boringssl/crypto/x509/internal.h +66 -0
  1023. data/third_party/boringssl/crypto/x509/rsa_pss.c +385 -0
  1024. data/third_party/boringssl/crypto/x509/t_crl.c +128 -0
  1025. data/third_party/boringssl/crypto/x509/t_req.c +246 -0
  1026. data/third_party/boringssl/crypto/x509/t_x509.c +547 -0
  1027. data/third_party/boringssl/crypto/x509/t_x509a.c +111 -0
  1028. data/third_party/boringssl/crypto/x509/vpm_int.h +70 -0
  1029. data/third_party/boringssl/crypto/x509/x509.c +157 -0
  1030. data/third_party/boringssl/crypto/x509/x509_att.c +381 -0
  1031. data/third_party/boringssl/crypto/x509/x509_cmp.c +477 -0
  1032. data/third_party/boringssl/crypto/x509/x509_d2.c +106 -0
  1033. data/third_party/boringssl/crypto/x509/x509_def.c +103 -0
  1034. data/third_party/boringssl/crypto/x509/x509_ext.c +206 -0
  1035. data/third_party/boringssl/crypto/x509/x509_lu.c +725 -0
  1036. data/third_party/boringssl/crypto/x509/x509_obj.c +198 -0
  1037. data/third_party/boringssl/crypto/x509/x509_r2x.c +117 -0
  1038. data/third_party/boringssl/crypto/x509/x509_req.c +322 -0
  1039. data/third_party/boringssl/crypto/x509/x509_set.c +164 -0
  1040. data/third_party/boringssl/crypto/x509/x509_trs.c +326 -0
  1041. data/third_party/boringssl/crypto/x509/x509_txt.c +205 -0
  1042. data/third_party/boringssl/crypto/x509/x509_v3.c +278 -0
  1043. data/third_party/boringssl/crypto/x509/x509_vfy.c +2472 -0
  1044. data/third_party/boringssl/crypto/x509/x509_vpm.c +648 -0
  1045. data/third_party/boringssl/crypto/x509/x509cset.c +170 -0
  1046. data/third_party/boringssl/crypto/x509/x509name.c +389 -0
  1047. data/third_party/boringssl/crypto/x509/x509rset.c +81 -0
  1048. data/third_party/boringssl/crypto/x509/x509spki.c +137 -0
  1049. data/third_party/boringssl/crypto/x509/x_algor.c +151 -0
  1050. data/third_party/boringssl/crypto/x509/x_all.c +501 -0
  1051. data/third_party/boringssl/crypto/x509/x_attrib.c +111 -0
  1052. data/third_party/boringssl/crypto/x509/x_crl.c +541 -0
  1053. data/third_party/boringssl/crypto/x509/x_exten.c +75 -0
  1054. data/third_party/boringssl/crypto/x509/x_info.c +98 -0
  1055. data/third_party/boringssl/crypto/x509/x_name.c +541 -0
  1056. data/third_party/boringssl/crypto/x509/x_pkey.c +106 -0
  1057. data/third_party/boringssl/crypto/x509/x_pubkey.c +368 -0
  1058. data/third_party/boringssl/crypto/x509/x_req.c +109 -0
  1059. data/third_party/boringssl/crypto/x509/x_sig.c +69 -0
  1060. data/third_party/boringssl/crypto/x509/x_spki.c +80 -0
  1061. data/third_party/boringssl/crypto/x509/x_val.c +69 -0
  1062. data/third_party/boringssl/crypto/x509/x_x509.c +328 -0
  1063. data/third_party/boringssl/crypto/x509/x_x509a.c +198 -0
  1064. data/third_party/boringssl/crypto/x509v3/ext_dat.h +143 -0
  1065. data/third_party/boringssl/crypto/x509v3/pcy_cache.c +284 -0
  1066. data/third_party/boringssl/crypto/x509v3/pcy_data.c +130 -0
  1067. data/third_party/boringssl/crypto/x509v3/pcy_int.h +217 -0
  1068. data/third_party/boringssl/crypto/x509v3/pcy_lib.c +155 -0
  1069. data/third_party/boringssl/crypto/x509v3/pcy_map.c +130 -0
  1070. data/third_party/boringssl/crypto/x509v3/pcy_node.c +188 -0
  1071. data/third_party/boringssl/crypto/x509v3/pcy_tree.c +840 -0
  1072. data/third_party/boringssl/crypto/x509v3/v3_akey.c +204 -0
  1073. data/third_party/boringssl/crypto/x509v3/v3_akeya.c +72 -0
  1074. data/third_party/boringssl/crypto/x509v3/v3_alt.c +623 -0
  1075. data/third_party/boringssl/crypto/x509v3/v3_bcons.c +133 -0
  1076. data/third_party/boringssl/crypto/x509v3/v3_bitst.c +141 -0
  1077. data/third_party/boringssl/crypto/x509v3/v3_conf.c +462 -0
  1078. data/third_party/boringssl/crypto/x509v3/v3_cpols.c +502 -0
  1079. data/third_party/boringssl/crypto/x509v3/v3_crld.c +561 -0
  1080. data/third_party/boringssl/crypto/x509v3/v3_enum.c +100 -0
  1081. data/third_party/boringssl/crypto/x509v3/v3_extku.c +148 -0
  1082. data/third_party/boringssl/crypto/x509v3/v3_genn.c +251 -0
  1083. data/third_party/boringssl/crypto/x509v3/v3_ia5.c +122 -0
  1084. data/third_party/boringssl/crypto/x509v3/v3_info.c +219 -0
  1085. data/third_party/boringssl/crypto/x509v3/v3_int.c +91 -0
  1086. data/third_party/boringssl/crypto/x509v3/v3_lib.c +370 -0
  1087. data/third_party/boringssl/crypto/x509v3/v3_ncons.c +501 -0
  1088. data/third_party/boringssl/crypto/x509v3/v3_pci.c +287 -0
  1089. data/third_party/boringssl/crypto/x509v3/v3_pcia.c +57 -0
  1090. data/third_party/boringssl/crypto/x509v3/v3_pcons.c +139 -0
  1091. data/third_party/boringssl/crypto/x509v3/v3_pku.c +110 -0
  1092. data/third_party/boringssl/crypto/x509v3/v3_pmaps.c +154 -0
  1093. data/third_party/boringssl/crypto/x509v3/v3_prn.c +229 -0
  1094. data/third_party/boringssl/crypto/x509v3/v3_purp.c +866 -0
  1095. data/third_party/boringssl/crypto/x509v3/v3_skey.c +152 -0
  1096. data/third_party/boringssl/crypto/x509v3/v3_sxnet.c +274 -0
  1097. data/third_party/boringssl/crypto/x509v3/v3_utl.c +1352 -0
  1098. data/third_party/boringssl/include/openssl/aead.h +423 -0
  1099. data/third_party/boringssl/include/openssl/aes.h +170 -0
  1100. data/third_party/boringssl/include/openssl/arm_arch.h +121 -0
  1101. data/third_party/boringssl/include/openssl/asn1.h +982 -0
  1102. data/third_party/boringssl/include/openssl/asn1_mac.h +18 -0
  1103. data/third_party/boringssl/include/openssl/asn1t.h +892 -0
  1104. data/third_party/boringssl/include/openssl/base.h +468 -0
  1105. data/third_party/boringssl/include/openssl/base64.h +187 -0
  1106. data/third_party/boringssl/include/openssl/bio.h +902 -0
  1107. data/third_party/boringssl/include/openssl/blowfish.h +93 -0
  1108. data/third_party/boringssl/include/openssl/bn.h +975 -0
  1109. data/third_party/boringssl/include/openssl/buf.h +137 -0
  1110. data/third_party/boringssl/include/openssl/buffer.h +18 -0
  1111. data/third_party/boringssl/include/openssl/bytestring.h +480 -0
  1112. data/third_party/boringssl/include/openssl/cast.h +96 -0
  1113. data/third_party/boringssl/include/openssl/chacha.h +41 -0
  1114. data/third_party/boringssl/include/openssl/cipher.h +608 -0
  1115. data/third_party/boringssl/include/openssl/cmac.h +87 -0
  1116. data/third_party/boringssl/include/openssl/conf.h +183 -0
  1117. data/third_party/boringssl/include/openssl/cpu.h +196 -0
  1118. data/third_party/boringssl/include/openssl/crypto.h +118 -0
  1119. data/third_party/boringssl/include/openssl/curve25519.h +201 -0
  1120. data/third_party/boringssl/include/openssl/des.h +177 -0
  1121. data/third_party/boringssl/include/openssl/dh.h +298 -0
  1122. data/third_party/boringssl/include/openssl/digest.h +316 -0
  1123. data/third_party/boringssl/include/openssl/dsa.h +435 -0
  1124. data/third_party/boringssl/include/openssl/dtls1.h +16 -0
  1125. data/third_party/boringssl/include/openssl/ec.h +407 -0
  1126. data/third_party/boringssl/include/openssl/ec_key.h +341 -0
  1127. data/third_party/boringssl/include/openssl/ecdh.h +101 -0
  1128. data/third_party/boringssl/include/openssl/ecdsa.h +199 -0
  1129. data/third_party/boringssl/include/openssl/engine.h +109 -0
  1130. data/third_party/boringssl/include/openssl/err.h +458 -0
  1131. data/third_party/boringssl/include/openssl/evp.h +873 -0
  1132. data/third_party/boringssl/include/openssl/ex_data.h +203 -0
  1133. data/third_party/boringssl/include/openssl/hkdf.h +64 -0
  1134. data/third_party/boringssl/include/openssl/hmac.h +186 -0
  1135. data/third_party/boringssl/include/openssl/is_boringssl.h +16 -0
  1136. data/third_party/boringssl/include/openssl/lhash.h +174 -0
  1137. data/third_party/boringssl/include/openssl/lhash_macros.h +174 -0
  1138. data/third_party/boringssl/include/openssl/md4.h +106 -0
  1139. data/third_party/boringssl/include/openssl/md5.h +107 -0
  1140. data/third_party/boringssl/include/openssl/mem.h +156 -0
  1141. data/third_party/boringssl/include/openssl/nid.h +4242 -0
  1142. data/third_party/boringssl/include/openssl/obj.h +233 -0
  1143. data/third_party/boringssl/include/openssl/obj_mac.h +18 -0
  1144. data/third_party/boringssl/include/openssl/objects.h +18 -0
  1145. data/third_party/boringssl/include/openssl/opensslconf.h +67 -0
  1146. data/third_party/boringssl/include/openssl/opensslv.h +18 -0
  1147. data/third_party/boringssl/include/openssl/ossl_typ.h +18 -0
  1148. data/third_party/boringssl/include/openssl/pem.h +397 -0
  1149. data/third_party/boringssl/include/openssl/pkcs12.h +18 -0
  1150. data/third_party/boringssl/include/openssl/pkcs7.h +82 -0
  1151. data/third_party/boringssl/include/openssl/pkcs8.h +230 -0
  1152. data/third_party/boringssl/include/openssl/poly1305.h +51 -0
  1153. data/third_party/boringssl/include/openssl/pool.h +91 -0
  1154. data/third_party/boringssl/include/openssl/rand.h +125 -0
  1155. data/third_party/boringssl/include/openssl/rc4.h +96 -0
  1156. data/third_party/boringssl/include/openssl/ripemd.h +107 -0
  1157. data/third_party/boringssl/include/openssl/rsa.h +731 -0
  1158. data/third_party/boringssl/include/openssl/safestack.h +16 -0
  1159. data/third_party/boringssl/include/openssl/sha.h +256 -0
  1160. data/third_party/boringssl/include/openssl/span.h +191 -0
  1161. data/third_party/boringssl/include/openssl/srtp.h +18 -0
  1162. data/third_party/boringssl/include/openssl/ssl.h +4592 -0
  1163. data/third_party/boringssl/include/openssl/ssl3.h +333 -0
  1164. data/third_party/boringssl/include/openssl/stack.h +485 -0
  1165. data/third_party/boringssl/include/openssl/thread.h +191 -0
  1166. data/third_party/boringssl/include/openssl/tls1.h +610 -0
  1167. data/third_party/boringssl/include/openssl/type_check.h +91 -0
  1168. data/third_party/boringssl/include/openssl/x509.h +1176 -0
  1169. data/third_party/boringssl/include/openssl/x509_vfy.h +614 -0
  1170. data/third_party/boringssl/include/openssl/x509v3.h +826 -0
  1171. data/third_party/boringssl/ssl/bio_ssl.cc +179 -0
  1172. data/third_party/boringssl/ssl/custom_extensions.cc +265 -0
  1173. data/third_party/boringssl/ssl/d1_both.cc +837 -0
  1174. data/third_party/boringssl/ssl/d1_lib.cc +267 -0
  1175. data/third_party/boringssl/ssl/d1_pkt.cc +274 -0
  1176. data/third_party/boringssl/ssl/d1_srtp.cc +232 -0
  1177. data/third_party/boringssl/ssl/dtls_method.cc +193 -0
  1178. data/third_party/boringssl/ssl/dtls_record.cc +353 -0
  1179. data/third_party/boringssl/ssl/handshake.cc +616 -0
  1180. data/third_party/boringssl/ssl/handshake_client.cc +1836 -0
  1181. data/third_party/boringssl/ssl/handshake_server.cc +1662 -0
  1182. data/third_party/boringssl/ssl/internal.h +3011 -0
  1183. data/third_party/boringssl/ssl/s3_both.cc +585 -0
  1184. data/third_party/boringssl/ssl/s3_lib.cc +224 -0
  1185. data/third_party/boringssl/ssl/s3_pkt.cc +443 -0
  1186. data/third_party/boringssl/ssl/ssl_aead_ctx.cc +415 -0
  1187. data/third_party/boringssl/ssl/ssl_asn1.cc +840 -0
  1188. data/third_party/boringssl/ssl/ssl_buffer.cc +286 -0
  1189. data/third_party/boringssl/ssl/ssl_cert.cc +913 -0
  1190. data/third_party/boringssl/ssl/ssl_cipher.cc +1777 -0
  1191. data/third_party/boringssl/ssl/ssl_file.cc +583 -0
  1192. data/third_party/boringssl/ssl/ssl_key_share.cc +250 -0
  1193. data/third_party/boringssl/ssl/ssl_lib.cc +2650 -0
  1194. data/third_party/boringssl/ssl/ssl_privkey.cc +488 -0
  1195. data/third_party/boringssl/ssl/ssl_session.cc +1221 -0
  1196. data/third_party/boringssl/ssl/ssl_stat.cc +224 -0
  1197. data/third_party/boringssl/ssl/ssl_transcript.cc +398 -0
  1198. data/third_party/boringssl/ssl/ssl_versions.cc +472 -0
  1199. data/third_party/boringssl/ssl/ssl_x509.cc +1299 -0
  1200. data/third_party/boringssl/ssl/t1_enc.cc +503 -0
  1201. data/third_party/boringssl/ssl/t1_lib.cc +3457 -0
  1202. data/third_party/boringssl/ssl/tls13_both.cc +551 -0
  1203. data/third_party/boringssl/ssl/tls13_client.cc +977 -0
  1204. data/third_party/boringssl/ssl/tls13_enc.cc +563 -0
  1205. data/third_party/boringssl/ssl/tls13_server.cc +1068 -0
  1206. data/third_party/boringssl/ssl/tls_method.cc +291 -0
  1207. data/third_party/boringssl/ssl/tls_record.cc +712 -0
  1208. data/third_party/boringssl/third_party/fiat/curve25519.c +5062 -0
  1209. data/third_party/boringssl/third_party/fiat/internal.h +142 -0
  1210. data/third_party/cares/ares_build.h +223 -0
  1211. data/third_party/cares/cares/ares.h +658 -0
  1212. data/third_party/cares/cares/ares__close_sockets.c +61 -0
  1213. data/third_party/cares/cares/ares__get_hostent.c +261 -0
  1214. data/third_party/cares/cares/ares__read_line.c +73 -0
  1215. data/third_party/cares/cares/ares__timeval.c +111 -0
  1216. data/third_party/cares/cares/ares_cancel.c +63 -0
  1217. data/third_party/cares/cares/ares_create_query.c +202 -0
  1218. data/third_party/cares/cares/ares_data.c +221 -0
  1219. data/third_party/cares/cares/ares_data.h +72 -0
  1220. data/third_party/cares/cares/ares_destroy.c +108 -0
  1221. data/third_party/cares/cares/ares_dns.h +103 -0
  1222. data/third_party/cares/cares/ares_expand_name.c +209 -0
  1223. data/third_party/cares/cares/ares_expand_string.c +70 -0
  1224. data/third_party/cares/cares/ares_fds.c +59 -0
  1225. data/third_party/cares/cares/ares_free_hostent.c +41 -0
  1226. data/third_party/cares/cares/ares_free_string.c +25 -0
  1227. data/third_party/cares/cares/ares_getenv.c +30 -0
  1228. data/third_party/cares/cares/ares_getenv.h +26 -0
  1229. data/third_party/cares/cares/ares_gethostbyaddr.c +294 -0
  1230. data/third_party/cares/cares/ares_gethostbyname.c +518 -0
  1231. data/third_party/cares/cares/ares_getnameinfo.c +442 -0
  1232. data/third_party/cares/cares/ares_getopt.c +122 -0
  1233. data/third_party/cares/cares/ares_getopt.h +53 -0
  1234. data/third_party/cares/cares/ares_getsock.c +66 -0
  1235. data/third_party/cares/cares/ares_inet_net_pton.h +25 -0
  1236. data/third_party/cares/cares/ares_init.c +2514 -0
  1237. data/third_party/cares/cares/ares_iphlpapi.h +221 -0
  1238. data/third_party/cares/cares/ares_ipv6.h +78 -0
  1239. data/third_party/cares/cares/ares_library_init.c +177 -0
  1240. data/third_party/cares/cares/ares_library_init.h +43 -0
  1241. data/third_party/cares/cares/ares_llist.c +63 -0
  1242. data/third_party/cares/cares/ares_llist.h +39 -0
  1243. data/third_party/cares/cares/ares_mkquery.c +24 -0
  1244. data/third_party/cares/cares/ares_nowarn.c +260 -0
  1245. data/third_party/cares/cares/ares_nowarn.h +61 -0
  1246. data/third_party/cares/cares/ares_options.c +402 -0
  1247. data/third_party/cares/cares/ares_parse_a_reply.c +264 -0
  1248. data/third_party/cares/cares/ares_parse_aaaa_reply.c +264 -0
  1249. data/third_party/cares/cares/ares_parse_mx_reply.c +170 -0
  1250. data/third_party/cares/cares/ares_parse_naptr_reply.c +193 -0
  1251. data/third_party/cares/cares/ares_parse_ns_reply.c +183 -0
  1252. data/third_party/cares/cares/ares_parse_ptr_reply.c +219 -0
  1253. data/third_party/cares/cares/ares_parse_soa_reply.c +133 -0
  1254. data/third_party/cares/cares/ares_parse_srv_reply.c +179 -0
  1255. data/third_party/cares/cares/ares_parse_txt_reply.c +220 -0
  1256. data/third_party/cares/cares/ares_platform.c +11035 -0
  1257. data/third_party/cares/cares/ares_platform.h +43 -0
  1258. data/third_party/cares/cares/ares_private.h +374 -0
  1259. data/third_party/cares/cares/ares_process.c +1448 -0
  1260. data/third_party/cares/cares/ares_query.c +186 -0
  1261. data/third_party/cares/cares/ares_rules.h +125 -0
  1262. data/third_party/cares/cares/ares_search.c +316 -0
  1263. data/third_party/cares/cares/ares_send.c +131 -0
  1264. data/third_party/cares/cares/ares_setup.h +217 -0
  1265. data/third_party/cares/cares/ares_strcasecmp.c +66 -0
  1266. data/third_party/cares/cares/ares_strcasecmp.h +30 -0
  1267. data/third_party/cares/cares/ares_strdup.c +49 -0
  1268. data/third_party/cares/cares/ares_strdup.h +24 -0
  1269. data/third_party/cares/cares/ares_strerror.c +56 -0
  1270. data/third_party/cares/cares/ares_timeout.c +88 -0
  1271. data/third_party/cares/cares/ares_version.c +11 -0
  1272. data/third_party/cares/cares/ares_version.h +24 -0
  1273. data/third_party/cares/cares/ares_writev.c +79 -0
  1274. data/third_party/cares/cares/bitncmp.c +59 -0
  1275. data/third_party/cares/cares/bitncmp.h +26 -0
  1276. data/third_party/cares/cares/config-win32.h +351 -0
  1277. data/third_party/cares/cares/inet_net_pton.c +450 -0
  1278. data/third_party/cares/cares/inet_ntop.c +208 -0
  1279. data/third_party/cares/cares/setup_once.h +554 -0
  1280. data/third_party/cares/cares/windows_port.c +22 -0
  1281. data/third_party/cares/config_darwin/ares_config.h +425 -0
  1282. data/third_party/cares/config_freebsd/ares_config.h +502 -0
  1283. data/third_party/cares/config_linux/ares_config.h +458 -0
  1284. data/third_party/cares/config_openbsd/ares_config.h +502 -0
  1285. data/third_party/nanopb/pb.h +579 -0
  1286. data/third_party/nanopb/pb_common.c +97 -0
  1287. data/third_party/nanopb/pb_common.h +42 -0
  1288. data/third_party/nanopb/pb_decode.c +1347 -0
  1289. data/third_party/nanopb/pb_decode.h +149 -0
  1290. data/third_party/nanopb/pb_encode.c +696 -0
  1291. data/third_party/nanopb/pb_encode.h +154 -0
  1292. data/third_party/zlib/adler32.c +186 -0
  1293. data/third_party/zlib/compress.c +86 -0
  1294. data/third_party/zlib/crc32.c +442 -0
  1295. data/third_party/zlib/crc32.h +441 -0
  1296. data/third_party/zlib/deflate.c +2163 -0
  1297. data/third_party/zlib/deflate.h +349 -0
  1298. data/third_party/zlib/gzclose.c +25 -0
  1299. data/third_party/zlib/gzguts.h +218 -0
  1300. data/third_party/zlib/gzlib.c +637 -0
  1301. data/third_party/zlib/gzread.c +654 -0
  1302. data/third_party/zlib/gzwrite.c +665 -0
  1303. data/third_party/zlib/infback.c +640 -0
  1304. data/third_party/zlib/inffast.c +323 -0
  1305. data/third_party/zlib/inffast.h +11 -0
  1306. data/third_party/zlib/inffixed.h +94 -0
  1307. data/third_party/zlib/inflate.c +1561 -0
  1308. data/third_party/zlib/inflate.h +125 -0
  1309. data/third_party/zlib/inftrees.c +304 -0
  1310. data/third_party/zlib/inftrees.h +62 -0
  1311. data/third_party/zlib/trees.c +1203 -0
  1312. data/third_party/zlib/trees.h +128 -0
  1313. data/third_party/zlib/uncompr.c +93 -0
  1314. data/third_party/zlib/zconf.h +534 -0
  1315. data/third_party/zlib/zlib.h +1912 -0
  1316. data/third_party/zlib/zutil.c +325 -0
  1317. data/third_party/zlib/zutil.h +271 -0
  1318. metadata +1586 -0
@@ -0,0 +1,2472 @@
1
+ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2
+ * All rights reserved.
3
+ *
4
+ * This package is an SSL implementation written
5
+ * by Eric Young (eay@cryptsoft.com).
6
+ * The implementation was written so as to conform with Netscapes SSL.
7
+ *
8
+ * This library is free for commercial and non-commercial use as long as
9
+ * the following conditions are aheared to. The following conditions
10
+ * apply to all code found in this distribution, be it the RC4, RSA,
11
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12
+ * included with this distribution is covered by the same copyright terms
13
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14
+ *
15
+ * Copyright remains Eric Young's, and as such any Copyright notices in
16
+ * the code are not to be removed.
17
+ * If this package is used in a product, Eric Young should be given attribution
18
+ * as the author of the parts of the library used.
19
+ * This can be in the form of a textual message at program startup or
20
+ * in documentation (online or textual) provided with the package.
21
+ *
22
+ * Redistribution and use in source and binary forms, with or without
23
+ * modification, are permitted provided that the following conditions
24
+ * are met:
25
+ * 1. Redistributions of source code must retain the copyright
26
+ * notice, this list of conditions and the following disclaimer.
27
+ * 2. Redistributions in binary form must reproduce the above copyright
28
+ * notice, this list of conditions and the following disclaimer in the
29
+ * documentation and/or other materials provided with the distribution.
30
+ * 3. All advertising materials mentioning features or use of this software
31
+ * must display the following acknowledgement:
32
+ * "This product includes cryptographic software written by
33
+ * Eric Young (eay@cryptsoft.com)"
34
+ * The word 'cryptographic' can be left out if the rouines from the library
35
+ * being used are not cryptographic related :-).
36
+ * 4. If you include any Windows specific code (or a derivative thereof) from
37
+ * the apps directory (application code) you must include an acknowledgement:
38
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39
+ *
40
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50
+ * SUCH DAMAGE.
51
+ *
52
+ * The licence and distribution terms for any publically available version or
53
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
54
+ * copied and put under another distribution licence
55
+ * [including the GNU Public Licence.] */
56
+
57
+ #include <string.h>
58
+ #include <time.h>
59
+
60
+ #include <openssl/asn1.h>
61
+ #include <openssl/buf.h>
62
+ #include <openssl/err.h>
63
+ #include <openssl/evp.h>
64
+ #include <openssl/mem.h>
65
+ #include <openssl/obj.h>
66
+ #include <openssl/thread.h>
67
+ #include <openssl/x509.h>
68
+ #include <openssl/x509v3.h>
69
+
70
+ #include "vpm_int.h"
71
+ #include "../internal.h"
72
+
73
+ static CRYPTO_EX_DATA_CLASS g_ex_data_class =
74
+ CRYPTO_EX_DATA_CLASS_INIT_WITH_APP_DATA;
75
+
76
+ /* CRL score values */
77
+
78
+ /* No unhandled critical extensions */
79
+
80
+ #define CRL_SCORE_NOCRITICAL 0x100
81
+
82
+ /* certificate is within CRL scope */
83
+
84
+ #define CRL_SCORE_SCOPE 0x080
85
+
86
+ /* CRL times valid */
87
+
88
+ #define CRL_SCORE_TIME 0x040
89
+
90
+ /* Issuer name matches certificate */
91
+
92
+ #define CRL_SCORE_ISSUER_NAME 0x020
93
+
94
+ /* If this score or above CRL is probably valid */
95
+
96
+ #define CRL_SCORE_VALID (CRL_SCORE_NOCRITICAL|CRL_SCORE_TIME|CRL_SCORE_SCOPE)
97
+
98
+ /* CRL issuer is certificate issuer */
99
+
100
+ #define CRL_SCORE_ISSUER_CERT 0x018
101
+
102
+ /* CRL issuer is on certificate path */
103
+
104
+ #define CRL_SCORE_SAME_PATH 0x008
105
+
106
+ /* CRL issuer matches CRL AKID */
107
+
108
+ #define CRL_SCORE_AKID 0x004
109
+
110
+ /* Have a delta CRL with valid times */
111
+
112
+ #define CRL_SCORE_TIME_DELTA 0x002
113
+
114
+ static int null_callback(int ok, X509_STORE_CTX *e);
115
+ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
116
+ static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x);
117
+ static int check_chain_extensions(X509_STORE_CTX *ctx);
118
+ static int check_name_constraints(X509_STORE_CTX *ctx);
119
+ static int check_id(X509_STORE_CTX *ctx);
120
+ static int check_trust(X509_STORE_CTX *ctx);
121
+ static int check_revocation(X509_STORE_CTX *ctx);
122
+ static int check_cert(X509_STORE_CTX *ctx);
123
+ static int check_policy(X509_STORE_CTX *ctx);
124
+
125
+ static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
126
+ unsigned int *preasons, X509_CRL *crl, X509 *x);
127
+ static int get_crl_delta(X509_STORE_CTX *ctx,
128
+ X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x);
129
+ static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl,
130
+ int *pcrl_score, X509_CRL *base,
131
+ STACK_OF(X509_CRL) *crls);
132
+ static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, X509 **pissuer,
133
+ int *pcrl_score);
134
+ static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score,
135
+ unsigned int *preasons);
136
+ static int check_crl_path(X509_STORE_CTX *ctx, X509 *x);
137
+ static int check_crl_chain(X509_STORE_CTX *ctx,
138
+ STACK_OF(X509) *cert_path,
139
+ STACK_OF(X509) *crl_path);
140
+
141
+ static int internal_verify(X509_STORE_CTX *ctx);
142
+
143
+ static int null_callback(int ok, X509_STORE_CTX *e)
144
+ {
145
+ return ok;
146
+ }
147
+
148
+ /* Return 1 is a certificate is self signed */
149
+ static int cert_self_signed(X509 *x)
150
+ {
151
+ X509_check_purpose(x, -1, 0);
152
+ if (x->ex_flags & EXFLAG_SS)
153
+ return 1;
154
+ else
155
+ return 0;
156
+ }
157
+
158
+ /* Given a certificate try and find an exact match in the store */
159
+
160
+ static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x)
161
+ {
162
+ STACK_OF(X509) *certs;
163
+ X509 *xtmp = NULL;
164
+ size_t i;
165
+ /* Lookup all certs with matching subject name */
166
+ certs = ctx->lookup_certs(ctx, X509_get_subject_name(x));
167
+ if (certs == NULL)
168
+ return NULL;
169
+ /* Look for exact match */
170
+ for (i = 0; i < sk_X509_num(certs); i++) {
171
+ xtmp = sk_X509_value(certs, i);
172
+ if (!X509_cmp(xtmp, x))
173
+ break;
174
+ }
175
+ if (i < sk_X509_num(certs))
176
+ X509_up_ref(xtmp);
177
+ else
178
+ xtmp = NULL;
179
+ sk_X509_pop_free(certs, X509_free);
180
+ return xtmp;
181
+ }
182
+
183
+ int X509_verify_cert(X509_STORE_CTX *ctx)
184
+ {
185
+ X509 *x, *xtmp, *xtmp2, *chain_ss = NULL;
186
+ int bad_chain = 0;
187
+ X509_VERIFY_PARAM *param = ctx->param;
188
+ int depth, i, ok = 0;
189
+ int num, j, retry, trust;
190
+ int (*cb) (int xok, X509_STORE_CTX *xctx);
191
+ STACK_OF(X509) *sktmp = NULL;
192
+ if (ctx->cert == NULL) {
193
+ OPENSSL_PUT_ERROR(X509, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
194
+ ctx->error = X509_V_ERR_INVALID_CALL;
195
+ return -1;
196
+ }
197
+ if (ctx->chain != NULL) {
198
+ /*
199
+ * This X509_STORE_CTX has already been used to verify a cert. We
200
+ * cannot do another one.
201
+ */
202
+ OPENSSL_PUT_ERROR(X509, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
203
+ ctx->error = X509_V_ERR_INVALID_CALL;
204
+ return -1;
205
+ }
206
+
207
+ cb = ctx->verify_cb;
208
+
209
+ /*
210
+ * first we make sure the chain we are going to build is present and that
211
+ * the first entry is in place
212
+ */
213
+ ctx->chain = sk_X509_new_null();
214
+ if (ctx->chain == NULL || !sk_X509_push(ctx->chain, ctx->cert)) {
215
+ OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
216
+ ctx->error = X509_V_ERR_OUT_OF_MEM;
217
+ goto end;
218
+ }
219
+ X509_up_ref(ctx->cert);
220
+ ctx->last_untrusted = 1;
221
+
222
+ /* We use a temporary STACK so we can chop and hack at it.
223
+ * sktmp = ctx->untrusted ++ ctx->ctx->additional_untrusted */
224
+ if (ctx->untrusted != NULL
225
+ && (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) {
226
+ OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
227
+ ctx->error = X509_V_ERR_OUT_OF_MEM;
228
+ goto end;
229
+ }
230
+
231
+ if (ctx->ctx->additional_untrusted != NULL) {
232
+ if (sktmp == NULL) {
233
+ sktmp = sk_X509_new_null();
234
+ if (sktmp == NULL) {
235
+ OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
236
+ ctx->error = X509_V_ERR_OUT_OF_MEM;
237
+ goto end;
238
+ }
239
+ }
240
+
241
+ for (size_t k = 0; k < sk_X509_num(ctx->ctx->additional_untrusted);
242
+ k++) {
243
+ if (!sk_X509_push(sktmp,
244
+ sk_X509_value(ctx->ctx->additional_untrusted,
245
+ k))) {
246
+ OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
247
+ ctx->error = X509_V_ERR_OUT_OF_MEM;
248
+ goto end;
249
+ }
250
+ }
251
+ }
252
+
253
+ num = sk_X509_num(ctx->chain);
254
+ x = sk_X509_value(ctx->chain, num - 1);
255
+ depth = param->depth;
256
+
257
+ for (;;) {
258
+ /* If we have enough, we break */
259
+ if (depth < num)
260
+ break; /* FIXME: If this happens, we should take
261
+ * note of it and, if appropriate, use the
262
+ * X509_V_ERR_CERT_CHAIN_TOO_LONG error code
263
+ * later. */
264
+
265
+ /* If we are self signed, we break */
266
+ if (cert_self_signed(x))
267
+ break;
268
+ /*
269
+ * If asked see if we can find issuer in trusted store first
270
+ */
271
+ if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) {
272
+ ok = ctx->get_issuer(&xtmp, ctx, x);
273
+ if (ok < 0) {
274
+ ctx->error = X509_V_ERR_STORE_LOOKUP;
275
+ goto end;
276
+ }
277
+ /*
278
+ * If successful for now free up cert so it will be picked up
279
+ * again later.
280
+ */
281
+ if (ok > 0) {
282
+ X509_free(xtmp);
283
+ break;
284
+ }
285
+ }
286
+
287
+ /* If we were passed a cert chain, use it first */
288
+ if (sktmp != NULL) {
289
+ xtmp = find_issuer(ctx, sktmp, x);
290
+ if (xtmp != NULL) {
291
+ if (!sk_X509_push(ctx->chain, xtmp)) {
292
+ OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
293
+ ctx->error = X509_V_ERR_OUT_OF_MEM;
294
+ ok = 0;
295
+ goto end;
296
+ }
297
+ X509_up_ref(xtmp);
298
+ (void)sk_X509_delete_ptr(sktmp, xtmp);
299
+ ctx->last_untrusted++;
300
+ x = xtmp;
301
+ num++;
302
+ /*
303
+ * reparse the full chain for the next one
304
+ */
305
+ continue;
306
+ }
307
+ }
308
+ break;
309
+ }
310
+
311
+ /* Remember how many untrusted certs we have */
312
+ j = num;
313
+ /*
314
+ * at this point, chain should contain a list of untrusted certificates.
315
+ * We now need to add at least one trusted one, if possible, otherwise we
316
+ * complain.
317
+ */
318
+
319
+ do {
320
+ /*
321
+ * Examine last certificate in chain and see if it is self signed.
322
+ */
323
+ i = sk_X509_num(ctx->chain);
324
+ x = sk_X509_value(ctx->chain, i - 1);
325
+ if (cert_self_signed(x)) {
326
+ /* we have a self signed certificate */
327
+ if (sk_X509_num(ctx->chain) == 1) {
328
+ /*
329
+ * We have a single self signed certificate: see if we can
330
+ * find it in the store. We must have an exact match to avoid
331
+ * possible impersonation.
332
+ */
333
+ ok = ctx->get_issuer(&xtmp, ctx, x);
334
+ if ((ok <= 0) || X509_cmp(x, xtmp)) {
335
+ ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
336
+ ctx->current_cert = x;
337
+ ctx->error_depth = i - 1;
338
+ if (ok == 1)
339
+ X509_free(xtmp);
340
+ bad_chain = 1;
341
+ ok = cb(0, ctx);
342
+ if (!ok)
343
+ goto end;
344
+ } else {
345
+ /*
346
+ * We have a match: replace certificate with store
347
+ * version so we get any trust settings.
348
+ */
349
+ X509_free(x);
350
+ x = xtmp;
351
+ (void)sk_X509_set(ctx->chain, i - 1, x);
352
+ ctx->last_untrusted = 0;
353
+ }
354
+ } else {
355
+ /*
356
+ * extract and save self signed certificate for later use
357
+ */
358
+ chain_ss = sk_X509_pop(ctx->chain);
359
+ ctx->last_untrusted--;
360
+ num--;
361
+ j--;
362
+ x = sk_X509_value(ctx->chain, num - 1);
363
+ }
364
+ }
365
+ /* We now lookup certs from the certificate store */
366
+ for (;;) {
367
+ /* If we have enough, we break */
368
+ if (depth < num)
369
+ break;
370
+ /* If we are self signed, we break */
371
+ if (cert_self_signed(x))
372
+ break;
373
+ ok = ctx->get_issuer(&xtmp, ctx, x);
374
+
375
+ if (ok < 0) {
376
+ ctx->error = X509_V_ERR_STORE_LOOKUP;
377
+ goto end;
378
+ }
379
+ if (ok == 0)
380
+ break;
381
+ x = xtmp;
382
+ if (!sk_X509_push(ctx->chain, x)) {
383
+ X509_free(xtmp);
384
+ OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
385
+ ctx->error = X509_V_ERR_OUT_OF_MEM;
386
+ ok = 0;
387
+ goto end;
388
+ }
389
+ num++;
390
+ }
391
+
392
+ /* we now have our chain, lets check it... */
393
+ trust = check_trust(ctx);
394
+
395
+ /* If explicitly rejected error */
396
+ if (trust == X509_TRUST_REJECTED) {
397
+ ok = 0;
398
+ goto end;
399
+ }
400
+ /*
401
+ * If it's not explicitly trusted then check if there is an alternative
402
+ * chain that could be used. We only do this if we haven't already
403
+ * checked via TRUSTED_FIRST and the user hasn't switched off alternate
404
+ * chain checking
405
+ */
406
+ retry = 0;
407
+ if (trust != X509_TRUST_TRUSTED
408
+ && !(ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST)
409
+ && !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) {
410
+ while (j-- > 1) {
411
+ xtmp2 = sk_X509_value(ctx->chain, j - 1);
412
+ ok = ctx->get_issuer(&xtmp, ctx, xtmp2);
413
+ if (ok < 0)
414
+ goto end;
415
+ /* Check if we found an alternate chain */
416
+ if (ok > 0) {
417
+ /*
418
+ * Free up the found cert we'll add it again later
419
+ */
420
+ X509_free(xtmp);
421
+
422
+ /*
423
+ * Dump all the certs above this point - we've found an
424
+ * alternate chain
425
+ */
426
+ while (num > j) {
427
+ xtmp = sk_X509_pop(ctx->chain);
428
+ X509_free(xtmp);
429
+ num--;
430
+ }
431
+ ctx->last_untrusted = sk_X509_num(ctx->chain);
432
+ retry = 1;
433
+ break;
434
+ }
435
+ }
436
+ }
437
+ } while (retry);
438
+
439
+ /*
440
+ * If not explicitly trusted then indicate error unless it's a single
441
+ * self signed certificate in which case we've indicated an error already
442
+ * and set bad_chain == 1
443
+ */
444
+ if (trust != X509_TRUST_TRUSTED && !bad_chain) {
445
+ if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) {
446
+ if (ctx->last_untrusted >= num)
447
+ ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
448
+ else
449
+ ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT;
450
+ ctx->current_cert = x;
451
+ } else {
452
+
453
+ sk_X509_push(ctx->chain, chain_ss);
454
+ num++;
455
+ ctx->last_untrusted = num;
456
+ ctx->current_cert = chain_ss;
457
+ ctx->error = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
458
+ chain_ss = NULL;
459
+ }
460
+
461
+ ctx->error_depth = num - 1;
462
+ bad_chain = 1;
463
+ ok = cb(0, ctx);
464
+ if (!ok)
465
+ goto end;
466
+ }
467
+
468
+ /* We have the chain complete: now we need to check its purpose */
469
+ ok = check_chain_extensions(ctx);
470
+
471
+ if (!ok)
472
+ goto end;
473
+
474
+ ok = check_id(ctx);
475
+
476
+ if (!ok)
477
+ goto end;
478
+
479
+ /*
480
+ * Check revocation status: we do this after copying parameters because
481
+ * they may be needed for CRL signature verification.
482
+ */
483
+
484
+ ok = ctx->check_revocation(ctx);
485
+ if (!ok)
486
+ goto end;
487
+
488
+ int err = X509_chain_check_suiteb(&ctx->error_depth, NULL, ctx->chain,
489
+ ctx->param->flags);
490
+ if (err != X509_V_OK) {
491
+ ctx->error = err;
492
+ ctx->current_cert = sk_X509_value(ctx->chain, ctx->error_depth);
493
+ ok = cb(0, ctx);
494
+ if (!ok)
495
+ goto end;
496
+ }
497
+
498
+ /* At this point, we have a chain and need to verify it */
499
+ if (ctx->verify != NULL)
500
+ ok = ctx->verify(ctx);
501
+ else
502
+ ok = internal_verify(ctx);
503
+ if (!ok)
504
+ goto end;
505
+
506
+ /* Check name constraints */
507
+
508
+ ok = check_name_constraints(ctx);
509
+ if (!ok)
510
+ goto end;
511
+
512
+ /* If we get this far evaluate policies */
513
+ if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK))
514
+ ok = ctx->check_policy(ctx);
515
+
516
+ end:
517
+ if (sktmp != NULL)
518
+ sk_X509_free(sktmp);
519
+ if (chain_ss != NULL)
520
+ X509_free(chain_ss);
521
+
522
+ /* Safety net, error returns must set ctx->error */
523
+ if (ok <= 0 && ctx->error == X509_V_OK)
524
+ ctx->error = X509_V_ERR_UNSPECIFIED;
525
+ return ok;
526
+ }
527
+
528
+ /*
529
+ * Given a STACK_OF(X509) find the issuer of cert (if any)
530
+ */
531
+
532
+ static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
533
+ {
534
+ size_t i;
535
+ X509 *issuer;
536
+ for (i = 0; i < sk_X509_num(sk); i++) {
537
+ issuer = sk_X509_value(sk, i);
538
+ if (ctx->check_issued(ctx, x, issuer))
539
+ return issuer;
540
+ }
541
+ return NULL;
542
+ }
543
+
544
+ /* Given a possible certificate and issuer check them */
545
+
546
+ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
547
+ {
548
+ int ret;
549
+ ret = X509_check_issued(issuer, x);
550
+ if (ret == X509_V_OK)
551
+ return 1;
552
+ /* If we haven't asked for issuer errors don't set ctx */
553
+ if (!(ctx->param->flags & X509_V_FLAG_CB_ISSUER_CHECK))
554
+ return 0;
555
+
556
+ ctx->error = ret;
557
+ ctx->current_cert = x;
558
+ ctx->current_issuer = issuer;
559
+ return ctx->verify_cb(0, ctx);
560
+ }
561
+
562
+ /* Alternative lookup method: look from a STACK stored in other_ctx */
563
+
564
+ static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
565
+ {
566
+ *issuer = find_issuer(ctx, ctx->other_ctx, x);
567
+ if (*issuer) {
568
+ X509_up_ref(*issuer);
569
+ return 1;
570
+ } else
571
+ return 0;
572
+ }
573
+
574
+ /*
575
+ * Check a certificate chains extensions for consistency with the supplied
576
+ * purpose
577
+ */
578
+
579
+ static int check_chain_extensions(X509_STORE_CTX *ctx)
580
+ {
581
+ int i, ok = 0, must_be_ca, plen = 0;
582
+ X509 *x;
583
+ int (*cb) (int xok, X509_STORE_CTX *xctx);
584
+ int proxy_path_length = 0;
585
+ int purpose;
586
+ int allow_proxy_certs;
587
+ cb = ctx->verify_cb;
588
+
589
+ /*
590
+ * must_be_ca can have 1 of 3 values: -1: we accept both CA and non-CA
591
+ * certificates, to allow direct use of self-signed certificates (which
592
+ * are marked as CA). 0: we only accept non-CA certificates. This is
593
+ * currently not used, but the possibility is present for future
594
+ * extensions. 1: we only accept CA certificates. This is currently used
595
+ * for all certificates in the chain except the leaf certificate.
596
+ */
597
+ must_be_ca = -1;
598
+
599
+ /* CRL path validation */
600
+ if (ctx->parent) {
601
+ allow_proxy_certs = 0;
602
+ purpose = X509_PURPOSE_CRL_SIGN;
603
+ } else {
604
+ allow_proxy_certs =
605
+ ! !(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
606
+ purpose = ctx->param->purpose;
607
+ }
608
+
609
+ /* Check all untrusted certificates */
610
+ for (i = 0; i < ctx->last_untrusted; i++) {
611
+ int ret;
612
+ x = sk_X509_value(ctx->chain, i);
613
+ if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
614
+ && (x->ex_flags & EXFLAG_CRITICAL)) {
615
+ ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION;
616
+ ctx->error_depth = i;
617
+ ctx->current_cert = x;
618
+ ok = cb(0, ctx);
619
+ if (!ok)
620
+ goto end;
621
+ }
622
+ if (!allow_proxy_certs && (x->ex_flags & EXFLAG_PROXY)) {
623
+ ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED;
624
+ ctx->error_depth = i;
625
+ ctx->current_cert = x;
626
+ ok = cb(0, ctx);
627
+ if (!ok)
628
+ goto end;
629
+ }
630
+ ret = X509_check_ca(x);
631
+ switch (must_be_ca) {
632
+ case -1:
633
+ if ((ctx->param->flags & X509_V_FLAG_X509_STRICT)
634
+ && (ret != 1) && (ret != 0)) {
635
+ ret = 0;
636
+ ctx->error = X509_V_ERR_INVALID_CA;
637
+ } else
638
+ ret = 1;
639
+ break;
640
+ case 0:
641
+ if (ret != 0) {
642
+ ret = 0;
643
+ ctx->error = X509_V_ERR_INVALID_NON_CA;
644
+ } else
645
+ ret = 1;
646
+ break;
647
+ default:
648
+ if ((ret == 0)
649
+ || ((ctx->param->flags & X509_V_FLAG_X509_STRICT)
650
+ && (ret != 1))) {
651
+ ret = 0;
652
+ ctx->error = X509_V_ERR_INVALID_CA;
653
+ } else
654
+ ret = 1;
655
+ break;
656
+ }
657
+ if (ret == 0) {
658
+ ctx->error_depth = i;
659
+ ctx->current_cert = x;
660
+ ok = cb(0, ctx);
661
+ if (!ok)
662
+ goto end;
663
+ }
664
+ if (ctx->param->purpose > 0) {
665
+ ret = X509_check_purpose(x, purpose, must_be_ca > 0);
666
+ if ((ret == 0)
667
+ || ((ctx->param->flags & X509_V_FLAG_X509_STRICT)
668
+ && (ret != 1))) {
669
+ ctx->error = X509_V_ERR_INVALID_PURPOSE;
670
+ ctx->error_depth = i;
671
+ ctx->current_cert = x;
672
+ ok = cb(0, ctx);
673
+ if (!ok)
674
+ goto end;
675
+ }
676
+ }
677
+ /* Check pathlen if not self issued */
678
+ if ((i > 1) && !(x->ex_flags & EXFLAG_SI)
679
+ && (x->ex_pathlen != -1)
680
+ && (plen > (x->ex_pathlen + proxy_path_length + 1))) {
681
+ ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED;
682
+ ctx->error_depth = i;
683
+ ctx->current_cert = x;
684
+ ok = cb(0, ctx);
685
+ if (!ok)
686
+ goto end;
687
+ }
688
+ /* Increment path length if not self issued */
689
+ if (!(x->ex_flags & EXFLAG_SI))
690
+ plen++;
691
+ /*
692
+ * If this certificate is a proxy certificate, the next certificate
693
+ * must be another proxy certificate or a EE certificate. If not,
694
+ * the next certificate must be a CA certificate.
695
+ */
696
+ if (x->ex_flags & EXFLAG_PROXY) {
697
+ if (x->ex_pcpathlen != -1 && i > x->ex_pcpathlen) {
698
+ ctx->error = X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED;
699
+ ctx->error_depth = i;
700
+ ctx->current_cert = x;
701
+ ok = cb(0, ctx);
702
+ if (!ok)
703
+ goto end;
704
+ }
705
+ proxy_path_length++;
706
+ must_be_ca = 0;
707
+ } else
708
+ must_be_ca = 1;
709
+ }
710
+ ok = 1;
711
+ end:
712
+ return ok;
713
+ }
714
+
715
+ static int check_name_constraints(X509_STORE_CTX *ctx)
716
+ {
717
+ X509 *x;
718
+ int i, j, rv;
719
+ /* Check name constraints for all certificates */
720
+ for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) {
721
+ x = sk_X509_value(ctx->chain, i);
722
+ /* Ignore self issued certs unless last in chain */
723
+ if (i && (x->ex_flags & EXFLAG_SI))
724
+ continue;
725
+ /*
726
+ * Check against constraints for all certificates higher in chain
727
+ * including trust anchor. Trust anchor not strictly speaking needed
728
+ * but if it includes constraints it is to be assumed it expects them
729
+ * to be obeyed.
730
+ */
731
+ for (j = sk_X509_num(ctx->chain) - 1; j > i; j--) {
732
+ NAME_CONSTRAINTS *nc = sk_X509_value(ctx->chain, j)->nc;
733
+ if (nc) {
734
+ rv = NAME_CONSTRAINTS_check(x, nc);
735
+ switch (rv) {
736
+ case X509_V_OK:
737
+ continue;
738
+ case X509_V_ERR_OUT_OF_MEM:
739
+ ctx->error = rv;
740
+ return 0;
741
+ default:
742
+ ctx->error = rv;
743
+ ctx->error_depth = i;
744
+ ctx->current_cert = x;
745
+ if (!ctx->verify_cb(0, ctx))
746
+ return 0;
747
+ break;
748
+ }
749
+ }
750
+ }
751
+ }
752
+ return 1;
753
+ }
754
+
755
+ static int check_id_error(X509_STORE_CTX *ctx, int errcode)
756
+ {
757
+ ctx->error = errcode;
758
+ ctx->current_cert = ctx->cert;
759
+ ctx->error_depth = 0;
760
+ return ctx->verify_cb(0, ctx);
761
+ }
762
+
763
+ static int check_hosts(X509 *x, X509_VERIFY_PARAM_ID *id)
764
+ {
765
+ size_t i;
766
+ size_t n = sk_OPENSSL_STRING_num(id->hosts);
767
+ char *name;
768
+
769
+ if (id->peername != NULL) {
770
+ OPENSSL_free(id->peername);
771
+ id->peername = NULL;
772
+ }
773
+ for (i = 0; i < n; ++i) {
774
+ name = sk_OPENSSL_STRING_value(id->hosts, i);
775
+ if (X509_check_host(x, name, strlen(name), id->hostflags,
776
+ &id->peername) > 0)
777
+ return 1;
778
+ }
779
+ return n == 0;
780
+ }
781
+
782
+ static int check_id(X509_STORE_CTX *ctx)
783
+ {
784
+ X509_VERIFY_PARAM *vpm = ctx->param;
785
+ X509_VERIFY_PARAM_ID *id = vpm->id;
786
+ X509 *x = ctx->cert;
787
+ if (id->hosts && check_hosts(x, id) <= 0) {
788
+ if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH))
789
+ return 0;
790
+ }
791
+ if (id->email && X509_check_email(x, id->email, id->emaillen, 0) <= 0) {
792
+ if (!check_id_error(ctx, X509_V_ERR_EMAIL_MISMATCH))
793
+ return 0;
794
+ }
795
+ if (id->ip && X509_check_ip(x, id->ip, id->iplen, 0) <= 0) {
796
+ if (!check_id_error(ctx, X509_V_ERR_IP_ADDRESS_MISMATCH))
797
+ return 0;
798
+ }
799
+ return 1;
800
+ }
801
+
802
+ static int check_trust(X509_STORE_CTX *ctx)
803
+ {
804
+ size_t i;
805
+ int ok;
806
+ X509 *x = NULL;
807
+ int (*cb) (int xok, X509_STORE_CTX *xctx);
808
+ cb = ctx->verify_cb;
809
+ /* Check all trusted certificates in chain */
810
+ for (i = ctx->last_untrusted; i < sk_X509_num(ctx->chain); i++) {
811
+ x = sk_X509_value(ctx->chain, i);
812
+ ok = X509_check_trust(x, ctx->param->trust, 0);
813
+ /* If explicitly trusted return trusted */
814
+ if (ok == X509_TRUST_TRUSTED)
815
+ return X509_TRUST_TRUSTED;
816
+ /*
817
+ * If explicitly rejected notify callback and reject if not
818
+ * overridden.
819
+ */
820
+ if (ok == X509_TRUST_REJECTED) {
821
+ ctx->error_depth = i;
822
+ ctx->current_cert = x;
823
+ ctx->error = X509_V_ERR_CERT_REJECTED;
824
+ ok = cb(0, ctx);
825
+ if (!ok)
826
+ return X509_TRUST_REJECTED;
827
+ }
828
+ }
829
+ /*
830
+ * If we accept partial chains and have at least one trusted certificate
831
+ * return success.
832
+ */
833
+ if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) {
834
+ X509 *mx;
835
+ if (ctx->last_untrusted < (int)sk_X509_num(ctx->chain))
836
+ return X509_TRUST_TRUSTED;
837
+ x = sk_X509_value(ctx->chain, 0);
838
+ mx = lookup_cert_match(ctx, x);
839
+ if (mx) {
840
+ (void)sk_X509_set(ctx->chain, 0, mx);
841
+ X509_free(x);
842
+ ctx->last_untrusted = 0;
843
+ return X509_TRUST_TRUSTED;
844
+ }
845
+ }
846
+
847
+ /*
848
+ * If no trusted certs in chain at all return untrusted and allow
849
+ * standard (no issuer cert) etc errors to be indicated.
850
+ */
851
+ return X509_TRUST_UNTRUSTED;
852
+ }
853
+
854
+ static int check_revocation(X509_STORE_CTX *ctx)
855
+ {
856
+ int i, last, ok;
857
+ if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK))
858
+ return 1;
859
+ if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL)
860
+ last = sk_X509_num(ctx->chain) - 1;
861
+ else {
862
+ /* If checking CRL paths this isn't the EE certificate */
863
+ if (ctx->parent)
864
+ return 1;
865
+ last = 0;
866
+ }
867
+ for (i = 0; i <= last; i++) {
868
+ ctx->error_depth = i;
869
+ ok = check_cert(ctx);
870
+ if (!ok)
871
+ return ok;
872
+ }
873
+ return 1;
874
+ }
875
+
876
+ static int check_cert(X509_STORE_CTX *ctx)
877
+ {
878
+ X509_CRL *crl = NULL, *dcrl = NULL;
879
+ X509 *x;
880
+ int ok = 0, cnum;
881
+ unsigned int last_reasons;
882
+ cnum = ctx->error_depth;
883
+ x = sk_X509_value(ctx->chain, cnum);
884
+ ctx->current_cert = x;
885
+ ctx->current_issuer = NULL;
886
+ ctx->current_crl_score = 0;
887
+ ctx->current_reasons = 0;
888
+ while (ctx->current_reasons != CRLDP_ALL_REASONS) {
889
+ last_reasons = ctx->current_reasons;
890
+ /* Try to retrieve relevant CRL */
891
+ if (ctx->get_crl)
892
+ ok = ctx->get_crl(ctx, &crl, x);
893
+ else
894
+ ok = get_crl_delta(ctx, &crl, &dcrl, x);
895
+ /*
896
+ * If error looking up CRL, nothing we can do except notify callback
897
+ */
898
+ if (!ok) {
899
+ ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
900
+ ok = ctx->verify_cb(0, ctx);
901
+ goto err;
902
+ }
903
+ ctx->current_crl = crl;
904
+ ok = ctx->check_crl(ctx, crl);
905
+ if (!ok)
906
+ goto err;
907
+
908
+ if (dcrl) {
909
+ ok = ctx->check_crl(ctx, dcrl);
910
+ if (!ok)
911
+ goto err;
912
+ ok = ctx->cert_crl(ctx, dcrl, x);
913
+ if (!ok)
914
+ goto err;
915
+ } else
916
+ ok = 1;
917
+
918
+ /* Don't look in full CRL if delta reason is removefromCRL */
919
+ if (ok != 2) {
920
+ ok = ctx->cert_crl(ctx, crl, x);
921
+ if (!ok)
922
+ goto err;
923
+ }
924
+
925
+ X509_CRL_free(crl);
926
+ X509_CRL_free(dcrl);
927
+ crl = NULL;
928
+ dcrl = NULL;
929
+ /*
930
+ * If reasons not updated we wont get anywhere by another iteration,
931
+ * so exit loop.
932
+ */
933
+ if (last_reasons == ctx->current_reasons) {
934
+ ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
935
+ ok = ctx->verify_cb(0, ctx);
936
+ goto err;
937
+ }
938
+ }
939
+ err:
940
+ X509_CRL_free(crl);
941
+ X509_CRL_free(dcrl);
942
+
943
+ ctx->current_crl = NULL;
944
+ return ok;
945
+
946
+ }
947
+
948
+ /* Check CRL times against values in X509_STORE_CTX */
949
+
950
+ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
951
+ {
952
+ time_t *ptime;
953
+ int i;
954
+ if (notify)
955
+ ctx->current_crl = crl;
956
+ if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
957
+ ptime = &ctx->param->check_time;
958
+ else
959
+ ptime = NULL;
960
+
961
+ i = X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime);
962
+ if (i == 0) {
963
+ if (!notify)
964
+ return 0;
965
+ ctx->error = X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD;
966
+ if (!ctx->verify_cb(0, ctx))
967
+ return 0;
968
+ }
969
+
970
+ if (i > 0) {
971
+ if (!notify)
972
+ return 0;
973
+ ctx->error = X509_V_ERR_CRL_NOT_YET_VALID;
974
+ if (!ctx->verify_cb(0, ctx))
975
+ return 0;
976
+ }
977
+
978
+ if (X509_CRL_get_nextUpdate(crl)) {
979
+ i = X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime);
980
+
981
+ if (i == 0) {
982
+ if (!notify)
983
+ return 0;
984
+ ctx->error = X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD;
985
+ if (!ctx->verify_cb(0, ctx))
986
+ return 0;
987
+ }
988
+ /* Ignore expiry of base CRL is delta is valid */
989
+ if ((i < 0) && !(ctx->current_crl_score & CRL_SCORE_TIME_DELTA)) {
990
+ if (!notify)
991
+ return 0;
992
+ ctx->error = X509_V_ERR_CRL_HAS_EXPIRED;
993
+ if (!ctx->verify_cb(0, ctx))
994
+ return 0;
995
+ }
996
+ }
997
+
998
+ if (notify)
999
+ ctx->current_crl = NULL;
1000
+
1001
+ return 1;
1002
+ }
1003
+
1004
+ static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
1005
+ X509 **pissuer, int *pscore, unsigned int *preasons,
1006
+ STACK_OF(X509_CRL) *crls)
1007
+ {
1008
+ int crl_score, best_score = *pscore;
1009
+ size_t i;
1010
+ unsigned int reasons, best_reasons = 0;
1011
+ X509 *x = ctx->current_cert;
1012
+ X509_CRL *crl, *best_crl = NULL;
1013
+ X509 *crl_issuer = NULL, *best_crl_issuer = NULL;
1014
+
1015
+ for (i = 0; i < sk_X509_CRL_num(crls); i++) {
1016
+ crl = sk_X509_CRL_value(crls, i);
1017
+ reasons = *preasons;
1018
+ crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x);
1019
+ if (crl_score < best_score || crl_score == 0)
1020
+ continue;
1021
+ /* If current CRL is equivalent use it if it is newer */
1022
+ if (crl_score == best_score && best_crl != NULL) {
1023
+ int day, sec;
1024
+ if (ASN1_TIME_diff(&day, &sec, X509_CRL_get_lastUpdate(best_crl),
1025
+ X509_CRL_get_lastUpdate(crl)) == 0)
1026
+ continue;
1027
+ /*
1028
+ * ASN1_TIME_diff never returns inconsistent signs for |day|
1029
+ * and |sec|.
1030
+ */
1031
+ if (day <= 0 && sec <= 0)
1032
+ continue;
1033
+ }
1034
+ best_crl = crl;
1035
+ best_crl_issuer = crl_issuer;
1036
+ best_score = crl_score;
1037
+ best_reasons = reasons;
1038
+ }
1039
+
1040
+ if (best_crl) {
1041
+ if (*pcrl)
1042
+ X509_CRL_free(*pcrl);
1043
+ *pcrl = best_crl;
1044
+ *pissuer = best_crl_issuer;
1045
+ *pscore = best_score;
1046
+ *preasons = best_reasons;
1047
+ X509_CRL_up_ref(best_crl);
1048
+ if (*pdcrl) {
1049
+ X509_CRL_free(*pdcrl);
1050
+ *pdcrl = NULL;
1051
+ }
1052
+ get_delta_sk(ctx, pdcrl, pscore, best_crl, crls);
1053
+ }
1054
+
1055
+ if (best_score >= CRL_SCORE_VALID)
1056
+ return 1;
1057
+
1058
+ return 0;
1059
+ }
1060
+
1061
+ /*
1062
+ * Compare two CRL extensions for delta checking purposes. They should be
1063
+ * both present or both absent. If both present all fields must be identical.
1064
+ */
1065
+
1066
+ static int crl_extension_match(X509_CRL *a, X509_CRL *b, int nid)
1067
+ {
1068
+ ASN1_OCTET_STRING *exta, *extb;
1069
+ int i;
1070
+ i = X509_CRL_get_ext_by_NID(a, nid, -1);
1071
+ if (i >= 0) {
1072
+ /* Can't have multiple occurrences */
1073
+ if (X509_CRL_get_ext_by_NID(a, nid, i) != -1)
1074
+ return 0;
1075
+ exta = X509_EXTENSION_get_data(X509_CRL_get_ext(a, i));
1076
+ } else
1077
+ exta = NULL;
1078
+
1079
+ i = X509_CRL_get_ext_by_NID(b, nid, -1);
1080
+
1081
+ if (i >= 0) {
1082
+
1083
+ if (X509_CRL_get_ext_by_NID(b, nid, i) != -1)
1084
+ return 0;
1085
+ extb = X509_EXTENSION_get_data(X509_CRL_get_ext(b, i));
1086
+ } else
1087
+ extb = NULL;
1088
+
1089
+ if (!exta && !extb)
1090
+ return 1;
1091
+
1092
+ if (!exta || !extb)
1093
+ return 0;
1094
+
1095
+ if (ASN1_OCTET_STRING_cmp(exta, extb))
1096
+ return 0;
1097
+
1098
+ return 1;
1099
+ }
1100
+
1101
+ /* See if a base and delta are compatible */
1102
+
1103
+ static int check_delta_base(X509_CRL *delta, X509_CRL *base)
1104
+ {
1105
+ /* Delta CRL must be a delta */
1106
+ if (!delta->base_crl_number)
1107
+ return 0;
1108
+ /* Base must have a CRL number */
1109
+ if (!base->crl_number)
1110
+ return 0;
1111
+ /* Issuer names must match */
1112
+ if (X509_NAME_cmp(X509_CRL_get_issuer(base), X509_CRL_get_issuer(delta)))
1113
+ return 0;
1114
+ /* AKID and IDP must match */
1115
+ if (!crl_extension_match(delta, base, NID_authority_key_identifier))
1116
+ return 0;
1117
+ if (!crl_extension_match(delta, base, NID_issuing_distribution_point))
1118
+ return 0;
1119
+ /* Delta CRL base number must not exceed Full CRL number. */
1120
+ if (ASN1_INTEGER_cmp(delta->base_crl_number, base->crl_number) > 0)
1121
+ return 0;
1122
+ /* Delta CRL number must exceed full CRL number */
1123
+ if (ASN1_INTEGER_cmp(delta->crl_number, base->crl_number) > 0)
1124
+ return 1;
1125
+ return 0;
1126
+ }
1127
+
1128
+ /*
1129
+ * For a given base CRL find a delta... maybe extend to delta scoring or
1130
+ * retrieve a chain of deltas...
1131
+ */
1132
+
1133
+ static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pscore,
1134
+ X509_CRL *base, STACK_OF(X509_CRL) *crls)
1135
+ {
1136
+ X509_CRL *delta;
1137
+ size_t i;
1138
+ if (!(ctx->param->flags & X509_V_FLAG_USE_DELTAS))
1139
+ return;
1140
+ if (!((ctx->current_cert->ex_flags | base->flags) & EXFLAG_FRESHEST))
1141
+ return;
1142
+ for (i = 0; i < sk_X509_CRL_num(crls); i++) {
1143
+ delta = sk_X509_CRL_value(crls, i);
1144
+ if (check_delta_base(delta, base)) {
1145
+ if (check_crl_time(ctx, delta, 0))
1146
+ *pscore |= CRL_SCORE_TIME_DELTA;
1147
+ X509_CRL_up_ref(delta);
1148
+ *dcrl = delta;
1149
+ return;
1150
+ }
1151
+ }
1152
+ *dcrl = NULL;
1153
+ }
1154
+
1155
+ /*
1156
+ * For a given CRL return how suitable it is for the supplied certificate
1157
+ * 'x'. The return value is a mask of several criteria. If the issuer is not
1158
+ * the certificate issuer this is returned in *pissuer. The reasons mask is
1159
+ * also used to determine if the CRL is suitable: if no new reasons the CRL
1160
+ * is rejected, otherwise reasons is updated.
1161
+ */
1162
+
1163
+ static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
1164
+ unsigned int *preasons, X509_CRL *crl, X509 *x)
1165
+ {
1166
+
1167
+ int crl_score = 0;
1168
+ unsigned int tmp_reasons = *preasons, crl_reasons;
1169
+
1170
+ /* First see if we can reject CRL straight away */
1171
+
1172
+ /* Invalid IDP cannot be processed */
1173
+ if (crl->idp_flags & IDP_INVALID)
1174
+ return 0;
1175
+ /* Reason codes or indirect CRLs need extended CRL support */
1176
+ if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT)) {
1177
+ if (crl->idp_flags & (IDP_INDIRECT | IDP_REASONS))
1178
+ return 0;
1179
+ } else if (crl->idp_flags & IDP_REASONS) {
1180
+ /* If no new reasons reject */
1181
+ if (!(crl->idp_reasons & ~tmp_reasons))
1182
+ return 0;
1183
+ }
1184
+ /* Don't process deltas at this stage */
1185
+ else if (crl->base_crl_number)
1186
+ return 0;
1187
+ /* If issuer name doesn't match certificate need indirect CRL */
1188
+ if (X509_NAME_cmp(X509_get_issuer_name(x), X509_CRL_get_issuer(crl))) {
1189
+ if (!(crl->idp_flags & IDP_INDIRECT))
1190
+ return 0;
1191
+ } else
1192
+ crl_score |= CRL_SCORE_ISSUER_NAME;
1193
+
1194
+ if (!(crl->flags & EXFLAG_CRITICAL))
1195
+ crl_score |= CRL_SCORE_NOCRITICAL;
1196
+
1197
+ /* Check expiry */
1198
+ if (check_crl_time(ctx, crl, 0))
1199
+ crl_score |= CRL_SCORE_TIME;
1200
+
1201
+ /* Check authority key ID and locate certificate issuer */
1202
+ crl_akid_check(ctx, crl, pissuer, &crl_score);
1203
+
1204
+ /* If we can't locate certificate issuer at this point forget it */
1205
+
1206
+ if (!(crl_score & CRL_SCORE_AKID))
1207
+ return 0;
1208
+
1209
+ /* Check cert for matching CRL distribution points */
1210
+
1211
+ if (crl_crldp_check(x, crl, crl_score, &crl_reasons)) {
1212
+ /* If no new reasons reject */
1213
+ if (!(crl_reasons & ~tmp_reasons))
1214
+ return 0;
1215
+ tmp_reasons |= crl_reasons;
1216
+ crl_score |= CRL_SCORE_SCOPE;
1217
+ }
1218
+
1219
+ *preasons = tmp_reasons;
1220
+
1221
+ return crl_score;
1222
+
1223
+ }
1224
+
1225
+ static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl,
1226
+ X509 **pissuer, int *pcrl_score)
1227
+ {
1228
+ X509 *crl_issuer = NULL;
1229
+ X509_NAME *cnm = X509_CRL_get_issuer(crl);
1230
+ int cidx = ctx->error_depth;
1231
+ size_t i;
1232
+
1233
+ if ((size_t)cidx != sk_X509_num(ctx->chain) - 1)
1234
+ cidx++;
1235
+
1236
+ crl_issuer = sk_X509_value(ctx->chain, cidx);
1237
+
1238
+ if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
1239
+ if (*pcrl_score & CRL_SCORE_ISSUER_NAME) {
1240
+ *pcrl_score |= CRL_SCORE_AKID | CRL_SCORE_ISSUER_CERT;
1241
+ *pissuer = crl_issuer;
1242
+ return;
1243
+ }
1244
+ }
1245
+
1246
+ for (cidx++; cidx < (int)sk_X509_num(ctx->chain); cidx++) {
1247
+ crl_issuer = sk_X509_value(ctx->chain, cidx);
1248
+ if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm))
1249
+ continue;
1250
+ if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
1251
+ *pcrl_score |= CRL_SCORE_AKID | CRL_SCORE_SAME_PATH;
1252
+ *pissuer = crl_issuer;
1253
+ return;
1254
+ }
1255
+ }
1256
+
1257
+ /* Anything else needs extended CRL support */
1258
+
1259
+ if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT))
1260
+ return;
1261
+
1262
+ /*
1263
+ * Otherwise the CRL issuer is not on the path. Look for it in the set of
1264
+ * untrusted certificates.
1265
+ */
1266
+ for (i = 0; i < sk_X509_num(ctx->untrusted); i++) {
1267
+ crl_issuer = sk_X509_value(ctx->untrusted, i);
1268
+ if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm))
1269
+ continue;
1270
+ if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
1271
+ *pissuer = crl_issuer;
1272
+ *pcrl_score |= CRL_SCORE_AKID;
1273
+ return;
1274
+ }
1275
+ }
1276
+
1277
+ for (i = 0; i < sk_X509_num(ctx->ctx->additional_untrusted); i++) {
1278
+ crl_issuer = sk_X509_value(ctx->ctx->additional_untrusted, i);
1279
+ if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm))
1280
+ continue;
1281
+ if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
1282
+ *pissuer = crl_issuer;
1283
+ *pcrl_score |= CRL_SCORE_AKID;
1284
+ return;
1285
+ }
1286
+ }
1287
+ }
1288
+
1289
+ /*
1290
+ * Check the path of a CRL issuer certificate. This creates a new
1291
+ * X509_STORE_CTX and populates it with most of the parameters from the
1292
+ * parent. This could be optimised somewhat since a lot of path checking will
1293
+ * be duplicated by the parent, but this will rarely be used in practice.
1294
+ */
1295
+
1296
+ static int check_crl_path(X509_STORE_CTX *ctx, X509 *x)
1297
+ {
1298
+ X509_STORE_CTX crl_ctx;
1299
+ int ret;
1300
+ /* Don't allow recursive CRL path validation */
1301
+ if (ctx->parent)
1302
+ return 0;
1303
+ if (!X509_STORE_CTX_init(&crl_ctx, ctx->ctx, x, ctx->untrusted))
1304
+ return -1;
1305
+
1306
+ crl_ctx.crls = ctx->crls;
1307
+ /* Copy verify params across */
1308
+ X509_STORE_CTX_set0_param(&crl_ctx, ctx->param);
1309
+
1310
+ crl_ctx.parent = ctx;
1311
+ crl_ctx.verify_cb = ctx->verify_cb;
1312
+
1313
+ /* Verify CRL issuer */
1314
+ ret = X509_verify_cert(&crl_ctx);
1315
+
1316
+ if (ret <= 0)
1317
+ goto err;
1318
+
1319
+ /* Check chain is acceptable */
1320
+
1321
+ ret = check_crl_chain(ctx, ctx->chain, crl_ctx.chain);
1322
+ err:
1323
+ X509_STORE_CTX_cleanup(&crl_ctx);
1324
+ return ret;
1325
+ }
1326
+
1327
+ /*
1328
+ * RFC3280 says nothing about the relationship between CRL path and
1329
+ * certificate path, which could lead to situations where a certificate could
1330
+ * be revoked or validated by a CA not authorised to do so. RFC5280 is more
1331
+ * strict and states that the two paths must end in the same trust anchor,
1332
+ * though some discussions remain... until this is resolved we use the
1333
+ * RFC5280 version
1334
+ */
1335
+
1336
+ static int check_crl_chain(X509_STORE_CTX *ctx,
1337
+ STACK_OF(X509) *cert_path,
1338
+ STACK_OF(X509) *crl_path)
1339
+ {
1340
+ X509 *cert_ta, *crl_ta;
1341
+ cert_ta = sk_X509_value(cert_path, sk_X509_num(cert_path) - 1);
1342
+ crl_ta = sk_X509_value(crl_path, sk_X509_num(crl_path) - 1);
1343
+ if (!X509_cmp(cert_ta, crl_ta))
1344
+ return 1;
1345
+ return 0;
1346
+ }
1347
+
1348
+ /*
1349
+ * Check for match between two dist point names: three separate cases. 1.
1350
+ * Both are relative names and compare X509_NAME types. 2. One full, one
1351
+ * relative. Compare X509_NAME to GENERAL_NAMES. 3. Both are full names and
1352
+ * compare two GENERAL_NAMES. 4. One is NULL: automatic match.
1353
+ */
1354
+
1355
+ static int idp_check_dp(DIST_POINT_NAME *a, DIST_POINT_NAME *b)
1356
+ {
1357
+ X509_NAME *nm = NULL;
1358
+ GENERAL_NAMES *gens = NULL;
1359
+ GENERAL_NAME *gena, *genb;
1360
+ size_t i, j;
1361
+ if (!a || !b)
1362
+ return 1;
1363
+ if (a->type == 1) {
1364
+ if (!a->dpname)
1365
+ return 0;
1366
+ /* Case 1: two X509_NAME */
1367
+ if (b->type == 1) {
1368
+ if (!b->dpname)
1369
+ return 0;
1370
+ if (!X509_NAME_cmp(a->dpname, b->dpname))
1371
+ return 1;
1372
+ else
1373
+ return 0;
1374
+ }
1375
+ /* Case 2: set name and GENERAL_NAMES appropriately */
1376
+ nm = a->dpname;
1377
+ gens = b->name.fullname;
1378
+ } else if (b->type == 1) {
1379
+ if (!b->dpname)
1380
+ return 0;
1381
+ /* Case 2: set name and GENERAL_NAMES appropriately */
1382
+ gens = a->name.fullname;
1383
+ nm = b->dpname;
1384
+ }
1385
+
1386
+ /* Handle case 2 with one GENERAL_NAMES and one X509_NAME */
1387
+ if (nm) {
1388
+ for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
1389
+ gena = sk_GENERAL_NAME_value(gens, i);
1390
+ if (gena->type != GEN_DIRNAME)
1391
+ continue;
1392
+ if (!X509_NAME_cmp(nm, gena->d.directoryName))
1393
+ return 1;
1394
+ }
1395
+ return 0;
1396
+ }
1397
+
1398
+ /* Else case 3: two GENERAL_NAMES */
1399
+
1400
+ for (i = 0; i < sk_GENERAL_NAME_num(a->name.fullname); i++) {
1401
+ gena = sk_GENERAL_NAME_value(a->name.fullname, i);
1402
+ for (j = 0; j < sk_GENERAL_NAME_num(b->name.fullname); j++) {
1403
+ genb = sk_GENERAL_NAME_value(b->name.fullname, j);
1404
+ if (!GENERAL_NAME_cmp(gena, genb))
1405
+ return 1;
1406
+ }
1407
+ }
1408
+
1409
+ return 0;
1410
+
1411
+ }
1412
+
1413
+ static int crldp_check_crlissuer(DIST_POINT *dp, X509_CRL *crl, int crl_score)
1414
+ {
1415
+ size_t i;
1416
+ X509_NAME *nm = X509_CRL_get_issuer(crl);
1417
+ /* If no CRLissuer return is successful iff don't need a match */
1418
+ if (!dp->CRLissuer)
1419
+ return ! !(crl_score & CRL_SCORE_ISSUER_NAME);
1420
+ for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) {
1421
+ GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i);
1422
+ if (gen->type != GEN_DIRNAME)
1423
+ continue;
1424
+ if (!X509_NAME_cmp(gen->d.directoryName, nm))
1425
+ return 1;
1426
+ }
1427
+ return 0;
1428
+ }
1429
+
1430
+ /* Check CRLDP and IDP */
1431
+
1432
+ static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score,
1433
+ unsigned int *preasons)
1434
+ {
1435
+ size_t i;
1436
+ if (crl->idp_flags & IDP_ONLYATTR)
1437
+ return 0;
1438
+ if (x->ex_flags & EXFLAG_CA) {
1439
+ if (crl->idp_flags & IDP_ONLYUSER)
1440
+ return 0;
1441
+ } else {
1442
+ if (crl->idp_flags & IDP_ONLYCA)
1443
+ return 0;
1444
+ }
1445
+ *preasons = crl->idp_reasons;
1446
+ for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++) {
1447
+ DIST_POINT *dp = sk_DIST_POINT_value(x->crldp, i);
1448
+ if (crldp_check_crlissuer(dp, crl, crl_score)) {
1449
+ if (!crl->idp || idp_check_dp(dp->distpoint, crl->idp->distpoint)) {
1450
+ *preasons &= dp->dp_reasons;
1451
+ return 1;
1452
+ }
1453
+ }
1454
+ }
1455
+ if ((!crl->idp || !crl->idp->distpoint)
1456
+ && (crl_score & CRL_SCORE_ISSUER_NAME))
1457
+ return 1;
1458
+ return 0;
1459
+ }
1460
+
1461
+ /*
1462
+ * Retrieve CRL corresponding to current certificate. If deltas enabled try
1463
+ * to find a delta CRL too
1464
+ */
1465
+
1466
+ static int get_crl_delta(X509_STORE_CTX *ctx,
1467
+ X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x)
1468
+ {
1469
+ int ok;
1470
+ X509 *issuer = NULL;
1471
+ int crl_score = 0;
1472
+ unsigned int reasons;
1473
+ X509_CRL *crl = NULL, *dcrl = NULL;
1474
+ STACK_OF(X509_CRL) *skcrl;
1475
+ X509_NAME *nm = X509_get_issuer_name(x);
1476
+ reasons = ctx->current_reasons;
1477
+ ok = get_crl_sk(ctx, &crl, &dcrl,
1478
+ &issuer, &crl_score, &reasons, ctx->crls);
1479
+
1480
+ if (ok)
1481
+ goto done;
1482
+
1483
+ /* Lookup CRLs from store */
1484
+
1485
+ skcrl = ctx->lookup_crls(ctx, nm);
1486
+
1487
+ /* If no CRLs found and a near match from get_crl_sk use that */
1488
+ if (!skcrl && crl)
1489
+ goto done;
1490
+
1491
+ get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons, skcrl);
1492
+
1493
+ sk_X509_CRL_pop_free(skcrl, X509_CRL_free);
1494
+
1495
+ done:
1496
+
1497
+ /* If we got any kind of CRL use it and return success */
1498
+ if (crl) {
1499
+ ctx->current_issuer = issuer;
1500
+ ctx->current_crl_score = crl_score;
1501
+ ctx->current_reasons = reasons;
1502
+ *pcrl = crl;
1503
+ *pdcrl = dcrl;
1504
+ return 1;
1505
+ }
1506
+
1507
+ return 0;
1508
+ }
1509
+
1510
+ /* Check CRL validity */
1511
+ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
1512
+ {
1513
+ X509 *issuer = NULL;
1514
+ EVP_PKEY *ikey = NULL;
1515
+ int ok = 0, chnum, cnum;
1516
+ cnum = ctx->error_depth;
1517
+ chnum = sk_X509_num(ctx->chain) - 1;
1518
+ /* if we have an alternative CRL issuer cert use that */
1519
+ if (ctx->current_issuer)
1520
+ issuer = ctx->current_issuer;
1521
+
1522
+ /*
1523
+ * Else find CRL issuer: if not last certificate then issuer is next
1524
+ * certificate in chain.
1525
+ */
1526
+ else if (cnum < chnum)
1527
+ issuer = sk_X509_value(ctx->chain, cnum + 1);
1528
+ else {
1529
+ issuer = sk_X509_value(ctx->chain, chnum);
1530
+ /* If not self signed, can't check signature */
1531
+ if (!ctx->check_issued(ctx, issuer, issuer)) {
1532
+ ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER;
1533
+ ok = ctx->verify_cb(0, ctx);
1534
+ if (!ok)
1535
+ goto err;
1536
+ }
1537
+ }
1538
+
1539
+ if (issuer) {
1540
+ /*
1541
+ * Skip most tests for deltas because they have already been done
1542
+ */
1543
+ if (!crl->base_crl_number) {
1544
+ /* Check for cRLSign bit if keyUsage present */
1545
+ if ((issuer->ex_flags & EXFLAG_KUSAGE) &&
1546
+ !(issuer->ex_kusage & KU_CRL_SIGN)) {
1547
+ ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN;
1548
+ ok = ctx->verify_cb(0, ctx);
1549
+ if (!ok)
1550
+ goto err;
1551
+ }
1552
+
1553
+ if (!(ctx->current_crl_score & CRL_SCORE_SCOPE)) {
1554
+ ctx->error = X509_V_ERR_DIFFERENT_CRL_SCOPE;
1555
+ ok = ctx->verify_cb(0, ctx);
1556
+ if (!ok)
1557
+ goto err;
1558
+ }
1559
+
1560
+ if (!(ctx->current_crl_score & CRL_SCORE_SAME_PATH)) {
1561
+ if (check_crl_path(ctx, ctx->current_issuer) <= 0) {
1562
+ ctx->error = X509_V_ERR_CRL_PATH_VALIDATION_ERROR;
1563
+ ok = ctx->verify_cb(0, ctx);
1564
+ if (!ok)
1565
+ goto err;
1566
+ }
1567
+ }
1568
+
1569
+ if (crl->idp_flags & IDP_INVALID) {
1570
+ ctx->error = X509_V_ERR_INVALID_EXTENSION;
1571
+ ok = ctx->verify_cb(0, ctx);
1572
+ if (!ok)
1573
+ goto err;
1574
+ }
1575
+
1576
+ }
1577
+
1578
+ if (!(ctx->current_crl_score & CRL_SCORE_TIME)) {
1579
+ ok = check_crl_time(ctx, crl, 1);
1580
+ if (!ok)
1581
+ goto err;
1582
+ }
1583
+
1584
+ /* Attempt to get issuer certificate public key */
1585
+ ikey = X509_get_pubkey(issuer);
1586
+
1587
+ if (!ikey) {
1588
+ ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
1589
+ ok = ctx->verify_cb(0, ctx);
1590
+ if (!ok)
1591
+ goto err;
1592
+ } else {
1593
+ int rv;
1594
+ rv = X509_CRL_check_suiteb(crl, ikey, ctx->param->flags);
1595
+ if (rv != X509_V_OK) {
1596
+ ctx->error = rv;
1597
+ ok = ctx->verify_cb(0, ctx);
1598
+ if (!ok)
1599
+ goto err;
1600
+ }
1601
+ /* Verify CRL signature */
1602
+ if (X509_CRL_verify(crl, ikey) <= 0) {
1603
+ ctx->error = X509_V_ERR_CRL_SIGNATURE_FAILURE;
1604
+ ok = ctx->verify_cb(0, ctx);
1605
+ if (!ok)
1606
+ goto err;
1607
+ }
1608
+ }
1609
+ }
1610
+
1611
+ ok = 1;
1612
+
1613
+ err:
1614
+ EVP_PKEY_free(ikey);
1615
+ return ok;
1616
+ }
1617
+
1618
+ /* Check certificate against CRL */
1619
+ static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
1620
+ {
1621
+ int ok;
1622
+ X509_REVOKED *rev;
1623
+ /*
1624
+ * The rules changed for this... previously if a CRL contained unhandled
1625
+ * critical extensions it could still be used to indicate a certificate
1626
+ * was revoked. This has since been changed since critical extension can
1627
+ * change the meaning of CRL entries.
1628
+ */
1629
+ if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
1630
+ && (crl->flags & EXFLAG_CRITICAL)) {
1631
+ ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
1632
+ ok = ctx->verify_cb(0, ctx);
1633
+ if (!ok)
1634
+ return 0;
1635
+ }
1636
+ /*
1637
+ * Look for serial number of certificate in CRL If found make sure reason
1638
+ * is not removeFromCRL.
1639
+ */
1640
+ if (X509_CRL_get0_by_cert(crl, &rev, x)) {
1641
+ if (rev->reason == CRL_REASON_REMOVE_FROM_CRL)
1642
+ return 2;
1643
+ ctx->error = X509_V_ERR_CERT_REVOKED;
1644
+ ok = ctx->verify_cb(0, ctx);
1645
+ if (!ok)
1646
+ return 0;
1647
+ }
1648
+
1649
+ return 1;
1650
+ }
1651
+
1652
+ static int check_policy(X509_STORE_CTX *ctx)
1653
+ {
1654
+ int ret;
1655
+ if (ctx->parent)
1656
+ return 1;
1657
+ ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain,
1658
+ ctx->param->policies, ctx->param->flags);
1659
+ if (ret == 0) {
1660
+ OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
1661
+ ctx->error = X509_V_ERR_OUT_OF_MEM;
1662
+ return 0;
1663
+ }
1664
+ /* Invalid or inconsistent extensions */
1665
+ if (ret == -1) {
1666
+ /*
1667
+ * Locate certificates with bad extensions and notify callback.
1668
+ */
1669
+ X509 *x;
1670
+ size_t i;
1671
+ for (i = 1; i < sk_X509_num(ctx->chain); i++) {
1672
+ x = sk_X509_value(ctx->chain, i);
1673
+ if (!(x->ex_flags & EXFLAG_INVALID_POLICY))
1674
+ continue;
1675
+ ctx->current_cert = x;
1676
+ ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION;
1677
+ if (!ctx->verify_cb(0, ctx))
1678
+ return 0;
1679
+ }
1680
+ return 1;
1681
+ }
1682
+ if (ret == -2) {
1683
+ ctx->current_cert = NULL;
1684
+ ctx->error = X509_V_ERR_NO_EXPLICIT_POLICY;
1685
+ return ctx->verify_cb(0, ctx);
1686
+ }
1687
+
1688
+ if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) {
1689
+ ctx->current_cert = NULL;
1690
+ /*
1691
+ * Verification errors need to be "sticky", a callback may have allowed
1692
+ * an SSL handshake to continue despite an error, and we must then
1693
+ * remain in an error state. Therefore, we MUST NOT clear earlier
1694
+ * verification errors by setting the error to X509_V_OK.
1695
+ */
1696
+ if (!ctx->verify_cb(2, ctx))
1697
+ return 0;
1698
+ }
1699
+
1700
+ return 1;
1701
+ }
1702
+
1703
+ static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
1704
+ {
1705
+ time_t *ptime;
1706
+ int i;
1707
+
1708
+ if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
1709
+ ptime = &ctx->param->check_time;
1710
+ else
1711
+ ptime = NULL;
1712
+
1713
+ i = X509_cmp_time(X509_get_notBefore(x), ptime);
1714
+ if (i == 0) {
1715
+ ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD;
1716
+ ctx->current_cert = x;
1717
+ if (!ctx->verify_cb(0, ctx))
1718
+ return 0;
1719
+ }
1720
+
1721
+ if (i > 0) {
1722
+ ctx->error = X509_V_ERR_CERT_NOT_YET_VALID;
1723
+ ctx->current_cert = x;
1724
+ if (!ctx->verify_cb(0, ctx))
1725
+ return 0;
1726
+ }
1727
+
1728
+ i = X509_cmp_time(X509_get_notAfter(x), ptime);
1729
+ if (i == 0) {
1730
+ ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;
1731
+ ctx->current_cert = x;
1732
+ if (!ctx->verify_cb(0, ctx))
1733
+ return 0;
1734
+ }
1735
+
1736
+ if (i < 0) {
1737
+ ctx->error = X509_V_ERR_CERT_HAS_EXPIRED;
1738
+ ctx->current_cert = x;
1739
+ if (!ctx->verify_cb(0, ctx))
1740
+ return 0;
1741
+ }
1742
+
1743
+ return 1;
1744
+ }
1745
+
1746
+ static int internal_verify(X509_STORE_CTX *ctx)
1747
+ {
1748
+ int ok = 0, n;
1749
+ X509 *xs, *xi;
1750
+ EVP_PKEY *pkey = NULL;
1751
+ int (*cb) (int xok, X509_STORE_CTX *xctx);
1752
+
1753
+ cb = ctx->verify_cb;
1754
+
1755
+ n = sk_X509_num(ctx->chain);
1756
+ ctx->error_depth = n - 1;
1757
+ n--;
1758
+ xi = sk_X509_value(ctx->chain, n);
1759
+
1760
+ if (ctx->check_issued(ctx, xi, xi))
1761
+ xs = xi;
1762
+ else {
1763
+ if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) {
1764
+ xs = xi;
1765
+ goto check_cert;
1766
+ }
1767
+ if (n <= 0) {
1768
+ ctx->error = X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
1769
+ ctx->current_cert = xi;
1770
+ ok = cb(0, ctx);
1771
+ goto end;
1772
+ } else {
1773
+ n--;
1774
+ ctx->error_depth = n;
1775
+ xs = sk_X509_value(ctx->chain, n);
1776
+ }
1777
+ }
1778
+
1779
+ /* ctx->error=0; not needed */
1780
+ while (n >= 0) {
1781
+ ctx->error_depth = n;
1782
+
1783
+ /*
1784
+ * Skip signature check for self signed certificates unless
1785
+ * explicitly asked for. It doesn't add any security and just wastes
1786
+ * time.
1787
+ */
1788
+ if (xs != xi || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE)) {
1789
+ if ((pkey = X509_get_pubkey(xi)) == NULL) {
1790
+ ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
1791
+ ctx->current_cert = xi;
1792
+ ok = (*cb) (0, ctx);
1793
+ if (!ok)
1794
+ goto end;
1795
+ } else if (X509_verify(xs, pkey) <= 0) {
1796
+ ctx->error = X509_V_ERR_CERT_SIGNATURE_FAILURE;
1797
+ ctx->current_cert = xs;
1798
+ ok = (*cb) (0, ctx);
1799
+ if (!ok) {
1800
+ EVP_PKEY_free(pkey);
1801
+ goto end;
1802
+ }
1803
+ }
1804
+ EVP_PKEY_free(pkey);
1805
+ pkey = NULL;
1806
+ }
1807
+
1808
+ check_cert:
1809
+ ok = check_cert_time(ctx, xs);
1810
+ if (!ok)
1811
+ goto end;
1812
+
1813
+ /* The last error (if any) is still in the error value */
1814
+ ctx->current_issuer = xi;
1815
+ ctx->current_cert = xs;
1816
+ ok = (*cb) (1, ctx);
1817
+ if (!ok)
1818
+ goto end;
1819
+
1820
+ n--;
1821
+ if (n >= 0) {
1822
+ xi = xs;
1823
+ xs = sk_X509_value(ctx->chain, n);
1824
+ }
1825
+ }
1826
+ ok = 1;
1827
+ end:
1828
+ return ok;
1829
+ }
1830
+
1831
+ int X509_cmp_current_time(const ASN1_TIME *ctm)
1832
+ {
1833
+ return X509_cmp_time(ctm, NULL);
1834
+ }
1835
+
1836
+ int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time)
1837
+ {
1838
+ char *str;
1839
+ ASN1_TIME atm;
1840
+ long offset;
1841
+ char buff1[24], buff2[24], *p;
1842
+ int i, j, remaining;
1843
+
1844
+ p = buff1;
1845
+ remaining = ctm->length;
1846
+ str = (char *)ctm->data;
1847
+ /*
1848
+ * Note that the following (historical) code allows much more slack in
1849
+ * the time format than RFC5280. In RFC5280, the representation is fixed:
1850
+ * UTCTime: YYMMDDHHMMSSZ GeneralizedTime: YYYYMMDDHHMMSSZ
1851
+ */
1852
+ if (ctm->type == V_ASN1_UTCTIME) {
1853
+ /* YYMMDDHHMM[SS]Z or YYMMDDHHMM[SS](+-)hhmm */
1854
+ int min_length = sizeof("YYMMDDHHMMZ") - 1;
1855
+ int max_length = sizeof("YYMMDDHHMMSS+hhmm") - 1;
1856
+ if (remaining < min_length || remaining > max_length)
1857
+ return 0;
1858
+ OPENSSL_memcpy(p, str, 10);
1859
+ p += 10;
1860
+ str += 10;
1861
+ remaining -= 10;
1862
+ } else {
1863
+ /*
1864
+ * YYYYMMDDHHMM[SS[.fff]]Z or YYYYMMDDHHMM[SS[.f[f[f]]]](+-)hhmm
1865
+ */
1866
+ int min_length = sizeof("YYYYMMDDHHMMZ") - 1;
1867
+ int max_length = sizeof("YYYYMMDDHHMMSS.fff+hhmm") - 1;
1868
+ if (remaining < min_length || remaining > max_length)
1869
+ return 0;
1870
+ OPENSSL_memcpy(p, str, 12);
1871
+ p += 12;
1872
+ str += 12;
1873
+ remaining -= 12;
1874
+ }
1875
+
1876
+ if ((*str == 'Z') || (*str == '-') || (*str == '+')) {
1877
+ *(p++) = '0';
1878
+ *(p++) = '0';
1879
+ } else {
1880
+ /* SS (seconds) */
1881
+ if (remaining < 2)
1882
+ return 0;
1883
+ *(p++) = *(str++);
1884
+ *(p++) = *(str++);
1885
+ remaining -= 2;
1886
+ /*
1887
+ * Skip any (up to three) fractional seconds... TODO(emilia): in
1888
+ * RFC5280, fractional seconds are forbidden. Can we just kill them
1889
+ * altogether?
1890
+ */
1891
+ if (remaining && *str == '.') {
1892
+ str++;
1893
+ remaining--;
1894
+ for (i = 0; i < 3 && remaining; i++, str++, remaining--) {
1895
+ if (*str < '0' || *str > '9')
1896
+ break;
1897
+ }
1898
+ }
1899
+
1900
+ }
1901
+ *(p++) = 'Z';
1902
+ *(p++) = '\0';
1903
+
1904
+ /* We now need either a terminating 'Z' or an offset. */
1905
+ if (!remaining)
1906
+ return 0;
1907
+ if (*str == 'Z') {
1908
+ if (remaining != 1)
1909
+ return 0;
1910
+ offset = 0;
1911
+ } else {
1912
+ /* (+-)HHMM */
1913
+ if ((*str != '+') && (*str != '-'))
1914
+ return 0;
1915
+ /*
1916
+ * Historical behaviour: the (+-)hhmm offset is forbidden in RFC5280.
1917
+ */
1918
+ if (remaining != 5)
1919
+ return 0;
1920
+ if (str[1] < '0' || str[1] > '9' || str[2] < '0' || str[2] > '9' ||
1921
+ str[3] < '0' || str[3] > '9' || str[4] < '0' || str[4] > '9')
1922
+ return 0;
1923
+ offset = ((str[1] - '0') * 10 + (str[2] - '0')) * 60;
1924
+ offset += (str[3] - '0') * 10 + (str[4] - '0');
1925
+ if (*str == '-')
1926
+ offset = -offset;
1927
+ }
1928
+ atm.type = ctm->type;
1929
+ atm.flags = 0;
1930
+ atm.length = sizeof(buff2);
1931
+ atm.data = (unsigned char *)buff2;
1932
+
1933
+ if (X509_time_adj(&atm, offset * 60, cmp_time) == NULL)
1934
+ return 0;
1935
+
1936
+ if (ctm->type == V_ASN1_UTCTIME) {
1937
+ i = (buff1[0] - '0') * 10 + (buff1[1] - '0');
1938
+ if (i < 50)
1939
+ i += 100; /* cf. RFC 2459 */
1940
+ j = (buff2[0] - '0') * 10 + (buff2[1] - '0');
1941
+ if (j < 50)
1942
+ j += 100;
1943
+
1944
+ if (i < j)
1945
+ return -1;
1946
+ if (i > j)
1947
+ return 1;
1948
+ }
1949
+ i = strcmp(buff1, buff2);
1950
+ if (i == 0) /* wait a second then return younger :-) */
1951
+ return -1;
1952
+ else
1953
+ return i;
1954
+ }
1955
+
1956
+ ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)
1957
+ {
1958
+ return X509_time_adj(s, adj, NULL);
1959
+ }
1960
+
1961
+ ASN1_TIME *X509_time_adj(ASN1_TIME *s, long offset_sec, time_t *in_tm)
1962
+ {
1963
+ return X509_time_adj_ex(s, 0, offset_sec, in_tm);
1964
+ }
1965
+
1966
+ ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s,
1967
+ int offset_day, long offset_sec, time_t *in_tm)
1968
+ {
1969
+ time_t t = 0;
1970
+
1971
+ if (in_tm)
1972
+ t = *in_tm;
1973
+ else
1974
+ time(&t);
1975
+
1976
+ if (s && !(s->flags & ASN1_STRING_FLAG_MSTRING)) {
1977
+ if (s->type == V_ASN1_UTCTIME)
1978
+ return ASN1_UTCTIME_adj(s, t, offset_day, offset_sec);
1979
+ if (s->type == V_ASN1_GENERALIZEDTIME)
1980
+ return ASN1_GENERALIZEDTIME_adj(s, t, offset_day, offset_sec);
1981
+ }
1982
+ return ASN1_TIME_adj(s, t, offset_day, offset_sec);
1983
+ }
1984
+
1985
+ /* Make a delta CRL as the diff between two full CRLs */
1986
+
1987
+ X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
1988
+ EVP_PKEY *skey, const EVP_MD *md, unsigned int flags)
1989
+ {
1990
+ X509_CRL *crl = NULL;
1991
+ int i;
1992
+ size_t j;
1993
+ STACK_OF(X509_REVOKED) *revs = NULL;
1994
+ /* CRLs can't be delta already */
1995
+ if (base->base_crl_number || newer->base_crl_number) {
1996
+ OPENSSL_PUT_ERROR(X509, X509_R_CRL_ALREADY_DELTA);
1997
+ return NULL;
1998
+ }
1999
+ /* Base and new CRL must have a CRL number */
2000
+ if (!base->crl_number || !newer->crl_number) {
2001
+ OPENSSL_PUT_ERROR(X509, X509_R_NO_CRL_NUMBER);
2002
+ return NULL;
2003
+ }
2004
+ /* Issuer names must match */
2005
+ if (X509_NAME_cmp(X509_CRL_get_issuer(base), X509_CRL_get_issuer(newer))) {
2006
+ OPENSSL_PUT_ERROR(X509, X509_R_ISSUER_MISMATCH);
2007
+ return NULL;
2008
+ }
2009
+ /* AKID and IDP must match */
2010
+ if (!crl_extension_match(base, newer, NID_authority_key_identifier)) {
2011
+ OPENSSL_PUT_ERROR(X509, X509_R_AKID_MISMATCH);
2012
+ return NULL;
2013
+ }
2014
+ if (!crl_extension_match(base, newer, NID_issuing_distribution_point)) {
2015
+ OPENSSL_PUT_ERROR(X509, X509_R_IDP_MISMATCH);
2016
+ return NULL;
2017
+ }
2018
+ /* Newer CRL number must exceed full CRL number */
2019
+ if (ASN1_INTEGER_cmp(newer->crl_number, base->crl_number) <= 0) {
2020
+ OPENSSL_PUT_ERROR(X509, X509_R_NEWER_CRL_NOT_NEWER);
2021
+ return NULL;
2022
+ }
2023
+ /* CRLs must verify */
2024
+ if (skey && (X509_CRL_verify(base, skey) <= 0 ||
2025
+ X509_CRL_verify(newer, skey) <= 0)) {
2026
+ OPENSSL_PUT_ERROR(X509, X509_R_CRL_VERIFY_FAILURE);
2027
+ return NULL;
2028
+ }
2029
+ /* Create new CRL */
2030
+ crl = X509_CRL_new();
2031
+ if (!crl || !X509_CRL_set_version(crl, 1))
2032
+ goto memerr;
2033
+ /* Set issuer name */
2034
+ if (!X509_CRL_set_issuer_name(crl, X509_CRL_get_issuer(newer)))
2035
+ goto memerr;
2036
+
2037
+ if (!X509_CRL_set_lastUpdate(crl, X509_CRL_get_lastUpdate(newer)))
2038
+ goto memerr;
2039
+ if (!X509_CRL_set_nextUpdate(crl, X509_CRL_get_nextUpdate(newer)))
2040
+ goto memerr;
2041
+
2042
+ /* Set base CRL number: must be critical */
2043
+
2044
+ if (!X509_CRL_add1_ext_i2d(crl, NID_delta_crl, base->crl_number, 1, 0))
2045
+ goto memerr;
2046
+
2047
+ /*
2048
+ * Copy extensions across from newest CRL to delta: this will set CRL
2049
+ * number to correct value too.
2050
+ */
2051
+
2052
+ for (i = 0; i < X509_CRL_get_ext_count(newer); i++) {
2053
+ X509_EXTENSION *ext;
2054
+ ext = X509_CRL_get_ext(newer, i);
2055
+ if (!X509_CRL_add_ext(crl, ext, -1))
2056
+ goto memerr;
2057
+ }
2058
+
2059
+ /* Go through revoked entries, copying as needed */
2060
+
2061
+ revs = X509_CRL_get_REVOKED(newer);
2062
+
2063
+ for (j = 0; j < sk_X509_REVOKED_num(revs); j++) {
2064
+ X509_REVOKED *rvn, *rvtmp;
2065
+ rvn = sk_X509_REVOKED_value(revs, j);
2066
+ /*
2067
+ * Add only if not also in base. TODO: need something cleverer here
2068
+ * for some more complex CRLs covering multiple CAs.
2069
+ */
2070
+ if (!X509_CRL_get0_by_serial(base, &rvtmp, rvn->serialNumber)) {
2071
+ rvtmp = X509_REVOKED_dup(rvn);
2072
+ if (!rvtmp)
2073
+ goto memerr;
2074
+ if (!X509_CRL_add0_revoked(crl, rvtmp)) {
2075
+ X509_REVOKED_free(rvtmp);
2076
+ goto memerr;
2077
+ }
2078
+ }
2079
+ }
2080
+ /* TODO: optionally prune deleted entries */
2081
+
2082
+ if (skey && md && !X509_CRL_sign(crl, skey, md))
2083
+ goto memerr;
2084
+
2085
+ return crl;
2086
+
2087
+ memerr:
2088
+ OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
2089
+ if (crl)
2090
+ X509_CRL_free(crl);
2091
+ return NULL;
2092
+ }
2093
+
2094
+ int X509_STORE_CTX_get_ex_new_index(long argl, void *argp,
2095
+ CRYPTO_EX_unused * unused,
2096
+ CRYPTO_EX_dup *dup_unused,
2097
+ CRYPTO_EX_free *free_func)
2098
+ {
2099
+ /*
2100
+ * This function is (usually) called only once, by
2101
+ * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c).
2102
+ */
2103
+ int index;
2104
+ if (!CRYPTO_get_ex_new_index(&g_ex_data_class, &index, argl, argp,
2105
+ free_func)) {
2106
+ return -1;
2107
+ }
2108
+ return index;
2109
+ }
2110
+
2111
+ int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data)
2112
+ {
2113
+ return CRYPTO_set_ex_data(&ctx->ex_data, idx, data);
2114
+ }
2115
+
2116
+ void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx)
2117
+ {
2118
+ return CRYPTO_get_ex_data(&ctx->ex_data, idx);
2119
+ }
2120
+
2121
+ int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx)
2122
+ {
2123
+ return ctx->error;
2124
+ }
2125
+
2126
+ void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err)
2127
+ {
2128
+ ctx->error = err;
2129
+ }
2130
+
2131
+ int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx)
2132
+ {
2133
+ return ctx->error_depth;
2134
+ }
2135
+
2136
+ X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx)
2137
+ {
2138
+ return ctx->current_cert;
2139
+ }
2140
+
2141
+ STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx)
2142
+ {
2143
+ return ctx->chain;
2144
+ }
2145
+
2146
+ STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx)
2147
+ {
2148
+ if (!ctx->chain)
2149
+ return NULL;
2150
+ return X509_chain_up_ref(ctx->chain);
2151
+ }
2152
+
2153
+ X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx)
2154
+ {
2155
+ return ctx->current_issuer;
2156
+ }
2157
+
2158
+ X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx)
2159
+ {
2160
+ return ctx->current_crl;
2161
+ }
2162
+
2163
+ X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx)
2164
+ {
2165
+ return ctx->parent;
2166
+ }
2167
+
2168
+ void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x)
2169
+ {
2170
+ ctx->cert = x;
2171
+ }
2172
+
2173
+ void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
2174
+ {
2175
+ ctx->untrusted = sk;
2176
+ }
2177
+
2178
+ STACK_OF(X509) *X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx)
2179
+ {
2180
+ return ctx->untrusted;
2181
+ }
2182
+
2183
+ void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk)
2184
+ {
2185
+ ctx->crls = sk;
2186
+ }
2187
+
2188
+ int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose)
2189
+ {
2190
+ return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0);
2191
+ }
2192
+
2193
+ int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust)
2194
+ {
2195
+ return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust);
2196
+ }
2197
+
2198
+ /*
2199
+ * This function is used to set the X509_STORE_CTX purpose and trust values.
2200
+ * This is intended to be used when another structure has its own trust and
2201
+ * purpose values which (if set) will be inherited by the ctx. If they aren't
2202
+ * set then we will usually have a default purpose in mind which should then
2203
+ * be used to set the trust value. An example of this is SSL use: an SSL
2204
+ * structure will have its own purpose and trust settings which the
2205
+ * application can set: if they aren't set then we use the default of SSL
2206
+ * client/server.
2207
+ */
2208
+
2209
+ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
2210
+ int purpose, int trust)
2211
+ {
2212
+ int idx;
2213
+ /* If purpose not set use default */
2214
+ if (!purpose)
2215
+ purpose = def_purpose;
2216
+ /* If we have a purpose then check it is valid */
2217
+ if (purpose) {
2218
+ X509_PURPOSE *ptmp;
2219
+ idx = X509_PURPOSE_get_by_id(purpose);
2220
+ if (idx == -1) {
2221
+ OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_PURPOSE_ID);
2222
+ return 0;
2223
+ }
2224
+ ptmp = X509_PURPOSE_get0(idx);
2225
+ if (ptmp->trust == X509_TRUST_DEFAULT) {
2226
+ idx = X509_PURPOSE_get_by_id(def_purpose);
2227
+ if (idx == -1) {
2228
+ OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_PURPOSE_ID);
2229
+ return 0;
2230
+ }
2231
+ ptmp = X509_PURPOSE_get0(idx);
2232
+ }
2233
+ /* If trust not set then get from purpose default */
2234
+ if (!trust)
2235
+ trust = ptmp->trust;
2236
+ }
2237
+ if (trust) {
2238
+ idx = X509_TRUST_get_by_id(trust);
2239
+ if (idx == -1) {
2240
+ OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_TRUST_ID);
2241
+ return 0;
2242
+ }
2243
+ }
2244
+
2245
+ if (purpose && !ctx->param->purpose)
2246
+ ctx->param->purpose = purpose;
2247
+ if (trust && !ctx->param->trust)
2248
+ ctx->param->trust = trust;
2249
+ return 1;
2250
+ }
2251
+
2252
+ X509_STORE_CTX *X509_STORE_CTX_new(void)
2253
+ {
2254
+ X509_STORE_CTX *ctx;
2255
+ ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX));
2256
+ if (!ctx) {
2257
+ OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
2258
+ return NULL;
2259
+ }
2260
+ X509_STORE_CTX_zero(ctx);
2261
+ return ctx;
2262
+ }
2263
+
2264
+ void X509_STORE_CTX_zero(X509_STORE_CTX *ctx)
2265
+ {
2266
+ OPENSSL_memset(ctx, 0, sizeof(X509_STORE_CTX));
2267
+ }
2268
+
2269
+ void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
2270
+ {
2271
+ if (ctx == NULL) {
2272
+ return;
2273
+ }
2274
+ X509_STORE_CTX_cleanup(ctx);
2275
+ OPENSSL_free(ctx);
2276
+ }
2277
+
2278
+ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
2279
+ STACK_OF(X509) *chain)
2280
+ {
2281
+ int ret = 1;
2282
+
2283
+ X509_STORE_CTX_zero(ctx);
2284
+ ctx->ctx = store;
2285
+ ctx->cert = x509;
2286
+ ctx->untrusted = chain;
2287
+
2288
+ CRYPTO_new_ex_data(&ctx->ex_data);
2289
+
2290
+ ctx->param = X509_VERIFY_PARAM_new();
2291
+ if (!ctx->param)
2292
+ goto err;
2293
+
2294
+ /*
2295
+ * Inherit callbacks and flags from X509_STORE if not set use defaults.
2296
+ */
2297
+
2298
+ if (store)
2299
+ ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param);
2300
+ else
2301
+ ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT | X509_VP_FLAG_ONCE;
2302
+
2303
+ if (store) {
2304
+ ctx->verify_cb = store->verify_cb;
2305
+ ctx->cleanup = store->cleanup;
2306
+ } else
2307
+ ctx->cleanup = 0;
2308
+
2309
+ if (ret)
2310
+ ret = X509_VERIFY_PARAM_inherit(ctx->param,
2311
+ X509_VERIFY_PARAM_lookup("default"));
2312
+
2313
+ if (ret == 0)
2314
+ goto err;
2315
+
2316
+ if (store && store->check_issued)
2317
+ ctx->check_issued = store->check_issued;
2318
+ else
2319
+ ctx->check_issued = check_issued;
2320
+
2321
+ if (store && store->get_issuer)
2322
+ ctx->get_issuer = store->get_issuer;
2323
+ else
2324
+ ctx->get_issuer = X509_STORE_CTX_get1_issuer;
2325
+
2326
+ if (store && store->verify_cb)
2327
+ ctx->verify_cb = store->verify_cb;
2328
+ else
2329
+ ctx->verify_cb = null_callback;
2330
+
2331
+ if (store && store->verify)
2332
+ ctx->verify = store->verify;
2333
+ else
2334
+ ctx->verify = internal_verify;
2335
+
2336
+ if (store && store->check_revocation)
2337
+ ctx->check_revocation = store->check_revocation;
2338
+ else
2339
+ ctx->check_revocation = check_revocation;
2340
+
2341
+ if (store && store->get_crl)
2342
+ ctx->get_crl = store->get_crl;
2343
+ else
2344
+ ctx->get_crl = NULL;
2345
+
2346
+ if (store && store->check_crl)
2347
+ ctx->check_crl = store->check_crl;
2348
+ else
2349
+ ctx->check_crl = check_crl;
2350
+
2351
+ if (store && store->cert_crl)
2352
+ ctx->cert_crl = store->cert_crl;
2353
+ else
2354
+ ctx->cert_crl = cert_crl;
2355
+
2356
+ if (store && store->lookup_certs)
2357
+ ctx->lookup_certs = store->lookup_certs;
2358
+ else
2359
+ ctx->lookup_certs = X509_STORE_get1_certs;
2360
+
2361
+ if (store && store->lookup_crls)
2362
+ ctx->lookup_crls = store->lookup_crls;
2363
+ else
2364
+ ctx->lookup_crls = X509_STORE_get1_crls;
2365
+
2366
+ ctx->check_policy = check_policy;
2367
+
2368
+ return 1;
2369
+
2370
+ err:
2371
+ CRYPTO_free_ex_data(&g_ex_data_class, ctx, &ctx->ex_data);
2372
+ if (ctx->param != NULL) {
2373
+ X509_VERIFY_PARAM_free(ctx->param);
2374
+ }
2375
+
2376
+ OPENSSL_memset(ctx, 0, sizeof(X509_STORE_CTX));
2377
+ OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
2378
+ return 0;
2379
+ }
2380
+
2381
+ /*
2382
+ * Set alternative lookup method: just a STACK of trusted certificates. This
2383
+ * avoids X509_STORE nastiness where it isn't needed.
2384
+ */
2385
+
2386
+ void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
2387
+ {
2388
+ ctx->other_ctx = sk;
2389
+ ctx->get_issuer = get_issuer_sk;
2390
+ }
2391
+
2392
+ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
2393
+ {
2394
+ /* We need to be idempotent because, unfortunately, |X509_STORE_CTX_free|
2395
+ * also calls this function. */
2396
+ if (ctx->cleanup != NULL) {
2397
+ ctx->cleanup(ctx);
2398
+ ctx->cleanup = NULL;
2399
+ }
2400
+ if (ctx->param != NULL) {
2401
+ if (ctx->parent == NULL)
2402
+ X509_VERIFY_PARAM_free(ctx->param);
2403
+ ctx->param = NULL;
2404
+ }
2405
+ if (ctx->tree != NULL) {
2406
+ X509_policy_tree_free(ctx->tree);
2407
+ ctx->tree = NULL;
2408
+ }
2409
+ if (ctx->chain != NULL) {
2410
+ sk_X509_pop_free(ctx->chain, X509_free);
2411
+ ctx->chain = NULL;
2412
+ }
2413
+ CRYPTO_free_ex_data(&g_ex_data_class, ctx, &(ctx->ex_data));
2414
+ OPENSSL_memset(&ctx->ex_data, 0, sizeof(CRYPTO_EX_DATA));
2415
+ }
2416
+
2417
+ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth)
2418
+ {
2419
+ X509_VERIFY_PARAM_set_depth(ctx->param, depth);
2420
+ }
2421
+
2422
+ void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags)
2423
+ {
2424
+ X509_VERIFY_PARAM_set_flags(ctx->param, flags);
2425
+ }
2426
+
2427
+ void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
2428
+ time_t t)
2429
+ {
2430
+ X509_VERIFY_PARAM_set_time(ctx->param, t);
2431
+ }
2432
+
2433
+ void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
2434
+ int (*verify_cb) (int, X509_STORE_CTX *))
2435
+ {
2436
+ ctx->verify_cb = verify_cb;
2437
+ }
2438
+
2439
+ X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx)
2440
+ {
2441
+ return ctx->tree;
2442
+ }
2443
+
2444
+ int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx)
2445
+ {
2446
+ return ctx->explicit_policy;
2447
+ }
2448
+
2449
+ int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name)
2450
+ {
2451
+ const X509_VERIFY_PARAM *param;
2452
+ param = X509_VERIFY_PARAM_lookup(name);
2453
+ if (!param)
2454
+ return 0;
2455
+ return X509_VERIFY_PARAM_inherit(ctx->param, param);
2456
+ }
2457
+
2458
+ X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx)
2459
+ {
2460
+ return ctx->param;
2461
+ }
2462
+
2463
+ void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param)
2464
+ {
2465
+ if (ctx->param)
2466
+ X509_VERIFY_PARAM_free(ctx->param);
2467
+ ctx->param = param;
2468
+ }
2469
+
2470
+ IMPLEMENT_ASN1_SET_OF(X509)
2471
+
2472
+ IMPLEMENT_ASN1_SET_OF(X509_ATTRIBUTE)