grpc-flamingo 1.11.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (1318) hide show
  1. checksums.yaml +7 -0
  2. data/.yardopts +1 -0
  3. data/Makefile +23896 -0
  4. data/etc/roots.pem +4475 -0
  5. data/include/grpc/byte_buffer.h +27 -0
  6. data/include/grpc/byte_buffer_reader.h +26 -0
  7. data/include/grpc/census.h +40 -0
  8. data/include/grpc/compression.h +75 -0
  9. data/include/grpc/fork.h +26 -0
  10. data/include/grpc/grpc.h +469 -0
  11. data/include/grpc/grpc_cronet.h +38 -0
  12. data/include/grpc/grpc_posix.h +67 -0
  13. data/include/grpc/grpc_security.h +495 -0
  14. data/include/grpc/grpc_security_constants.h +107 -0
  15. data/include/grpc/impl/codegen/atm.h +95 -0
  16. data/include/grpc/impl/codegen/atm_gcc_atomic.h +91 -0
  17. data/include/grpc/impl/codegen/atm_gcc_sync.h +83 -0
  18. data/include/grpc/impl/codegen/atm_windows.h +126 -0
  19. data/include/grpc/impl/codegen/byte_buffer.h +88 -0
  20. data/include/grpc/impl/codegen/byte_buffer_reader.h +42 -0
  21. data/include/grpc/impl/codegen/compression_types.h +107 -0
  22. data/include/grpc/impl/codegen/connectivity_state.h +44 -0
  23. data/include/grpc/impl/codegen/fork.h +48 -0
  24. data/include/grpc/impl/codegen/gpr_slice.h +69 -0
  25. data/include/grpc/impl/codegen/gpr_types.h +59 -0
  26. data/include/grpc/impl/codegen/grpc_types.h +669 -0
  27. data/include/grpc/impl/codegen/port_platform.h +507 -0
  28. data/include/grpc/impl/codegen/propagation_bits.h +52 -0
  29. data/include/grpc/impl/codegen/slice.h +147 -0
  30. data/include/grpc/impl/codegen/status.h +153 -0
  31. data/include/grpc/impl/codegen/sync.h +63 -0
  32. data/include/grpc/impl/codegen/sync_custom.h +38 -0
  33. data/include/grpc/impl/codegen/sync_generic.h +48 -0
  34. data/include/grpc/impl/codegen/sync_posix.h +34 -0
  35. data/include/grpc/impl/codegen/sync_windows.h +36 -0
  36. data/include/grpc/load_reporting.h +48 -0
  37. data/include/grpc/module.modulemap +74 -0
  38. data/include/grpc/slice.h +172 -0
  39. data/include/grpc/slice_buffer.h +84 -0
  40. data/include/grpc/status.h +26 -0
  41. data/include/grpc/support/alloc.h +68 -0
  42. data/include/grpc/support/atm.h +26 -0
  43. data/include/grpc/support/atm_gcc_atomic.h +26 -0
  44. data/include/grpc/support/atm_gcc_sync.h +26 -0
  45. data/include/grpc/support/atm_windows.h +26 -0
  46. data/include/grpc/support/cpu.h +44 -0
  47. data/include/grpc/support/log.h +104 -0
  48. data/include/grpc/support/log_windows.h +38 -0
  49. data/include/grpc/support/port_platform.h +24 -0
  50. data/include/grpc/support/string_util.h +49 -0
  51. data/include/grpc/support/sync.h +298 -0
  52. data/include/grpc/support/sync_custom.h +26 -0
  53. data/include/grpc/support/sync_generic.h +26 -0
  54. data/include/grpc/support/sync_posix.h +26 -0
  55. data/include/grpc/support/sync_windows.h +26 -0
  56. data/include/grpc/support/thd_id.h +44 -0
  57. data/include/grpc/support/time.h +92 -0
  58. data/include/grpc/support/workaround_list.h +31 -0
  59. data/src/boringssl/err_data.c +1348 -0
  60. data/src/core/ext/census/grpc_context.cc +38 -0
  61. data/src/core/ext/filters/client_channel/backup_poller.cc +174 -0
  62. data/src/core/ext/filters/client_channel/backup_poller.h +35 -0
  63. data/src/core/ext/filters/client_channel/channel_connectivity.cc +248 -0
  64. data/src/core/ext/filters/client_channel/client_channel.cc +3209 -0
  65. data/src/core/ext/filters/client_channel/client_channel.h +57 -0
  66. data/src/core/ext/filters/client_channel/client_channel_factory.cc +67 -0
  67. data/src/core/ext/filters/client_channel/client_channel_factory.h +74 -0
  68. data/src/core/ext/filters/client_channel/client_channel_plugin.cc +62 -0
  69. data/src/core/ext/filters/client_channel/connector.cc +41 -0
  70. data/src/core/ext/filters/client_channel/connector.h +73 -0
  71. data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +370 -0
  72. data/src/core/ext/filters/client_channel/http_connect_handshaker.h +34 -0
  73. data/src/core/ext/filters/client_channel/http_proxy.cc +195 -0
  74. data/src/core/ext/filters/client_channel/http_proxy.h +24 -0
  75. data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +138 -0
  76. data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.h +29 -0
  77. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +1906 -0
  78. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +36 -0
  79. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +108 -0
  80. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +152 -0
  81. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +67 -0
  82. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +304 -0
  83. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +88 -0
  84. data/src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.c +102 -0
  85. data/src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.h +190 -0
  86. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +591 -0
  87. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +687 -0
  88. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.cc +253 -0
  89. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +136 -0
  90. data/src/core/ext/filters/client_channel/lb_policy.cc +59 -0
  91. data/src/core/ext/filters/client_channel/lb_policy.h +201 -0
  92. data/src/core/ext/filters/client_channel/lb_policy_factory.cc +155 -0
  93. data/src/core/ext/filters/client_channel/lb_policy_factory.h +127 -0
  94. data/src/core/ext/filters/client_channel/lb_policy_registry.cc +97 -0
  95. data/src/core/ext/filters/client_channel/lb_policy_registry.h +54 -0
  96. data/src/core/ext/filters/client_channel/method_params.cc +178 -0
  97. data/src/core/ext/filters/client_channel/method_params.h +74 -0
  98. data/src/core/ext/filters/client_channel/parse_address.cc +192 -0
  99. data/src/core/ext/filters/client_channel/parse_address.h +50 -0
  100. data/src/core/ext/filters/client_channel/proxy_mapper.cc +48 -0
  101. data/src/core/ext/filters/client_channel/proxy_mapper.h +74 -0
  102. data/src/core/ext/filters/client_channel/proxy_mapper_registry.cc +122 -0
  103. data/src/core/ext/filters/client_channel/proxy_mapper_registry.h +44 -0
  104. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +493 -0
  105. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +53 -0
  106. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +351 -0
  107. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +593 -0
  108. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +74 -0
  109. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +59 -0
  110. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +340 -0
  111. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +297 -0
  112. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +83 -0
  113. data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +214 -0
  114. data/src/core/ext/filters/client_channel/resolver.cc +35 -0
  115. data/src/core/ext/filters/client_channel/resolver.h +134 -0
  116. data/src/core/ext/filters/client_channel/resolver_factory.h +71 -0
  117. data/src/core/ext/filters/client_channel/resolver_registry.cc +178 -0
  118. data/src/core/ext/filters/client_channel/resolver_registry.h +83 -0
  119. data/src/core/ext/filters/client_channel/retry_throttle.cc +191 -0
  120. data/src/core/ext/filters/client_channel/retry_throttle.h +77 -0
  121. data/src/core/ext/filters/client_channel/subchannel.cc +815 -0
  122. data/src/core/ext/filters/client_channel/subchannel.h +183 -0
  123. data/src/core/ext/filters/client_channel/subchannel_index.cc +254 -0
  124. data/src/core/ext/filters/client_channel/subchannel_index.h +79 -0
  125. data/src/core/ext/filters/client_channel/uri_parser.cc +314 -0
  126. data/src/core/ext/filters/client_channel/uri_parser.h +50 -0
  127. data/src/core/ext/filters/deadline/deadline_filter.cc +386 -0
  128. data/src/core/ext/filters/deadline/deadline_filter.h +93 -0
  129. data/src/core/ext/filters/http/client/http_client_filter.cc +558 -0
  130. data/src/core/ext/filters/http/client/http_client_filter.h +31 -0
  131. data/src/core/ext/filters/http/client_authority_filter.cc +156 -0
  132. data/src/core/ext/filters/http/client_authority_filter.h +34 -0
  133. data/src/core/ext/filters/http/http_filters_plugin.cc +89 -0
  134. data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +499 -0
  135. data/src/core/ext/filters/http/message_compress/message_compress_filter.h +53 -0
  136. data/src/core/ext/filters/http/server/http_server_filter.cc +434 -0
  137. data/src/core/ext/filters/http/server/http_server_filter.h +29 -0
  138. data/src/core/ext/filters/load_reporting/server_load_reporting_filter.cc +222 -0
  139. data/src/core/ext/filters/load_reporting/server_load_reporting_filter.h +30 -0
  140. data/src/core/ext/filters/load_reporting/server_load_reporting_plugin.cc +71 -0
  141. data/src/core/ext/filters/load_reporting/server_load_reporting_plugin.h +61 -0
  142. data/src/core/ext/filters/max_age/max_age_filter.cc +543 -0
  143. data/src/core/ext/filters/max_age/max_age_filter.h +26 -0
  144. data/src/core/ext/filters/message_size/message_size_filter.cc +324 -0
  145. data/src/core/ext/filters/message_size/message_size_filter.h +26 -0
  146. data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +208 -0
  147. data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.h +27 -0
  148. data/src/core/ext/filters/workarounds/workaround_utils.cc +53 -0
  149. data/src/core/ext/filters/workarounds/workaround_utils.h +39 -0
  150. data/src/core/ext/transport/chttp2/alpn/alpn.cc +44 -0
  151. data/src/core/ext/transport/chttp2/alpn/alpn.h +36 -0
  152. data/src/core/ext/transport/chttp2/client/authority.cc +42 -0
  153. data/src/core/ext/transport/chttp2/client/authority.h +36 -0
  154. data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +229 -0
  155. data/src/core/ext/transport/chttp2/client/chttp2_connector.h +28 -0
  156. data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +110 -0
  157. data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +79 -0
  158. data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +230 -0
  159. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +353 -0
  160. data/src/core/ext/transport/chttp2/server/chttp2_server.h +33 -0
  161. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +45 -0
  162. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +74 -0
  163. data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +89 -0
  164. data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +249 -0
  165. data/src/core/ext/transport/chttp2/transport/bin_decoder.h +56 -0
  166. data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +231 -0
  167. data/src/core/ext/transport/chttp2/transport/bin_encoder.h +41 -0
  168. data/src/core/ext/transport/chttp2/transport/chttp2_plugin.cc +35 -0
  169. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +3102 -0
  170. data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +45 -0
  171. data/src/core/ext/transport/chttp2/transport/flow_control.cc +405 -0
  172. data/src/core/ext/transport/chttp2/transport/flow_control.h +482 -0
  173. data/src/core/ext/transport/chttp2/transport/frame.h +47 -0
  174. data/src/core/ext/transport/chttp2/transport/frame_data.cc +314 -0
  175. data/src/core/ext/transport/chttp2/transport/frame_data.h +84 -0
  176. data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +186 -0
  177. data/src/core/ext/transport/chttp2/transport/frame_goaway.h +62 -0
  178. data/src/core/ext/transport/chttp2/transport/frame_ping.cc +131 -0
  179. data/src/core/ext/transport/chttp2/transport/frame_ping.h +45 -0
  180. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +112 -0
  181. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +43 -0
  182. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +238 -0
  183. data/src/core/ext/transport/chttp2/transport/frame_settings.h +60 -0
  184. data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +122 -0
  185. data/src/core/ext/transport/chttp2/transport/frame_window_update.h +45 -0
  186. data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +699 -0
  187. data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +95 -0
  188. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +1680 -0
  189. data/src/core/ext/transport/chttp2/transport/hpack_parser.h +109 -0
  190. data/src/core/ext/transport/chttp2/transport/hpack_table.cc +368 -0
  191. data/src/core/ext/transport/chttp2/transport/hpack_table.h +95 -0
  192. data/src/core/ext/transport/chttp2/transport/http2_settings.cc +62 -0
  193. data/src/core/ext/transport/chttp2/transport/http2_settings.h +62 -0
  194. data/src/core/ext/transport/chttp2/transport/huffsyms.cc +92 -0
  195. data/src/core/ext/transport/chttp2/transport/huffsyms.h +33 -0
  196. data/src/core/ext/transport/chttp2/transport/incoming_metadata.cc +73 -0
  197. data/src/core/ext/transport/chttp2/transport/incoming_metadata.h +49 -0
  198. data/src/core/ext/transport/chttp2/transport/internal.h +799 -0
  199. data/src/core/ext/transport/chttp2/transport/parsing.cc +745 -0
  200. data/src/core/ext/transport/chttp2/transport/stream_lists.cc +216 -0
  201. data/src/core/ext/transport/chttp2/transport/stream_map.cc +167 -0
  202. data/src/core/ext/transport/chttp2/transport/stream_map.h +68 -0
  203. data/src/core/ext/transport/chttp2/transport/varint.cc +56 -0
  204. data/src/core/ext/transport/chttp2/transport/varint.h +60 -0
  205. data/src/core/ext/transport/chttp2/transport/writing.cc +641 -0
  206. data/src/core/ext/transport/inproc/inproc_plugin.cc +28 -0
  207. data/src/core/ext/transport/inproc/inproc_transport.cc +1240 -0
  208. data/src/core/ext/transport/inproc/inproc_transport.h +35 -0
  209. data/src/core/lib/avl/avl.cc +306 -0
  210. data/src/core/lib/avl/avl.h +94 -0
  211. data/src/core/lib/backoff/backoff.cc +78 -0
  212. data/src/core/lib/backoff/backoff.h +89 -0
  213. data/src/core/lib/channel/channel_args.cc +413 -0
  214. data/src/core/lib/channel/channel_args.h +127 -0
  215. data/src/core/lib/channel/channel_stack.cc +258 -0
  216. data/src/core/lib/channel/channel_stack.h +280 -0
  217. data/src/core/lib/channel/channel_stack_builder.cc +314 -0
  218. data/src/core/lib/channel/channel_stack_builder.h +160 -0
  219. data/src/core/lib/channel/channel_trace.cc +239 -0
  220. data/src/core/lib/channel/channel_trace.h +133 -0
  221. data/src/core/lib/channel/channel_trace_registry.cc +80 -0
  222. data/src/core/lib/channel/channel_trace_registry.h +43 -0
  223. data/src/core/lib/channel/connected_channel.cc +236 -0
  224. data/src/core/lib/channel/connected_channel.h +34 -0
  225. data/src/core/lib/channel/context.h +49 -0
  226. data/src/core/lib/channel/handshaker.cc +259 -0
  227. data/src/core/lib/channel/handshaker.h +166 -0
  228. data/src/core/lib/channel/handshaker_factory.cc +41 -0
  229. data/src/core/lib/channel/handshaker_factory.h +50 -0
  230. data/src/core/lib/channel/handshaker_registry.cc +97 -0
  231. data/src/core/lib/channel/handshaker_registry.h +48 -0
  232. data/src/core/lib/channel/status_util.cc +100 -0
  233. data/src/core/lib/channel/status_util.h +58 -0
  234. data/src/core/lib/compression/algorithm_metadata.h +61 -0
  235. data/src/core/lib/compression/compression.cc +174 -0
  236. data/src/core/lib/compression/compression_internal.cc +276 -0
  237. data/src/core/lib/compression/compression_internal.h +88 -0
  238. data/src/core/lib/compression/message_compress.cc +187 -0
  239. data/src/core/lib/compression/message_compress.h +40 -0
  240. data/src/core/lib/compression/stream_compression.cc +79 -0
  241. data/src/core/lib/compression/stream_compression.h +116 -0
  242. data/src/core/lib/compression/stream_compression_gzip.cc +230 -0
  243. data/src/core/lib/compression/stream_compression_gzip.h +28 -0
  244. data/src/core/lib/compression/stream_compression_identity.cc +94 -0
  245. data/src/core/lib/compression/stream_compression_identity.h +29 -0
  246. data/src/core/lib/debug/stats.cc +178 -0
  247. data/src/core/lib/debug/stats.h +61 -0
  248. data/src/core/lib/debug/stats_data.cc +682 -0
  249. data/src/core/lib/debug/stats_data.h +435 -0
  250. data/src/core/lib/debug/trace.cc +144 -0
  251. data/src/core/lib/debug/trace.h +104 -0
  252. data/src/core/lib/gpr/alloc.cc +99 -0
  253. data/src/core/lib/gpr/arena.cc +152 -0
  254. data/src/core/lib/gpr/arena.h +41 -0
  255. data/src/core/lib/gpr/atm.cc +35 -0
  256. data/src/core/lib/gpr/cpu_iphone.cc +36 -0
  257. data/src/core/lib/gpr/cpu_linux.cc +82 -0
  258. data/src/core/lib/gpr/cpu_posix.cc +81 -0
  259. data/src/core/lib/gpr/cpu_windows.cc +33 -0
  260. data/src/core/lib/gpr/env.h +43 -0
  261. data/src/core/lib/gpr/env_linux.cc +82 -0
  262. data/src/core/lib/gpr/env_posix.cc +47 -0
  263. data/src/core/lib/gpr/env_windows.cc +72 -0
  264. data/src/core/lib/gpr/fork.cc +78 -0
  265. data/src/core/lib/gpr/fork.h +35 -0
  266. data/src/core/lib/gpr/host_port.cc +98 -0
  267. data/src/core/lib/gpr/host_port.h +43 -0
  268. data/src/core/lib/gpr/log.cc +96 -0
  269. data/src/core/lib/gpr/log_android.cc +72 -0
  270. data/src/core/lib/gpr/log_linux.cc +93 -0
  271. data/src/core/lib/gpr/log_posix.cc +90 -0
  272. data/src/core/lib/gpr/log_windows.cc +97 -0
  273. data/src/core/lib/gpr/mpscq.cc +117 -0
  274. data/src/core/lib/gpr/mpscq.h +86 -0
  275. data/src/core/lib/gpr/murmur_hash.cc +80 -0
  276. data/src/core/lib/gpr/murmur_hash.h +29 -0
  277. data/src/core/lib/gpr/spinlock.h +46 -0
  278. data/src/core/lib/gpr/string.cc +319 -0
  279. data/src/core/lib/gpr/string.h +109 -0
  280. data/src/core/lib/gpr/string_posix.cc +72 -0
  281. data/src/core/lib/gpr/string_util_windows.cc +82 -0
  282. data/src/core/lib/gpr/string_windows.cc +69 -0
  283. data/src/core/lib/gpr/string_windows.h +32 -0
  284. data/src/core/lib/gpr/sync.cc +124 -0
  285. data/src/core/lib/gpr/sync_posix.cc +107 -0
  286. data/src/core/lib/gpr/sync_windows.cc +118 -0
  287. data/src/core/lib/gpr/time.cc +251 -0
  288. data/src/core/lib/gpr/time_posix.cc +167 -0
  289. data/src/core/lib/gpr/time_precise.cc +78 -0
  290. data/src/core/lib/gpr/time_precise.h +29 -0
  291. data/src/core/lib/gpr/time_windows.cc +98 -0
  292. data/src/core/lib/gpr/tls.h +68 -0
  293. data/src/core/lib/gpr/tls_gcc.h +52 -0
  294. data/src/core/lib/gpr/tls_msvc.h +52 -0
  295. data/src/core/lib/gpr/tls_pthread.cc +30 -0
  296. data/src/core/lib/gpr/tls_pthread.h +56 -0
  297. data/src/core/lib/gpr/tmpfile.h +32 -0
  298. data/src/core/lib/gpr/tmpfile_msys.cc +58 -0
  299. data/src/core/lib/gpr/tmpfile_posix.cc +70 -0
  300. data/src/core/lib/gpr/tmpfile_windows.cc +69 -0
  301. data/src/core/lib/gpr/useful.h +65 -0
  302. data/src/core/lib/gpr/wrap_memcpy.cc +42 -0
  303. data/src/core/lib/gprpp/abstract.h +34 -0
  304. data/src/core/lib/gprpp/atomic.h +30 -0
  305. data/src/core/lib/gprpp/atomic_with_atm.h +57 -0
  306. data/src/core/lib/gprpp/atomic_with_std.h +35 -0
  307. data/src/core/lib/gprpp/debug_location.h +52 -0
  308. data/src/core/lib/gprpp/inlined_vector.h +136 -0
  309. data/src/core/lib/gprpp/manual_constructor.h +213 -0
  310. data/src/core/lib/gprpp/memory.h +111 -0
  311. data/src/core/lib/gprpp/orphanable.h +199 -0
  312. data/src/core/lib/gprpp/ref_counted.h +169 -0
  313. data/src/core/lib/gprpp/ref_counted_ptr.h +112 -0
  314. data/src/core/lib/gprpp/thd.h +135 -0
  315. data/src/core/lib/gprpp/thd_posix.cc +209 -0
  316. data/src/core/lib/gprpp/thd_windows.cc +162 -0
  317. data/src/core/lib/http/format_request.cc +122 -0
  318. data/src/core/lib/http/format_request.h +34 -0
  319. data/src/core/lib/http/httpcli.cc +303 -0
  320. data/src/core/lib/http/httpcli.h +127 -0
  321. data/src/core/lib/http/httpcli_security_connector.cc +202 -0
  322. data/src/core/lib/http/parser.cc +371 -0
  323. data/src/core/lib/http/parser.h +113 -0
  324. data/src/core/lib/iomgr/block_annotate.h +57 -0
  325. data/src/core/lib/iomgr/call_combiner.cc +212 -0
  326. data/src/core/lib/iomgr/call_combiner.h +112 -0
  327. data/src/core/lib/iomgr/closure.h +351 -0
  328. data/src/core/lib/iomgr/combiner.cc +358 -0
  329. data/src/core/lib/iomgr/combiner.h +66 -0
  330. data/src/core/lib/iomgr/endpoint.cc +63 -0
  331. data/src/core/lib/iomgr/endpoint.h +98 -0
  332. data/src/core/lib/iomgr/endpoint_pair.h +34 -0
  333. data/src/core/lib/iomgr/endpoint_pair_posix.cc +73 -0
  334. data/src/core/lib/iomgr/endpoint_pair_uv.cc +40 -0
  335. data/src/core/lib/iomgr/endpoint_pair_windows.cc +87 -0
  336. data/src/core/lib/iomgr/error.cc +793 -0
  337. data/src/core/lib/iomgr/error.h +207 -0
  338. data/src/core/lib/iomgr/error_internal.h +63 -0
  339. data/src/core/lib/iomgr/ev_epoll1_linux.cc +1248 -0
  340. data/src/core/lib/iomgr/ev_epoll1_linux.h +31 -0
  341. data/src/core/lib/iomgr/ev_epollex_linux.cc +1494 -0
  342. data/src/core/lib/iomgr/ev_epollex_linux.h +30 -0
  343. data/src/core/lib/iomgr/ev_epollsig_linux.cc +1735 -0
  344. data/src/core/lib/iomgr/ev_epollsig_linux.h +35 -0
  345. data/src/core/lib/iomgr/ev_poll_posix.cc +1758 -0
  346. data/src/core/lib/iomgr/ev_poll_posix.h +29 -0
  347. data/src/core/lib/iomgr/ev_posix.cc +330 -0
  348. data/src/core/lib/iomgr/ev_posix.h +145 -0
  349. data/src/core/lib/iomgr/ev_windows.cc +30 -0
  350. data/src/core/lib/iomgr/exec_ctx.cc +147 -0
  351. data/src/core/lib/iomgr/exec_ctx.h +210 -0
  352. data/src/core/lib/iomgr/executor.cc +301 -0
  353. data/src/core/lib/iomgr/executor.h +50 -0
  354. data/src/core/lib/iomgr/fork_posix.cc +89 -0
  355. data/src/core/lib/iomgr/fork_windows.cc +41 -0
  356. data/src/core/lib/iomgr/gethostname.h +26 -0
  357. data/src/core/lib/iomgr/gethostname_fallback.cc +30 -0
  358. data/src/core/lib/iomgr/gethostname_host_name_max.cc +40 -0
  359. data/src/core/lib/iomgr/gethostname_sysconf.cc +40 -0
  360. data/src/core/lib/iomgr/iocp_windows.cc +152 -0
  361. data/src/core/lib/iomgr/iocp_windows.h +48 -0
  362. data/src/core/lib/iomgr/iomgr.cc +178 -0
  363. data/src/core/lib/iomgr/iomgr.h +36 -0
  364. data/src/core/lib/iomgr/iomgr_custom.cc +63 -0
  365. data/src/core/lib/iomgr/iomgr_custom.h +47 -0
  366. data/src/core/lib/iomgr/iomgr_internal.cc +43 -0
  367. data/src/core/lib/iomgr/iomgr_internal.h +57 -0
  368. data/src/core/lib/iomgr/iomgr_posix.cc +67 -0
  369. data/src/core/lib/iomgr/iomgr_posix.h +26 -0
  370. data/src/core/lib/iomgr/iomgr_uv.cc +40 -0
  371. data/src/core/lib/iomgr/iomgr_windows.cc +87 -0
  372. data/src/core/lib/iomgr/is_epollexclusive_available.cc +104 -0
  373. data/src/core/lib/iomgr/is_epollexclusive_available.h +36 -0
  374. data/src/core/lib/iomgr/load_file.cc +80 -0
  375. data/src/core/lib/iomgr/load_file.h +35 -0
  376. data/src/core/lib/iomgr/lockfree_event.cc +250 -0
  377. data/src/core/lib/iomgr/lockfree_event.h +72 -0
  378. data/src/core/lib/iomgr/nameser.h +106 -0
  379. data/src/core/lib/iomgr/network_status_tracker.cc +36 -0
  380. data/src/core/lib/iomgr/network_status_tracker.h +32 -0
  381. data/src/core/lib/iomgr/polling_entity.cc +87 -0
  382. data/src/core/lib/iomgr/polling_entity.h +68 -0
  383. data/src/core/lib/iomgr/pollset.cc +56 -0
  384. data/src/core/lib/iomgr/pollset.h +99 -0
  385. data/src/core/lib/iomgr/pollset_custom.cc +106 -0
  386. data/src/core/lib/iomgr/pollset_custom.h +35 -0
  387. data/src/core/lib/iomgr/pollset_set.cc +55 -0
  388. data/src/core/lib/iomgr/pollset_set.h +55 -0
  389. data/src/core/lib/iomgr/pollset_set_custom.cc +48 -0
  390. data/src/core/lib/iomgr/pollset_set_custom.h +26 -0
  391. data/src/core/lib/iomgr/pollset_set_windows.cc +51 -0
  392. data/src/core/lib/iomgr/pollset_set_windows.h +26 -0
  393. data/src/core/lib/iomgr/pollset_uv.cc +93 -0
  394. data/src/core/lib/iomgr/pollset_windows.cc +229 -0
  395. data/src/core/lib/iomgr/pollset_windows.h +70 -0
  396. data/src/core/lib/iomgr/port.h +147 -0
  397. data/src/core/lib/iomgr/resolve_address.cc +50 -0
  398. data/src/core/lib/iomgr/resolve_address.h +83 -0
  399. data/src/core/lib/iomgr/resolve_address_custom.cc +187 -0
  400. data/src/core/lib/iomgr/resolve_address_custom.h +43 -0
  401. data/src/core/lib/iomgr/resolve_address_posix.cc +180 -0
  402. data/src/core/lib/iomgr/resolve_address_windows.cc +165 -0
  403. data/src/core/lib/iomgr/resource_quota.cc +871 -0
  404. data/src/core/lib/iomgr/resource_quota.h +142 -0
  405. data/src/core/lib/iomgr/sockaddr.h +32 -0
  406. data/src/core/lib/iomgr/sockaddr_custom.h +54 -0
  407. data/src/core/lib/iomgr/sockaddr_posix.h +55 -0
  408. data/src/core/lib/iomgr/sockaddr_utils.cc +298 -0
  409. data/src/core/lib/iomgr/sockaddr_utils.h +84 -0
  410. data/src/core/lib/iomgr/sockaddr_windows.h +55 -0
  411. data/src/core/lib/iomgr/socket_factory_posix.cc +94 -0
  412. data/src/core/lib/iomgr/socket_factory_posix.h +69 -0
  413. data/src/core/lib/iomgr/socket_mutator.cc +83 -0
  414. data/src/core/lib/iomgr/socket_mutator.h +61 -0
  415. data/src/core/lib/iomgr/socket_utils.h +38 -0
  416. data/src/core/lib/iomgr/socket_utils_common_posix.cc +327 -0
  417. data/src/core/lib/iomgr/socket_utils_linux.cc +43 -0
  418. data/src/core/lib/iomgr/socket_utils_posix.cc +59 -0
  419. data/src/core/lib/iomgr/socket_utils_posix.h +134 -0
  420. data/src/core/lib/iomgr/socket_utils_uv.cc +45 -0
  421. data/src/core/lib/iomgr/socket_utils_windows.cc +43 -0
  422. data/src/core/lib/iomgr/socket_windows.cc +151 -0
  423. data/src/core/lib/iomgr/socket_windows.h +113 -0
  424. data/src/core/lib/iomgr/sys_epoll_wrapper.h +30 -0
  425. data/src/core/lib/iomgr/tcp_client.cc +36 -0
  426. data/src/core/lib/iomgr/tcp_client.h +52 -0
  427. data/src/core/lib/iomgr/tcp_client_custom.cc +151 -0
  428. data/src/core/lib/iomgr/tcp_client_posix.cc +359 -0
  429. data/src/core/lib/iomgr/tcp_client_posix.h +68 -0
  430. data/src/core/lib/iomgr/tcp_client_windows.cc +231 -0
  431. data/src/core/lib/iomgr/tcp_custom.cc +365 -0
  432. data/src/core/lib/iomgr/tcp_custom.h +81 -0
  433. data/src/core/lib/iomgr/tcp_posix.cc +814 -0
  434. data/src/core/lib/iomgr/tcp_posix.h +57 -0
  435. data/src/core/lib/iomgr/tcp_server.cc +73 -0
  436. data/src/core/lib/iomgr/tcp_server.h +122 -0
  437. data/src/core/lib/iomgr/tcp_server_custom.cc +472 -0
  438. data/src/core/lib/iomgr/tcp_server_posix.cc +582 -0
  439. data/src/core/lib/iomgr/tcp_server_utils_posix.h +122 -0
  440. data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +208 -0
  441. data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +184 -0
  442. data/src/core/lib/iomgr/tcp_server_utils_posix_noifaddrs.cc +36 -0
  443. data/src/core/lib/iomgr/tcp_server_windows.cc +559 -0
  444. data/src/core/lib/iomgr/tcp_uv.cc +417 -0
  445. data/src/core/lib/iomgr/tcp_windows.cc +455 -0
  446. data/src/core/lib/iomgr/tcp_windows.h +51 -0
  447. data/src/core/lib/iomgr/time_averaged_stats.cc +64 -0
  448. data/src/core/lib/iomgr/time_averaged_stats.h +73 -0
  449. data/src/core/lib/iomgr/timer.cc +45 -0
  450. data/src/core/lib/iomgr/timer.h +125 -0
  451. data/src/core/lib/iomgr/timer_custom.cc +93 -0
  452. data/src/core/lib/iomgr/timer_custom.h +43 -0
  453. data/src/core/lib/iomgr/timer_generic.cc +663 -0
  454. data/src/core/lib/iomgr/timer_heap.cc +135 -0
  455. data/src/core/lib/iomgr/timer_heap.h +44 -0
  456. data/src/core/lib/iomgr/timer_manager.cc +347 -0
  457. data/src/core/lib/iomgr/timer_manager.h +39 -0
  458. data/src/core/lib/iomgr/timer_uv.cc +63 -0
  459. data/src/core/lib/iomgr/udp_server.cc +692 -0
  460. data/src/core/lib/iomgr/udp_server.h +103 -0
  461. data/src/core/lib/iomgr/unix_sockets_posix.cc +104 -0
  462. data/src/core/lib/iomgr/unix_sockets_posix.h +43 -0
  463. data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +49 -0
  464. data/src/core/lib/iomgr/wakeup_fd_cv.cc +107 -0
  465. data/src/core/lib/iomgr/wakeup_fd_cv.h +69 -0
  466. data/src/core/lib/iomgr/wakeup_fd_eventfd.cc +83 -0
  467. data/src/core/lib/iomgr/wakeup_fd_nospecial.cc +38 -0
  468. data/src/core/lib/iomgr/wakeup_fd_pipe.cc +100 -0
  469. data/src/core/lib/iomgr/wakeup_fd_pipe.h +28 -0
  470. data/src/core/lib/iomgr/wakeup_fd_posix.cc +87 -0
  471. data/src/core/lib/iomgr/wakeup_fd_posix.h +96 -0
  472. data/src/core/lib/json/json.cc +86 -0
  473. data/src/core/lib/json/json.h +94 -0
  474. data/src/core/lib/json/json_common.h +34 -0
  475. data/src/core/lib/json/json_reader.cc +663 -0
  476. data/src/core/lib/json/json_reader.h +146 -0
  477. data/src/core/lib/json/json_string.cc +367 -0
  478. data/src/core/lib/json/json_writer.cc +245 -0
  479. data/src/core/lib/json/json_writer.h +84 -0
  480. data/src/core/lib/profiling/basic_timers.cc +286 -0
  481. data/src/core/lib/profiling/stap_timers.cc +50 -0
  482. data/src/core/lib/profiling/timers.h +94 -0
  483. data/src/core/lib/security/context/security_context.cc +348 -0
  484. data/src/core/lib/security/context/security_context.h +115 -0
  485. data/src/core/lib/security/credentials/alts/alts_credentials.cc +119 -0
  486. data/src/core/lib/security/credentials/alts/alts_credentials.h +102 -0
  487. data/src/core/lib/security/credentials/alts/check_gcp_environment.cc +72 -0
  488. data/src/core/lib/security/credentials/alts/check_gcp_environment.h +57 -0
  489. data/src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc +67 -0
  490. data/src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc +33 -0
  491. data/src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc +114 -0
  492. data/src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc +126 -0
  493. data/src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc +46 -0
  494. data/src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h +112 -0
  495. data/src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc +58 -0
  496. data/src/core/lib/security/credentials/composite/composite_credentials.cc +269 -0
  497. data/src/core/lib/security/credentials/composite/composite_credentials.h +59 -0
  498. data/src/core/lib/security/credentials/credentials.cc +286 -0
  499. data/src/core/lib/security/credentials/credentials.h +246 -0
  500. data/src/core/lib/security/credentials/credentials_metadata.cc +62 -0
  501. data/src/core/lib/security/credentials/fake/fake_credentials.cc +136 -0
  502. data/src/core/lib/security/credentials/fake/fake_credentials.h +64 -0
  503. data/src/core/lib/security/credentials/google_default/credentials_generic.cc +41 -0
  504. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +322 -0
  505. data/src/core/lib/security/credentials/google_default/google_default_credentials.h +45 -0
  506. data/src/core/lib/security/credentials/iam/iam_credentials.cc +86 -0
  507. data/src/core/lib/security/credentials/iam/iam_credentials.h +31 -0
  508. data/src/core/lib/security/credentials/jwt/json_token.cc +314 -0
  509. data/src/core/lib/security/credentials/jwt/json_token.h +75 -0
  510. data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +190 -0
  511. data/src/core/lib/security/credentials/jwt/jwt_credentials.h +49 -0
  512. data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +934 -0
  513. data/src/core/lib/security/credentials/jwt/jwt_verifier.h +123 -0
  514. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +532 -0
  515. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +106 -0
  516. data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +271 -0
  517. data/src/core/lib/security/credentials/plugin/plugin_credentials.h +46 -0
  518. data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +349 -0
  519. data/src/core/lib/security/credentials/ssl/ssl_credentials.h +54 -0
  520. data/src/core/lib/security/security_connector/alts_security_connector.cc +287 -0
  521. data/src/core/lib/security/security_connector/alts_security_connector.h +69 -0
  522. data/src/core/lib/security/security_connector/security_connector.cc +1200 -0
  523. data/src/core/lib/security/security_connector/security_connector.h +283 -0
  524. data/src/core/lib/security/transport/auth_filters.h +37 -0
  525. data/src/core/lib/security/transport/client_auth_filter.cc +418 -0
  526. data/src/core/lib/security/transport/secure_endpoint.cc +429 -0
  527. data/src/core/lib/security/transport/secure_endpoint.h +41 -0
  528. data/src/core/lib/security/transport/security_handshaker.cc +526 -0
  529. data/src/core/lib/security/transport/security_handshaker.h +34 -0
  530. data/src/core/lib/security/transport/server_auth_filter.cc +269 -0
  531. data/src/core/lib/security/transport/target_authority_table.cc +75 -0
  532. data/src/core/lib/security/transport/target_authority_table.h +40 -0
  533. data/src/core/lib/security/transport/tsi_error.cc +29 -0
  534. data/src/core/lib/security/transport/tsi_error.h +29 -0
  535. data/src/core/lib/security/util/json_util.cc +48 -0
  536. data/src/core/lib/security/util/json_util.h +42 -0
  537. data/src/core/lib/slice/b64.cc +240 -0
  538. data/src/core/lib/slice/b64.h +51 -0
  539. data/src/core/lib/slice/percent_encoding.cc +169 -0
  540. data/src/core/lib/slice/percent_encoding.h +65 -0
  541. data/src/core/lib/slice/slice.cc +489 -0
  542. data/src/core/lib/slice/slice_buffer.cc +359 -0
  543. data/src/core/lib/slice/slice_hash_table.h +201 -0
  544. data/src/core/lib/slice/slice_intern.cc +332 -0
  545. data/src/core/lib/slice/slice_internal.h +49 -0
  546. data/src/core/lib/slice/slice_string_helpers.cc +118 -0
  547. data/src/core/lib/slice/slice_string_helpers.h +47 -0
  548. data/src/core/lib/slice/slice_weak_hash_table.h +105 -0
  549. data/src/core/lib/surface/api_trace.cc +24 -0
  550. data/src/core/lib/surface/api_trace.h +52 -0
  551. data/src/core/lib/surface/byte_buffer.cc +92 -0
  552. data/src/core/lib/surface/byte_buffer_reader.cc +129 -0
  553. data/src/core/lib/surface/call.cc +2002 -0
  554. data/src/core/lib/surface/call.h +109 -0
  555. data/src/core/lib/surface/call_details.cc +42 -0
  556. data/src/core/lib/surface/call_log_batch.cc +120 -0
  557. data/src/core/lib/surface/call_test_only.h +43 -0
  558. data/src/core/lib/surface/channel.cc +450 -0
  559. data/src/core/lib/surface/channel.h +83 -0
  560. data/src/core/lib/surface/channel_init.cc +109 -0
  561. data/src/core/lib/surface/channel_init.h +73 -0
  562. data/src/core/lib/surface/channel_ping.cc +65 -0
  563. data/src/core/lib/surface/channel_stack_type.cc +58 -0
  564. data/src/core/lib/surface/channel_stack_type.h +47 -0
  565. data/src/core/lib/surface/completion_queue.cc +1262 -0
  566. data/src/core/lib/surface/completion_queue.h +93 -0
  567. data/src/core/lib/surface/completion_queue_factory.cc +79 -0
  568. data/src/core/lib/surface/completion_queue_factory.h +38 -0
  569. data/src/core/lib/surface/event_string.cc +68 -0
  570. data/src/core/lib/surface/event_string.h +29 -0
  571. data/src/core/lib/surface/init.cc +196 -0
  572. data/src/core/lib/surface/init.h +27 -0
  573. data/src/core/lib/surface/init_secure.cc +81 -0
  574. data/src/core/lib/surface/lame_client.cc +180 -0
  575. data/src/core/lib/surface/lame_client.h +28 -0
  576. data/src/core/lib/surface/metadata_array.cc +36 -0
  577. data/src/core/lib/surface/server.cc +1445 -0
  578. data/src/core/lib/surface/server.h +58 -0
  579. data/src/core/lib/surface/validate_metadata.cc +95 -0
  580. data/src/core/lib/surface/validate_metadata.h +30 -0
  581. data/src/core/lib/surface/version.cc +28 -0
  582. data/src/core/lib/transport/bdp_estimator.cc +87 -0
  583. data/src/core/lib/transport/bdp_estimator.h +94 -0
  584. data/src/core/lib/transport/byte_stream.cc +160 -0
  585. data/src/core/lib/transport/byte_stream.h +164 -0
  586. data/src/core/lib/transport/connectivity_state.cc +196 -0
  587. data/src/core/lib/transport/connectivity_state.h +87 -0
  588. data/src/core/lib/transport/error_utils.cc +118 -0
  589. data/src/core/lib/transport/error_utils.h +46 -0
  590. data/src/core/lib/transport/http2_errors.h +41 -0
  591. data/src/core/lib/transport/metadata.cc +539 -0
  592. data/src/core/lib/transport/metadata.h +165 -0
  593. data/src/core/lib/transport/metadata_batch.cc +329 -0
  594. data/src/core/lib/transport/metadata_batch.h +150 -0
  595. data/src/core/lib/transport/pid_controller.cc +51 -0
  596. data/src/core/lib/transport/pid_controller.h +116 -0
  597. data/src/core/lib/transport/service_config.cc +106 -0
  598. data/src/core/lib/transport/service_config.h +249 -0
  599. data/src/core/lib/transport/static_metadata.cc +601 -0
  600. data/src/core/lib/transport/static_metadata.h +603 -0
  601. data/src/core/lib/transport/status_conversion.cc +100 -0
  602. data/src/core/lib/transport/status_conversion.h +38 -0
  603. data/src/core/lib/transport/status_metadata.cc +54 -0
  604. data/src/core/lib/transport/status_metadata.h +30 -0
  605. data/src/core/lib/transport/timeout_encoding.cc +144 -0
  606. data/src/core/lib/transport/timeout_encoding.h +37 -0
  607. data/src/core/lib/transport/transport.cc +278 -0
  608. data/src/core/lib/transport/transport.h +378 -0
  609. data/src/core/lib/transport/transport_impl.h +71 -0
  610. data/src/core/lib/transport/transport_op_string.cc +214 -0
  611. data/src/core/plugin_registry/grpc_plugin_registry.cc +97 -0
  612. data/src/core/tsi/alts/crypt/aes_gcm.cc +687 -0
  613. data/src/core/tsi/alts/crypt/gsec.cc +189 -0
  614. data/src/core/tsi/alts/crypt/gsec.h +454 -0
  615. data/src/core/tsi/alts/frame_protector/alts_counter.cc +118 -0
  616. data/src/core/tsi/alts/frame_protector/alts_counter.h +98 -0
  617. data/src/core/tsi/alts/frame_protector/alts_crypter.cc +66 -0
  618. data/src/core/tsi/alts/frame_protector/alts_crypter.h +255 -0
  619. data/src/core/tsi/alts/frame_protector/alts_frame_protector.cc +407 -0
  620. data/src/core/tsi/alts/frame_protector/alts_frame_protector.h +55 -0
  621. data/src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc +114 -0
  622. data/src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h +114 -0
  623. data/src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc +105 -0
  624. data/src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc +103 -0
  625. data/src/core/tsi/alts/frame_protector/frame_handler.cc +218 -0
  626. data/src/core/tsi/alts/frame_protector/frame_handler.h +236 -0
  627. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +316 -0
  628. data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +137 -0
  629. data/src/core/tsi/alts/handshaker/alts_handshaker_service_api.cc +520 -0
  630. data/src/core/tsi/alts/handshaker/alts_handshaker_service_api.h +323 -0
  631. data/src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.cc +143 -0
  632. data/src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.h +149 -0
  633. data/src/core/tsi/alts/handshaker/alts_tsi_event.cc +73 -0
  634. data/src/core/tsi/alts/handshaker/alts_tsi_event.h +93 -0
  635. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +483 -0
  636. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +83 -0
  637. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h +52 -0
  638. data/src/core/tsi/alts/handshaker/alts_tsi_utils.cc +58 -0
  639. data/src/core/tsi/alts/handshaker/alts_tsi_utils.h +52 -0
  640. data/src/core/tsi/alts/handshaker/altscontext.pb.c +48 -0
  641. data/src/core/tsi/alts/handshaker/altscontext.pb.h +64 -0
  642. data/src/core/tsi/alts/handshaker/handshaker.pb.c +123 -0
  643. data/src/core/tsi/alts/handshaker/handshaker.pb.h +255 -0
  644. data/src/core/tsi/alts/handshaker/transport_security_common.pb.c +50 -0
  645. data/src/core/tsi/alts/handshaker/transport_security_common.pb.h +78 -0
  646. data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +196 -0
  647. data/src/core/tsi/alts/handshaker/transport_security_common_api.h +163 -0
  648. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc +180 -0
  649. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h +52 -0
  650. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc +144 -0
  651. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h +49 -0
  652. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h +91 -0
  653. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc +174 -0
  654. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h +100 -0
  655. data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc +476 -0
  656. data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h +199 -0
  657. data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +296 -0
  658. data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h +52 -0
  659. data/src/core/tsi/alts_transport_security.cc +63 -0
  660. data/src/core/tsi/alts_transport_security.h +47 -0
  661. data/src/core/tsi/fake_transport_security.cc +787 -0
  662. data/src/core/tsi/fake_transport_security.h +45 -0
  663. data/src/core/tsi/ssl/session_cache/ssl_session.h +73 -0
  664. data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +58 -0
  665. data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +211 -0
  666. data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +93 -0
  667. data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +76 -0
  668. data/src/core/tsi/ssl_transport_security.cc +1831 -0
  669. data/src/core/tsi/ssl_transport_security.h +314 -0
  670. data/src/core/tsi/ssl_types.h +42 -0
  671. data/src/core/tsi/transport_security.cc +326 -0
  672. data/src/core/tsi/transport_security.h +127 -0
  673. data/src/core/tsi/transport_security_adapter.cc +235 -0
  674. data/src/core/tsi/transport_security_adapter.h +41 -0
  675. data/src/core/tsi/transport_security_grpc.cc +66 -0
  676. data/src/core/tsi/transport_security_grpc.h +74 -0
  677. data/src/core/tsi/transport_security_interface.h +454 -0
  678. data/src/ruby/bin/apis/google/protobuf/empty.rb +29 -0
  679. data/src/ruby/bin/apis/pubsub_demo.rb +241 -0
  680. data/src/ruby/bin/apis/tech/pubsub/proto/pubsub.rb +159 -0
  681. data/src/ruby/bin/apis/tech/pubsub/proto/pubsub_services.rb +88 -0
  682. data/src/ruby/bin/math_client.rb +132 -0
  683. data/src/ruby/bin/math_pb.rb +32 -0
  684. data/src/ruby/bin/math_server.rb +191 -0
  685. data/src/ruby/bin/math_services_pb.rb +51 -0
  686. data/src/ruby/bin/noproto_client.rb +93 -0
  687. data/src/ruby/bin/noproto_server.rb +97 -0
  688. data/src/ruby/ext/grpc/extconf.rb +118 -0
  689. data/src/ruby/ext/grpc/rb_byte_buffer.c +64 -0
  690. data/src/ruby/ext/grpc/rb_byte_buffer.h +35 -0
  691. data/src/ruby/ext/grpc/rb_call.c +1041 -0
  692. data/src/ruby/ext/grpc/rb_call.h +53 -0
  693. data/src/ruby/ext/grpc/rb_call_credentials.c +290 -0
  694. data/src/ruby/ext/grpc/rb_call_credentials.h +31 -0
  695. data/src/ruby/ext/grpc/rb_channel.c +828 -0
  696. data/src/ruby/ext/grpc/rb_channel.h +34 -0
  697. data/src/ruby/ext/grpc/rb_channel_args.c +155 -0
  698. data/src/ruby/ext/grpc/rb_channel_args.h +38 -0
  699. data/src/ruby/ext/grpc/rb_channel_credentials.c +263 -0
  700. data/src/ruby/ext/grpc/rb_channel_credentials.h +32 -0
  701. data/src/ruby/ext/grpc/rb_completion_queue.c +100 -0
  702. data/src/ruby/ext/grpc/rb_completion_queue.h +36 -0
  703. data/src/ruby/ext/grpc/rb_compression_options.c +468 -0
  704. data/src/ruby/ext/grpc/rb_compression_options.h +29 -0
  705. data/src/ruby/ext/grpc/rb_event_thread.c +141 -0
  706. data/src/ruby/ext/grpc/rb_event_thread.h +21 -0
  707. data/src/ruby/ext/grpc/rb_grpc.c +340 -0
  708. data/src/ruby/ext/grpc/rb_grpc.h +72 -0
  709. data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +507 -0
  710. data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +766 -0
  711. data/src/ruby/ext/grpc/rb_loader.c +57 -0
  712. data/src/ruby/ext/grpc/rb_loader.h +25 -0
  713. data/src/ruby/ext/grpc/rb_server.c +366 -0
  714. data/src/ruby/ext/grpc/rb_server.h +32 -0
  715. data/src/ruby/ext/grpc/rb_server_credentials.c +243 -0
  716. data/src/ruby/ext/grpc/rb_server_credentials.h +32 -0
  717. data/src/ruby/lib/grpc/core/time_consts.rb +56 -0
  718. data/src/ruby/lib/grpc/errors.rb +201 -0
  719. data/src/ruby/lib/grpc/generic/active_call.rb +674 -0
  720. data/src/ruby/lib/grpc/generic/bidi_call.rb +233 -0
  721. data/src/ruby/lib/grpc/generic/client_stub.rb +501 -0
  722. data/src/ruby/lib/grpc/generic/interceptor_registry.rb +53 -0
  723. data/src/ruby/lib/grpc/generic/interceptors.rb +186 -0
  724. data/src/ruby/lib/grpc/generic/rpc_desc.rb +204 -0
  725. data/src/ruby/lib/grpc/generic/rpc_server.rb +490 -0
  726. data/src/ruby/lib/grpc/generic/service.rb +210 -0
  727. data/src/ruby/lib/grpc/google_rpc_status_utils.rb +35 -0
  728. data/src/ruby/lib/grpc/grpc.rb +24 -0
  729. data/src/ruby/lib/grpc/logconfig.rb +44 -0
  730. data/src/ruby/lib/grpc/notifier.rb +45 -0
  731. data/src/ruby/lib/grpc/version.rb +18 -0
  732. data/src/ruby/lib/grpc.rb +35 -0
  733. data/src/ruby/pb/README.md +42 -0
  734. data/src/ruby/pb/generate_proto_ruby.sh +43 -0
  735. data/src/ruby/pb/grpc/health/checker.rb +76 -0
  736. data/src/ruby/pb/grpc/health/v1/health_pb.rb +28 -0
  737. data/src/ruby/pb/grpc/health/v1/health_services_pb.rb +41 -0
  738. data/src/ruby/pb/grpc/testing/duplicate/echo_duplicate_services_pb.rb +44 -0
  739. data/src/ruby/pb/grpc/testing/metrics_pb.rb +28 -0
  740. data/src/ruby/pb/grpc/testing/metrics_services_pb.rb +49 -0
  741. data/src/ruby/pb/src/proto/grpc/testing/empty_pb.rb +15 -0
  742. data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +82 -0
  743. data/src/ruby/pb/src/proto/grpc/testing/test_pb.rb +14 -0
  744. data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +102 -0
  745. data/src/ruby/pb/test/client.rb +764 -0
  746. data/src/ruby/pb/test/server.rb +252 -0
  747. data/src/ruby/spec/call_credentials_spec.rb +42 -0
  748. data/src/ruby/spec/call_spec.rb +180 -0
  749. data/src/ruby/spec/channel_connection_spec.rb +126 -0
  750. data/src/ruby/spec/channel_credentials_spec.rb +82 -0
  751. data/src/ruby/spec/channel_spec.rb +190 -0
  752. data/src/ruby/spec/client_auth_spec.rb +137 -0
  753. data/src/ruby/spec/client_server_spec.rb +664 -0
  754. data/src/ruby/spec/compression_options_spec.rb +149 -0
  755. data/src/ruby/spec/error_sanity_spec.rb +49 -0
  756. data/src/ruby/spec/generic/active_call_spec.rb +672 -0
  757. data/src/ruby/spec/generic/client_interceptors_spec.rb +153 -0
  758. data/src/ruby/spec/generic/client_stub_spec.rb +1067 -0
  759. data/src/ruby/spec/generic/interceptor_registry_spec.rb +65 -0
  760. data/src/ruby/spec/generic/rpc_desc_spec.rb +374 -0
  761. data/src/ruby/spec/generic/rpc_server_pool_spec.rb +127 -0
  762. data/src/ruby/spec/generic/rpc_server_spec.rb +726 -0
  763. data/src/ruby/spec/generic/server_interceptors_spec.rb +218 -0
  764. data/src/ruby/spec/generic/service_spec.rb +261 -0
  765. data/src/ruby/spec/google_rpc_status_utils_spec.rb +293 -0
  766. data/src/ruby/spec/pb/duplicate/codegen_spec.rb +56 -0
  767. data/src/ruby/spec/pb/health/checker_spec.rb +236 -0
  768. data/src/ruby/spec/pb/package_with_underscore/checker_spec.rb +54 -0
  769. data/src/ruby/spec/pb/package_with_underscore/data.proto +23 -0
  770. data/src/ruby/spec/pb/package_with_underscore/service.proto +23 -0
  771. data/src/ruby/spec/server_credentials_spec.rb +79 -0
  772. data/src/ruby/spec/server_spec.rb +209 -0
  773. data/src/ruby/spec/spec_helper.rb +60 -0
  774. data/src/ruby/spec/support/helpers.rb +107 -0
  775. data/src/ruby/spec/support/services.rb +147 -0
  776. data/src/ruby/spec/testdata/README +1 -0
  777. data/src/ruby/spec/testdata/ca.pem +15 -0
  778. data/src/ruby/spec/testdata/client.key +16 -0
  779. data/src/ruby/spec/testdata/client.pem +14 -0
  780. data/src/ruby/spec/testdata/server1.key +16 -0
  781. data/src/ruby/spec/testdata/server1.pem +16 -0
  782. data/src/ruby/spec/time_consts_spec.rb +74 -0
  783. data/third_party/address_sorting/address_sorting.c +369 -0
  784. data/third_party/address_sorting/address_sorting_internal.h +70 -0
  785. data/third_party/address_sorting/address_sorting_posix.c +97 -0
  786. data/third_party/address_sorting/address_sorting_windows.c +55 -0
  787. data/third_party/address_sorting/include/address_sorting/address_sorting.h +110 -0
  788. data/third_party/boringssl/crypto/asn1/a_bitstr.c +271 -0
  789. data/third_party/boringssl/crypto/asn1/a_bool.c +110 -0
  790. data/third_party/boringssl/crypto/asn1/a_d2i_fp.c +297 -0
  791. data/third_party/boringssl/crypto/asn1/a_dup.c +111 -0
  792. data/third_party/boringssl/crypto/asn1/a_enum.c +195 -0
  793. data/third_party/boringssl/crypto/asn1/a_gentm.c +261 -0
  794. data/third_party/boringssl/crypto/asn1/a_i2d_fp.c +150 -0
  795. data/third_party/boringssl/crypto/asn1/a_int.c +474 -0
  796. data/third_party/boringssl/crypto/asn1/a_mbstr.c +409 -0
  797. data/third_party/boringssl/crypto/asn1/a_object.c +275 -0
  798. data/third_party/boringssl/crypto/asn1/a_octet.c +77 -0
  799. data/third_party/boringssl/crypto/asn1/a_print.c +93 -0
  800. data/third_party/boringssl/crypto/asn1/a_strnid.c +312 -0
  801. data/third_party/boringssl/crypto/asn1/a_time.c +213 -0
  802. data/third_party/boringssl/crypto/asn1/a_type.c +151 -0
  803. data/third_party/boringssl/crypto/asn1/a_utctm.c +303 -0
  804. data/third_party/boringssl/crypto/asn1/a_utf8.c +234 -0
  805. data/third_party/boringssl/crypto/asn1/asn1_lib.c +442 -0
  806. data/third_party/boringssl/crypto/asn1/asn1_locl.h +101 -0
  807. data/third_party/boringssl/crypto/asn1/asn1_par.c +80 -0
  808. data/third_party/boringssl/crypto/asn1/asn_pack.c +105 -0
  809. data/third_party/boringssl/crypto/asn1/f_enum.c +93 -0
  810. data/third_party/boringssl/crypto/asn1/f_int.c +97 -0
  811. data/third_party/boringssl/crypto/asn1/f_string.c +91 -0
  812. data/third_party/boringssl/crypto/asn1/tasn_dec.c +1223 -0
  813. data/third_party/boringssl/crypto/asn1/tasn_enc.c +662 -0
  814. data/third_party/boringssl/crypto/asn1/tasn_fre.c +244 -0
  815. data/third_party/boringssl/crypto/asn1/tasn_new.c +387 -0
  816. data/third_party/boringssl/crypto/asn1/tasn_typ.c +131 -0
  817. data/third_party/boringssl/crypto/asn1/tasn_utl.c +280 -0
  818. data/third_party/boringssl/crypto/asn1/time_support.c +206 -0
  819. data/third_party/boringssl/crypto/base64/base64.c +466 -0
  820. data/third_party/boringssl/crypto/bio/bio.c +636 -0
  821. data/third_party/boringssl/crypto/bio/bio_mem.c +330 -0
  822. data/third_party/boringssl/crypto/bio/connect.c +542 -0
  823. data/third_party/boringssl/crypto/bio/fd.c +275 -0
  824. data/third_party/boringssl/crypto/bio/file.c +313 -0
  825. data/third_party/boringssl/crypto/bio/hexdump.c +192 -0
  826. data/third_party/boringssl/crypto/bio/internal.h +111 -0
  827. data/third_party/boringssl/crypto/bio/pair.c +489 -0
  828. data/third_party/boringssl/crypto/bio/printf.c +115 -0
  829. data/third_party/boringssl/crypto/bio/socket.c +202 -0
  830. data/third_party/boringssl/crypto/bio/socket_helper.c +114 -0
  831. data/third_party/boringssl/crypto/bn_extra/bn_asn1.c +64 -0
  832. data/third_party/boringssl/crypto/bn_extra/convert.c +465 -0
  833. data/third_party/boringssl/crypto/buf/buf.c +231 -0
  834. data/third_party/boringssl/crypto/bytestring/asn1_compat.c +52 -0
  835. data/third_party/boringssl/crypto/bytestring/ber.c +264 -0
  836. data/third_party/boringssl/crypto/bytestring/cbb.c +568 -0
  837. data/third_party/boringssl/crypto/bytestring/cbs.c +487 -0
  838. data/third_party/boringssl/crypto/bytestring/internal.h +75 -0
  839. data/third_party/boringssl/crypto/chacha/chacha.c +167 -0
  840. data/third_party/boringssl/crypto/cipher_extra/cipher_extra.c +114 -0
  841. data/third_party/boringssl/crypto/cipher_extra/derive_key.c +152 -0
  842. data/third_party/boringssl/crypto/cipher_extra/e_aesctrhmac.c +281 -0
  843. data/third_party/boringssl/crypto/cipher_extra/e_aesgcmsiv.c +867 -0
  844. data/third_party/boringssl/crypto/cipher_extra/e_chacha20poly1305.c +326 -0
  845. data/third_party/boringssl/crypto/cipher_extra/e_null.c +85 -0
  846. data/third_party/boringssl/crypto/cipher_extra/e_rc2.c +460 -0
  847. data/third_party/boringssl/crypto/cipher_extra/e_rc4.c +87 -0
  848. data/third_party/boringssl/crypto/cipher_extra/e_ssl3.c +460 -0
  849. data/third_party/boringssl/crypto/cipher_extra/e_tls.c +681 -0
  850. data/third_party/boringssl/crypto/cipher_extra/internal.h +128 -0
  851. data/third_party/boringssl/crypto/cipher_extra/tls_cbc.c +482 -0
  852. data/third_party/boringssl/crypto/cmac/cmac.c +241 -0
  853. data/third_party/boringssl/crypto/conf/conf.c +803 -0
  854. data/third_party/boringssl/crypto/conf/conf_def.h +127 -0
  855. data/third_party/boringssl/crypto/conf/internal.h +31 -0
  856. data/third_party/boringssl/crypto/cpu-aarch64-linux.c +61 -0
  857. data/third_party/boringssl/crypto/cpu-arm-linux.c +363 -0
  858. data/third_party/boringssl/crypto/cpu-arm.c +38 -0
  859. data/third_party/boringssl/crypto/cpu-intel.c +288 -0
  860. data/third_party/boringssl/crypto/cpu-ppc64le.c +38 -0
  861. data/third_party/boringssl/crypto/crypto.c +198 -0
  862. data/third_party/boringssl/crypto/curve25519/spake25519.c +539 -0
  863. data/third_party/boringssl/crypto/curve25519/x25519-x86_64.c +247 -0
  864. data/third_party/boringssl/crypto/dh/check.c +217 -0
  865. data/third_party/boringssl/crypto/dh/dh.c +519 -0
  866. data/third_party/boringssl/crypto/dh/dh_asn1.c +160 -0
  867. data/third_party/boringssl/crypto/dh/params.c +93 -0
  868. data/third_party/boringssl/crypto/digest_extra/digest_extra.c +240 -0
  869. data/third_party/boringssl/crypto/dsa/dsa.c +984 -0
  870. data/third_party/boringssl/crypto/dsa/dsa_asn1.c +339 -0
  871. data/third_party/boringssl/crypto/ec_extra/ec_asn1.c +563 -0
  872. data/third_party/boringssl/crypto/ecdh/ecdh.c +161 -0
  873. data/third_party/boringssl/crypto/ecdsa_extra/ecdsa_asn1.c +275 -0
  874. data/third_party/boringssl/crypto/engine/engine.c +98 -0
  875. data/third_party/boringssl/crypto/err/err.c +847 -0
  876. data/third_party/boringssl/crypto/err/internal.h +58 -0
  877. data/third_party/boringssl/crypto/evp/digestsign.c +231 -0
  878. data/third_party/boringssl/crypto/evp/evp.c +362 -0
  879. data/third_party/boringssl/crypto/evp/evp_asn1.c +337 -0
  880. data/third_party/boringssl/crypto/evp/evp_ctx.c +446 -0
  881. data/third_party/boringssl/crypto/evp/internal.h +252 -0
  882. data/third_party/boringssl/crypto/evp/p_dsa_asn1.c +268 -0
  883. data/third_party/boringssl/crypto/evp/p_ec.c +239 -0
  884. data/third_party/boringssl/crypto/evp/p_ec_asn1.c +256 -0
  885. data/third_party/boringssl/crypto/evp/p_ed25519.c +71 -0
  886. data/third_party/boringssl/crypto/evp/p_ed25519_asn1.c +190 -0
  887. data/third_party/boringssl/crypto/evp/p_rsa.c +634 -0
  888. data/third_party/boringssl/crypto/evp/p_rsa_asn1.c +189 -0
  889. data/third_party/boringssl/crypto/evp/pbkdf.c +146 -0
  890. data/third_party/boringssl/crypto/evp/print.c +489 -0
  891. data/third_party/boringssl/crypto/evp/scrypt.c +209 -0
  892. data/third_party/boringssl/crypto/evp/sign.c +151 -0
  893. data/third_party/boringssl/crypto/ex_data.c +261 -0
  894. data/third_party/boringssl/crypto/fipsmodule/aes/aes.c +1100 -0
  895. data/third_party/boringssl/crypto/fipsmodule/aes/internal.h +100 -0
  896. data/third_party/boringssl/crypto/fipsmodule/aes/key_wrap.c +138 -0
  897. data/third_party/boringssl/crypto/fipsmodule/aes/mode_wrappers.c +112 -0
  898. data/third_party/boringssl/crypto/fipsmodule/bcm.c +679 -0
  899. data/third_party/boringssl/crypto/fipsmodule/bn/add.c +371 -0
  900. data/third_party/boringssl/crypto/fipsmodule/bn/asm/x86_64-gcc.c +540 -0
  901. data/third_party/boringssl/crypto/fipsmodule/bn/bn.c +370 -0
  902. data/third_party/boringssl/crypto/fipsmodule/bn/bytes.c +269 -0
  903. data/third_party/boringssl/crypto/fipsmodule/bn/cmp.c +254 -0
  904. data/third_party/boringssl/crypto/fipsmodule/bn/ctx.c +303 -0
  905. data/third_party/boringssl/crypto/fipsmodule/bn/div.c +733 -0
  906. data/third_party/boringssl/crypto/fipsmodule/bn/exponentiation.c +1390 -0
  907. data/third_party/boringssl/crypto/fipsmodule/bn/gcd.c +627 -0
  908. data/third_party/boringssl/crypto/fipsmodule/bn/generic.c +710 -0
  909. data/third_party/boringssl/crypto/fipsmodule/bn/internal.h +413 -0
  910. data/third_party/boringssl/crypto/fipsmodule/bn/jacobi.c +146 -0
  911. data/third_party/boringssl/crypto/fipsmodule/bn/montgomery.c +483 -0
  912. data/third_party/boringssl/crypto/fipsmodule/bn/montgomery_inv.c +207 -0
  913. data/third_party/boringssl/crypto/fipsmodule/bn/mul.c +902 -0
  914. data/third_party/boringssl/crypto/fipsmodule/bn/prime.c +894 -0
  915. data/third_party/boringssl/crypto/fipsmodule/bn/random.c +299 -0
  916. data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.c +254 -0
  917. data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.h +53 -0
  918. data/third_party/boringssl/crypto/fipsmodule/bn/shift.c +305 -0
  919. data/third_party/boringssl/crypto/fipsmodule/bn/sqrt.c +502 -0
  920. data/third_party/boringssl/crypto/fipsmodule/cipher/aead.c +284 -0
  921. data/third_party/boringssl/crypto/fipsmodule/cipher/cipher.c +615 -0
  922. data/third_party/boringssl/crypto/fipsmodule/cipher/e_aes.c +1437 -0
  923. data/third_party/boringssl/crypto/fipsmodule/cipher/e_des.c +233 -0
  924. data/third_party/boringssl/crypto/fipsmodule/cipher/internal.h +129 -0
  925. data/third_party/boringssl/crypto/fipsmodule/delocate.h +88 -0
  926. data/third_party/boringssl/crypto/fipsmodule/des/des.c +785 -0
  927. data/third_party/boringssl/crypto/fipsmodule/des/internal.h +238 -0
  928. data/third_party/boringssl/crypto/fipsmodule/digest/digest.c +256 -0
  929. data/third_party/boringssl/crypto/fipsmodule/digest/digests.c +280 -0
  930. data/third_party/boringssl/crypto/fipsmodule/digest/internal.h +112 -0
  931. data/third_party/boringssl/crypto/fipsmodule/digest/md32_common.h +268 -0
  932. data/third_party/boringssl/crypto/fipsmodule/ec/ec.c +943 -0
  933. data/third_party/boringssl/crypto/fipsmodule/ec/ec_key.c +517 -0
  934. data/third_party/boringssl/crypto/fipsmodule/ec/ec_montgomery.c +277 -0
  935. data/third_party/boringssl/crypto/fipsmodule/ec/internal.h +316 -0
  936. data/third_party/boringssl/crypto/fipsmodule/ec/oct.c +404 -0
  937. data/third_party/boringssl/crypto/fipsmodule/ec/p224-64.c +1131 -0
  938. data/third_party/boringssl/crypto/fipsmodule/ec/p256-64.c +1674 -0
  939. data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64-table.h +9543 -0
  940. data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.c +456 -0
  941. data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.h +113 -0
  942. data/third_party/boringssl/crypto/fipsmodule/ec/simple.c +1052 -0
  943. data/third_party/boringssl/crypto/fipsmodule/ec/util-64.c +109 -0
  944. data/third_party/boringssl/crypto/fipsmodule/ec/wnaf.c +474 -0
  945. data/third_party/boringssl/crypto/fipsmodule/ecdsa/ecdsa.c +442 -0
  946. data/third_party/boringssl/crypto/fipsmodule/hmac/hmac.c +228 -0
  947. data/third_party/boringssl/crypto/fipsmodule/is_fips.c +27 -0
  948. data/third_party/boringssl/crypto/fipsmodule/md4/md4.c +254 -0
  949. data/third_party/boringssl/crypto/fipsmodule/md5/md5.c +298 -0
  950. data/third_party/boringssl/crypto/fipsmodule/modes/cbc.c +211 -0
  951. data/third_party/boringssl/crypto/fipsmodule/modes/cfb.c +234 -0
  952. data/third_party/boringssl/crypto/fipsmodule/modes/ctr.c +220 -0
  953. data/third_party/boringssl/crypto/fipsmodule/modes/gcm.c +1063 -0
  954. data/third_party/boringssl/crypto/fipsmodule/modes/internal.h +384 -0
  955. data/third_party/boringssl/crypto/fipsmodule/modes/ofb.c +95 -0
  956. data/third_party/boringssl/crypto/fipsmodule/modes/polyval.c +91 -0
  957. data/third_party/boringssl/crypto/fipsmodule/rand/ctrdrbg.c +200 -0
  958. data/third_party/boringssl/crypto/fipsmodule/rand/internal.h +92 -0
  959. data/third_party/boringssl/crypto/fipsmodule/rand/rand.c +358 -0
  960. data/third_party/boringssl/crypto/fipsmodule/rand/urandom.c +302 -0
  961. data/third_party/boringssl/crypto/fipsmodule/rsa/blinding.c +263 -0
  962. data/third_party/boringssl/crypto/fipsmodule/rsa/internal.h +131 -0
  963. data/third_party/boringssl/crypto/fipsmodule/rsa/padding.c +692 -0
  964. data/third_party/boringssl/crypto/fipsmodule/rsa/rsa.c +857 -0
  965. data/third_party/boringssl/crypto/fipsmodule/rsa/rsa_impl.c +1051 -0
  966. data/third_party/boringssl/crypto/fipsmodule/sha/sha1-altivec.c +361 -0
  967. data/third_party/boringssl/crypto/fipsmodule/sha/sha1.c +375 -0
  968. data/third_party/boringssl/crypto/fipsmodule/sha/sha256.c +337 -0
  969. data/third_party/boringssl/crypto/fipsmodule/sha/sha512.c +608 -0
  970. data/third_party/boringssl/crypto/hkdf/hkdf.c +112 -0
  971. data/third_party/boringssl/crypto/internal.h +676 -0
  972. data/third_party/boringssl/crypto/lhash/lhash.c +336 -0
  973. data/third_party/boringssl/crypto/mem.c +237 -0
  974. data/third_party/boringssl/crypto/obj/obj.c +621 -0
  975. data/third_party/boringssl/crypto/obj/obj_dat.h +6244 -0
  976. data/third_party/boringssl/crypto/obj/obj_xref.c +122 -0
  977. data/third_party/boringssl/crypto/pem/pem_all.c +262 -0
  978. data/third_party/boringssl/crypto/pem/pem_info.c +379 -0
  979. data/third_party/boringssl/crypto/pem/pem_lib.c +776 -0
  980. data/third_party/boringssl/crypto/pem/pem_oth.c +88 -0
  981. data/third_party/boringssl/crypto/pem/pem_pk8.c +258 -0
  982. data/third_party/boringssl/crypto/pem/pem_pkey.c +227 -0
  983. data/third_party/boringssl/crypto/pem/pem_x509.c +65 -0
  984. data/third_party/boringssl/crypto/pem/pem_xaux.c +65 -0
  985. data/third_party/boringssl/crypto/pkcs7/internal.h +49 -0
  986. data/third_party/boringssl/crypto/pkcs7/pkcs7.c +166 -0
  987. data/third_party/boringssl/crypto/pkcs7/pkcs7_x509.c +233 -0
  988. data/third_party/boringssl/crypto/pkcs8/internal.h +120 -0
  989. data/third_party/boringssl/crypto/pkcs8/p5_pbev2.c +307 -0
  990. data/third_party/boringssl/crypto/pkcs8/pkcs8.c +513 -0
  991. data/third_party/boringssl/crypto/pkcs8/pkcs8_x509.c +789 -0
  992. data/third_party/boringssl/crypto/poly1305/internal.h +41 -0
  993. data/third_party/boringssl/crypto/poly1305/poly1305.c +318 -0
  994. data/third_party/boringssl/crypto/poly1305/poly1305_arm.c +304 -0
  995. data/third_party/boringssl/crypto/poly1305/poly1305_vec.c +839 -0
  996. data/third_party/boringssl/crypto/pool/internal.h +45 -0
  997. data/third_party/boringssl/crypto/pool/pool.c +200 -0
  998. data/third_party/boringssl/crypto/rand_extra/deterministic.c +48 -0
  999. data/third_party/boringssl/crypto/rand_extra/forkunsafe.c +46 -0
  1000. data/third_party/boringssl/crypto/rand_extra/fuchsia.c +43 -0
  1001. data/third_party/boringssl/crypto/rand_extra/rand_extra.c +70 -0
  1002. data/third_party/boringssl/crypto/rand_extra/windows.c +53 -0
  1003. data/third_party/boringssl/crypto/rc4/rc4.c +98 -0
  1004. data/third_party/boringssl/crypto/refcount_c11.c +67 -0
  1005. data/third_party/boringssl/crypto/refcount_lock.c +53 -0
  1006. data/third_party/boringssl/crypto/rsa_extra/rsa_asn1.c +325 -0
  1007. data/third_party/boringssl/crypto/stack/stack.c +380 -0
  1008. data/third_party/boringssl/crypto/thread.c +110 -0
  1009. data/third_party/boringssl/crypto/thread_none.c +59 -0
  1010. data/third_party/boringssl/crypto/thread_pthread.c +176 -0
  1011. data/third_party/boringssl/crypto/thread_win.c +237 -0
  1012. data/third_party/boringssl/crypto/x509/a_digest.c +96 -0
  1013. data/third_party/boringssl/crypto/x509/a_sign.c +128 -0
  1014. data/third_party/boringssl/crypto/x509/a_strex.c +633 -0
  1015. data/third_party/boringssl/crypto/x509/a_verify.c +115 -0
  1016. data/third_party/boringssl/crypto/x509/algorithm.c +153 -0
  1017. data/third_party/boringssl/crypto/x509/asn1_gen.c +841 -0
  1018. data/third_party/boringssl/crypto/x509/by_dir.c +451 -0
  1019. data/third_party/boringssl/crypto/x509/by_file.c +274 -0
  1020. data/third_party/boringssl/crypto/x509/charmap.h +15 -0
  1021. data/third_party/boringssl/crypto/x509/i2d_pr.c +83 -0
  1022. data/third_party/boringssl/crypto/x509/internal.h +66 -0
  1023. data/third_party/boringssl/crypto/x509/rsa_pss.c +385 -0
  1024. data/third_party/boringssl/crypto/x509/t_crl.c +128 -0
  1025. data/third_party/boringssl/crypto/x509/t_req.c +246 -0
  1026. data/third_party/boringssl/crypto/x509/t_x509.c +547 -0
  1027. data/third_party/boringssl/crypto/x509/t_x509a.c +111 -0
  1028. data/third_party/boringssl/crypto/x509/vpm_int.h +70 -0
  1029. data/third_party/boringssl/crypto/x509/x509.c +157 -0
  1030. data/third_party/boringssl/crypto/x509/x509_att.c +381 -0
  1031. data/third_party/boringssl/crypto/x509/x509_cmp.c +477 -0
  1032. data/third_party/boringssl/crypto/x509/x509_d2.c +106 -0
  1033. data/third_party/boringssl/crypto/x509/x509_def.c +103 -0
  1034. data/third_party/boringssl/crypto/x509/x509_ext.c +206 -0
  1035. data/third_party/boringssl/crypto/x509/x509_lu.c +725 -0
  1036. data/third_party/boringssl/crypto/x509/x509_obj.c +198 -0
  1037. data/third_party/boringssl/crypto/x509/x509_r2x.c +117 -0
  1038. data/third_party/boringssl/crypto/x509/x509_req.c +322 -0
  1039. data/third_party/boringssl/crypto/x509/x509_set.c +164 -0
  1040. data/third_party/boringssl/crypto/x509/x509_trs.c +326 -0
  1041. data/third_party/boringssl/crypto/x509/x509_txt.c +205 -0
  1042. data/third_party/boringssl/crypto/x509/x509_v3.c +278 -0
  1043. data/third_party/boringssl/crypto/x509/x509_vfy.c +2472 -0
  1044. data/third_party/boringssl/crypto/x509/x509_vpm.c +648 -0
  1045. data/third_party/boringssl/crypto/x509/x509cset.c +170 -0
  1046. data/third_party/boringssl/crypto/x509/x509name.c +389 -0
  1047. data/third_party/boringssl/crypto/x509/x509rset.c +81 -0
  1048. data/third_party/boringssl/crypto/x509/x509spki.c +137 -0
  1049. data/third_party/boringssl/crypto/x509/x_algor.c +151 -0
  1050. data/third_party/boringssl/crypto/x509/x_all.c +501 -0
  1051. data/third_party/boringssl/crypto/x509/x_attrib.c +111 -0
  1052. data/third_party/boringssl/crypto/x509/x_crl.c +541 -0
  1053. data/third_party/boringssl/crypto/x509/x_exten.c +75 -0
  1054. data/third_party/boringssl/crypto/x509/x_info.c +98 -0
  1055. data/third_party/boringssl/crypto/x509/x_name.c +541 -0
  1056. data/third_party/boringssl/crypto/x509/x_pkey.c +106 -0
  1057. data/third_party/boringssl/crypto/x509/x_pubkey.c +368 -0
  1058. data/third_party/boringssl/crypto/x509/x_req.c +109 -0
  1059. data/third_party/boringssl/crypto/x509/x_sig.c +69 -0
  1060. data/third_party/boringssl/crypto/x509/x_spki.c +80 -0
  1061. data/third_party/boringssl/crypto/x509/x_val.c +69 -0
  1062. data/third_party/boringssl/crypto/x509/x_x509.c +328 -0
  1063. data/third_party/boringssl/crypto/x509/x_x509a.c +198 -0
  1064. data/third_party/boringssl/crypto/x509v3/ext_dat.h +143 -0
  1065. data/third_party/boringssl/crypto/x509v3/pcy_cache.c +284 -0
  1066. data/third_party/boringssl/crypto/x509v3/pcy_data.c +130 -0
  1067. data/third_party/boringssl/crypto/x509v3/pcy_int.h +217 -0
  1068. data/third_party/boringssl/crypto/x509v3/pcy_lib.c +155 -0
  1069. data/third_party/boringssl/crypto/x509v3/pcy_map.c +130 -0
  1070. data/third_party/boringssl/crypto/x509v3/pcy_node.c +188 -0
  1071. data/third_party/boringssl/crypto/x509v3/pcy_tree.c +840 -0
  1072. data/third_party/boringssl/crypto/x509v3/v3_akey.c +204 -0
  1073. data/third_party/boringssl/crypto/x509v3/v3_akeya.c +72 -0
  1074. data/third_party/boringssl/crypto/x509v3/v3_alt.c +623 -0
  1075. data/third_party/boringssl/crypto/x509v3/v3_bcons.c +133 -0
  1076. data/third_party/boringssl/crypto/x509v3/v3_bitst.c +141 -0
  1077. data/third_party/boringssl/crypto/x509v3/v3_conf.c +462 -0
  1078. data/third_party/boringssl/crypto/x509v3/v3_cpols.c +502 -0
  1079. data/third_party/boringssl/crypto/x509v3/v3_crld.c +561 -0
  1080. data/third_party/boringssl/crypto/x509v3/v3_enum.c +100 -0
  1081. data/third_party/boringssl/crypto/x509v3/v3_extku.c +148 -0
  1082. data/third_party/boringssl/crypto/x509v3/v3_genn.c +251 -0
  1083. data/third_party/boringssl/crypto/x509v3/v3_ia5.c +122 -0
  1084. data/third_party/boringssl/crypto/x509v3/v3_info.c +219 -0
  1085. data/third_party/boringssl/crypto/x509v3/v3_int.c +91 -0
  1086. data/third_party/boringssl/crypto/x509v3/v3_lib.c +370 -0
  1087. data/third_party/boringssl/crypto/x509v3/v3_ncons.c +501 -0
  1088. data/third_party/boringssl/crypto/x509v3/v3_pci.c +287 -0
  1089. data/third_party/boringssl/crypto/x509v3/v3_pcia.c +57 -0
  1090. data/third_party/boringssl/crypto/x509v3/v3_pcons.c +139 -0
  1091. data/third_party/boringssl/crypto/x509v3/v3_pku.c +110 -0
  1092. data/third_party/boringssl/crypto/x509v3/v3_pmaps.c +154 -0
  1093. data/third_party/boringssl/crypto/x509v3/v3_prn.c +229 -0
  1094. data/third_party/boringssl/crypto/x509v3/v3_purp.c +866 -0
  1095. data/third_party/boringssl/crypto/x509v3/v3_skey.c +152 -0
  1096. data/third_party/boringssl/crypto/x509v3/v3_sxnet.c +274 -0
  1097. data/third_party/boringssl/crypto/x509v3/v3_utl.c +1352 -0
  1098. data/third_party/boringssl/include/openssl/aead.h +423 -0
  1099. data/third_party/boringssl/include/openssl/aes.h +170 -0
  1100. data/third_party/boringssl/include/openssl/arm_arch.h +121 -0
  1101. data/third_party/boringssl/include/openssl/asn1.h +982 -0
  1102. data/third_party/boringssl/include/openssl/asn1_mac.h +18 -0
  1103. data/third_party/boringssl/include/openssl/asn1t.h +892 -0
  1104. data/third_party/boringssl/include/openssl/base.h +468 -0
  1105. data/third_party/boringssl/include/openssl/base64.h +187 -0
  1106. data/third_party/boringssl/include/openssl/bio.h +902 -0
  1107. data/third_party/boringssl/include/openssl/blowfish.h +93 -0
  1108. data/third_party/boringssl/include/openssl/bn.h +975 -0
  1109. data/third_party/boringssl/include/openssl/buf.h +137 -0
  1110. data/third_party/boringssl/include/openssl/buffer.h +18 -0
  1111. data/third_party/boringssl/include/openssl/bytestring.h +480 -0
  1112. data/third_party/boringssl/include/openssl/cast.h +96 -0
  1113. data/third_party/boringssl/include/openssl/chacha.h +41 -0
  1114. data/third_party/boringssl/include/openssl/cipher.h +608 -0
  1115. data/third_party/boringssl/include/openssl/cmac.h +87 -0
  1116. data/third_party/boringssl/include/openssl/conf.h +183 -0
  1117. data/third_party/boringssl/include/openssl/cpu.h +196 -0
  1118. data/third_party/boringssl/include/openssl/crypto.h +118 -0
  1119. data/third_party/boringssl/include/openssl/curve25519.h +201 -0
  1120. data/third_party/boringssl/include/openssl/des.h +177 -0
  1121. data/third_party/boringssl/include/openssl/dh.h +298 -0
  1122. data/third_party/boringssl/include/openssl/digest.h +316 -0
  1123. data/third_party/boringssl/include/openssl/dsa.h +435 -0
  1124. data/third_party/boringssl/include/openssl/dtls1.h +16 -0
  1125. data/third_party/boringssl/include/openssl/ec.h +407 -0
  1126. data/third_party/boringssl/include/openssl/ec_key.h +341 -0
  1127. data/third_party/boringssl/include/openssl/ecdh.h +101 -0
  1128. data/third_party/boringssl/include/openssl/ecdsa.h +199 -0
  1129. data/third_party/boringssl/include/openssl/engine.h +109 -0
  1130. data/third_party/boringssl/include/openssl/err.h +458 -0
  1131. data/third_party/boringssl/include/openssl/evp.h +873 -0
  1132. data/third_party/boringssl/include/openssl/ex_data.h +203 -0
  1133. data/third_party/boringssl/include/openssl/hkdf.h +64 -0
  1134. data/third_party/boringssl/include/openssl/hmac.h +186 -0
  1135. data/third_party/boringssl/include/openssl/is_boringssl.h +16 -0
  1136. data/third_party/boringssl/include/openssl/lhash.h +174 -0
  1137. data/third_party/boringssl/include/openssl/lhash_macros.h +174 -0
  1138. data/third_party/boringssl/include/openssl/md4.h +106 -0
  1139. data/third_party/boringssl/include/openssl/md5.h +107 -0
  1140. data/third_party/boringssl/include/openssl/mem.h +156 -0
  1141. data/third_party/boringssl/include/openssl/nid.h +4242 -0
  1142. data/third_party/boringssl/include/openssl/obj.h +233 -0
  1143. data/third_party/boringssl/include/openssl/obj_mac.h +18 -0
  1144. data/third_party/boringssl/include/openssl/objects.h +18 -0
  1145. data/third_party/boringssl/include/openssl/opensslconf.h +67 -0
  1146. data/third_party/boringssl/include/openssl/opensslv.h +18 -0
  1147. data/third_party/boringssl/include/openssl/ossl_typ.h +18 -0
  1148. data/third_party/boringssl/include/openssl/pem.h +397 -0
  1149. data/third_party/boringssl/include/openssl/pkcs12.h +18 -0
  1150. data/third_party/boringssl/include/openssl/pkcs7.h +82 -0
  1151. data/third_party/boringssl/include/openssl/pkcs8.h +230 -0
  1152. data/third_party/boringssl/include/openssl/poly1305.h +51 -0
  1153. data/third_party/boringssl/include/openssl/pool.h +91 -0
  1154. data/third_party/boringssl/include/openssl/rand.h +125 -0
  1155. data/third_party/boringssl/include/openssl/rc4.h +96 -0
  1156. data/third_party/boringssl/include/openssl/ripemd.h +107 -0
  1157. data/third_party/boringssl/include/openssl/rsa.h +731 -0
  1158. data/third_party/boringssl/include/openssl/safestack.h +16 -0
  1159. data/third_party/boringssl/include/openssl/sha.h +256 -0
  1160. data/third_party/boringssl/include/openssl/span.h +191 -0
  1161. data/third_party/boringssl/include/openssl/srtp.h +18 -0
  1162. data/third_party/boringssl/include/openssl/ssl.h +4592 -0
  1163. data/third_party/boringssl/include/openssl/ssl3.h +333 -0
  1164. data/third_party/boringssl/include/openssl/stack.h +485 -0
  1165. data/third_party/boringssl/include/openssl/thread.h +191 -0
  1166. data/third_party/boringssl/include/openssl/tls1.h +610 -0
  1167. data/third_party/boringssl/include/openssl/type_check.h +91 -0
  1168. data/third_party/boringssl/include/openssl/x509.h +1176 -0
  1169. data/third_party/boringssl/include/openssl/x509_vfy.h +614 -0
  1170. data/third_party/boringssl/include/openssl/x509v3.h +826 -0
  1171. data/third_party/boringssl/ssl/bio_ssl.cc +179 -0
  1172. data/third_party/boringssl/ssl/custom_extensions.cc +265 -0
  1173. data/third_party/boringssl/ssl/d1_both.cc +837 -0
  1174. data/third_party/boringssl/ssl/d1_lib.cc +267 -0
  1175. data/third_party/boringssl/ssl/d1_pkt.cc +274 -0
  1176. data/third_party/boringssl/ssl/d1_srtp.cc +232 -0
  1177. data/third_party/boringssl/ssl/dtls_method.cc +193 -0
  1178. data/third_party/boringssl/ssl/dtls_record.cc +353 -0
  1179. data/third_party/boringssl/ssl/handshake.cc +616 -0
  1180. data/third_party/boringssl/ssl/handshake_client.cc +1836 -0
  1181. data/third_party/boringssl/ssl/handshake_server.cc +1662 -0
  1182. data/third_party/boringssl/ssl/internal.h +3011 -0
  1183. data/third_party/boringssl/ssl/s3_both.cc +585 -0
  1184. data/third_party/boringssl/ssl/s3_lib.cc +224 -0
  1185. data/third_party/boringssl/ssl/s3_pkt.cc +443 -0
  1186. data/third_party/boringssl/ssl/ssl_aead_ctx.cc +415 -0
  1187. data/third_party/boringssl/ssl/ssl_asn1.cc +840 -0
  1188. data/third_party/boringssl/ssl/ssl_buffer.cc +286 -0
  1189. data/third_party/boringssl/ssl/ssl_cert.cc +913 -0
  1190. data/third_party/boringssl/ssl/ssl_cipher.cc +1777 -0
  1191. data/third_party/boringssl/ssl/ssl_file.cc +583 -0
  1192. data/third_party/boringssl/ssl/ssl_key_share.cc +250 -0
  1193. data/third_party/boringssl/ssl/ssl_lib.cc +2650 -0
  1194. data/third_party/boringssl/ssl/ssl_privkey.cc +488 -0
  1195. data/third_party/boringssl/ssl/ssl_session.cc +1221 -0
  1196. data/third_party/boringssl/ssl/ssl_stat.cc +224 -0
  1197. data/third_party/boringssl/ssl/ssl_transcript.cc +398 -0
  1198. data/third_party/boringssl/ssl/ssl_versions.cc +472 -0
  1199. data/third_party/boringssl/ssl/ssl_x509.cc +1299 -0
  1200. data/third_party/boringssl/ssl/t1_enc.cc +503 -0
  1201. data/third_party/boringssl/ssl/t1_lib.cc +3457 -0
  1202. data/third_party/boringssl/ssl/tls13_both.cc +551 -0
  1203. data/third_party/boringssl/ssl/tls13_client.cc +977 -0
  1204. data/third_party/boringssl/ssl/tls13_enc.cc +563 -0
  1205. data/third_party/boringssl/ssl/tls13_server.cc +1068 -0
  1206. data/third_party/boringssl/ssl/tls_method.cc +291 -0
  1207. data/third_party/boringssl/ssl/tls_record.cc +712 -0
  1208. data/third_party/boringssl/third_party/fiat/curve25519.c +5062 -0
  1209. data/third_party/boringssl/third_party/fiat/internal.h +142 -0
  1210. data/third_party/cares/ares_build.h +223 -0
  1211. data/third_party/cares/cares/ares.h +658 -0
  1212. data/third_party/cares/cares/ares__close_sockets.c +61 -0
  1213. data/third_party/cares/cares/ares__get_hostent.c +261 -0
  1214. data/third_party/cares/cares/ares__read_line.c +73 -0
  1215. data/third_party/cares/cares/ares__timeval.c +111 -0
  1216. data/third_party/cares/cares/ares_cancel.c +63 -0
  1217. data/third_party/cares/cares/ares_create_query.c +202 -0
  1218. data/third_party/cares/cares/ares_data.c +221 -0
  1219. data/third_party/cares/cares/ares_data.h +72 -0
  1220. data/third_party/cares/cares/ares_destroy.c +108 -0
  1221. data/third_party/cares/cares/ares_dns.h +103 -0
  1222. data/third_party/cares/cares/ares_expand_name.c +209 -0
  1223. data/third_party/cares/cares/ares_expand_string.c +70 -0
  1224. data/third_party/cares/cares/ares_fds.c +59 -0
  1225. data/third_party/cares/cares/ares_free_hostent.c +41 -0
  1226. data/third_party/cares/cares/ares_free_string.c +25 -0
  1227. data/third_party/cares/cares/ares_getenv.c +30 -0
  1228. data/third_party/cares/cares/ares_getenv.h +26 -0
  1229. data/third_party/cares/cares/ares_gethostbyaddr.c +294 -0
  1230. data/third_party/cares/cares/ares_gethostbyname.c +518 -0
  1231. data/third_party/cares/cares/ares_getnameinfo.c +442 -0
  1232. data/third_party/cares/cares/ares_getopt.c +122 -0
  1233. data/third_party/cares/cares/ares_getopt.h +53 -0
  1234. data/third_party/cares/cares/ares_getsock.c +66 -0
  1235. data/third_party/cares/cares/ares_inet_net_pton.h +25 -0
  1236. data/third_party/cares/cares/ares_init.c +2514 -0
  1237. data/third_party/cares/cares/ares_iphlpapi.h +221 -0
  1238. data/third_party/cares/cares/ares_ipv6.h +78 -0
  1239. data/third_party/cares/cares/ares_library_init.c +177 -0
  1240. data/third_party/cares/cares/ares_library_init.h +43 -0
  1241. data/third_party/cares/cares/ares_llist.c +63 -0
  1242. data/third_party/cares/cares/ares_llist.h +39 -0
  1243. data/third_party/cares/cares/ares_mkquery.c +24 -0
  1244. data/third_party/cares/cares/ares_nowarn.c +260 -0
  1245. data/third_party/cares/cares/ares_nowarn.h +61 -0
  1246. data/third_party/cares/cares/ares_options.c +402 -0
  1247. data/third_party/cares/cares/ares_parse_a_reply.c +264 -0
  1248. data/third_party/cares/cares/ares_parse_aaaa_reply.c +264 -0
  1249. data/third_party/cares/cares/ares_parse_mx_reply.c +170 -0
  1250. data/third_party/cares/cares/ares_parse_naptr_reply.c +193 -0
  1251. data/third_party/cares/cares/ares_parse_ns_reply.c +183 -0
  1252. data/third_party/cares/cares/ares_parse_ptr_reply.c +219 -0
  1253. data/third_party/cares/cares/ares_parse_soa_reply.c +133 -0
  1254. data/third_party/cares/cares/ares_parse_srv_reply.c +179 -0
  1255. data/third_party/cares/cares/ares_parse_txt_reply.c +220 -0
  1256. data/third_party/cares/cares/ares_platform.c +11035 -0
  1257. data/third_party/cares/cares/ares_platform.h +43 -0
  1258. data/third_party/cares/cares/ares_private.h +374 -0
  1259. data/third_party/cares/cares/ares_process.c +1448 -0
  1260. data/third_party/cares/cares/ares_query.c +186 -0
  1261. data/third_party/cares/cares/ares_rules.h +125 -0
  1262. data/third_party/cares/cares/ares_search.c +316 -0
  1263. data/third_party/cares/cares/ares_send.c +131 -0
  1264. data/third_party/cares/cares/ares_setup.h +217 -0
  1265. data/third_party/cares/cares/ares_strcasecmp.c +66 -0
  1266. data/third_party/cares/cares/ares_strcasecmp.h +30 -0
  1267. data/third_party/cares/cares/ares_strdup.c +49 -0
  1268. data/third_party/cares/cares/ares_strdup.h +24 -0
  1269. data/third_party/cares/cares/ares_strerror.c +56 -0
  1270. data/third_party/cares/cares/ares_timeout.c +88 -0
  1271. data/third_party/cares/cares/ares_version.c +11 -0
  1272. data/third_party/cares/cares/ares_version.h +24 -0
  1273. data/third_party/cares/cares/ares_writev.c +79 -0
  1274. data/third_party/cares/cares/bitncmp.c +59 -0
  1275. data/third_party/cares/cares/bitncmp.h +26 -0
  1276. data/third_party/cares/cares/config-win32.h +351 -0
  1277. data/third_party/cares/cares/inet_net_pton.c +450 -0
  1278. data/third_party/cares/cares/inet_ntop.c +208 -0
  1279. data/third_party/cares/cares/setup_once.h +554 -0
  1280. data/third_party/cares/cares/windows_port.c +22 -0
  1281. data/third_party/cares/config_darwin/ares_config.h +425 -0
  1282. data/third_party/cares/config_freebsd/ares_config.h +502 -0
  1283. data/third_party/cares/config_linux/ares_config.h +458 -0
  1284. data/third_party/cares/config_openbsd/ares_config.h +502 -0
  1285. data/third_party/nanopb/pb.h +579 -0
  1286. data/third_party/nanopb/pb_common.c +97 -0
  1287. data/third_party/nanopb/pb_common.h +42 -0
  1288. data/third_party/nanopb/pb_decode.c +1347 -0
  1289. data/third_party/nanopb/pb_decode.h +149 -0
  1290. data/third_party/nanopb/pb_encode.c +696 -0
  1291. data/third_party/nanopb/pb_encode.h +154 -0
  1292. data/third_party/zlib/adler32.c +186 -0
  1293. data/third_party/zlib/compress.c +86 -0
  1294. data/third_party/zlib/crc32.c +442 -0
  1295. data/third_party/zlib/crc32.h +441 -0
  1296. data/third_party/zlib/deflate.c +2163 -0
  1297. data/third_party/zlib/deflate.h +349 -0
  1298. data/third_party/zlib/gzclose.c +25 -0
  1299. data/third_party/zlib/gzguts.h +218 -0
  1300. data/third_party/zlib/gzlib.c +637 -0
  1301. data/third_party/zlib/gzread.c +654 -0
  1302. data/third_party/zlib/gzwrite.c +665 -0
  1303. data/third_party/zlib/infback.c +640 -0
  1304. data/third_party/zlib/inffast.c +323 -0
  1305. data/third_party/zlib/inffast.h +11 -0
  1306. data/third_party/zlib/inffixed.h +94 -0
  1307. data/third_party/zlib/inflate.c +1561 -0
  1308. data/third_party/zlib/inflate.h +125 -0
  1309. data/third_party/zlib/inftrees.c +304 -0
  1310. data/third_party/zlib/inftrees.h +62 -0
  1311. data/third_party/zlib/trees.c +1203 -0
  1312. data/third_party/zlib/trees.h +128 -0
  1313. data/third_party/zlib/uncompr.c +93 -0
  1314. data/third_party/zlib/zconf.h +534 -0
  1315. data/third_party/zlib/zlib.h +1912 -0
  1316. data/third_party/zlib/zutil.c +325 -0
  1317. data/third_party/zlib/zutil.h +271 -0
  1318. metadata +1586 -0
@@ -0,0 +1,1836 @@
1
+ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2
+ * All rights reserved.
3
+ *
4
+ * This package is an SSL implementation written
5
+ * by Eric Young (eay@cryptsoft.com).
6
+ * The implementation was written so as to conform with Netscapes SSL.
7
+ *
8
+ * This library is free for commercial and non-commercial use as long as
9
+ * the following conditions are aheared to. The following conditions
10
+ * apply to all code found in this distribution, be it the RC4, RSA,
11
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12
+ * included with this distribution is covered by the same copyright terms
13
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14
+ *
15
+ * Copyright remains Eric Young's, and as such any Copyright notices in
16
+ * the code are not to be removed.
17
+ * If this package is used in a product, Eric Young should be given attribution
18
+ * as the author of the parts of the library used.
19
+ * This can be in the form of a textual message at program startup or
20
+ * in documentation (online or textual) provided with the package.
21
+ *
22
+ * Redistribution and use in source and binary forms, with or without
23
+ * modification, are permitted provided that the following conditions
24
+ * are met:
25
+ * 1. Redistributions of source code must retain the copyright
26
+ * notice, this list of conditions and the following disclaimer.
27
+ * 2. Redistributions in binary form must reproduce the above copyright
28
+ * notice, this list of conditions and the following disclaimer in the
29
+ * documentation and/or other materials provided with the distribution.
30
+ * 3. All advertising materials mentioning features or use of this software
31
+ * must display the following acknowledgement:
32
+ * "This product includes cryptographic software written by
33
+ * Eric Young (eay@cryptsoft.com)"
34
+ * The word 'cryptographic' can be left out if the rouines from the library
35
+ * being used are not cryptographic related :-).
36
+ * 4. If you include any Windows specific code (or a derivative thereof) from
37
+ * the apps directory (application code) you must include an acknowledgement:
38
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39
+ *
40
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50
+ * SUCH DAMAGE.
51
+ *
52
+ * The licence and distribution terms for any publically available version or
53
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
54
+ * copied and put under another distribution licence
55
+ * [including the GNU Public Licence.]
56
+ */
57
+ /* ====================================================================
58
+ * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
59
+ *
60
+ * Redistribution and use in source and binary forms, with or without
61
+ * modification, are permitted provided that the following conditions
62
+ * are met:
63
+ *
64
+ * 1. Redistributions of source code must retain the above copyright
65
+ * notice, this list of conditions and the following disclaimer.
66
+ *
67
+ * 2. Redistributions in binary form must reproduce the above copyright
68
+ * notice, this list of conditions and the following disclaimer in
69
+ * the documentation and/or other materials provided with the
70
+ * distribution.
71
+ *
72
+ * 3. All advertising materials mentioning features or use of this
73
+ * software must display the following acknowledgment:
74
+ * "This product includes software developed by the OpenSSL Project
75
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
76
+ *
77
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
78
+ * endorse or promote products derived from this software without
79
+ * prior written permission. For written permission, please contact
80
+ * openssl-core@openssl.org.
81
+ *
82
+ * 5. Products derived from this software may not be called "OpenSSL"
83
+ * nor may "OpenSSL" appear in their names without prior written
84
+ * permission of the OpenSSL Project.
85
+ *
86
+ * 6. Redistributions of any form whatsoever must retain the following
87
+ * acknowledgment:
88
+ * "This product includes software developed by the OpenSSL Project
89
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
90
+ *
91
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
92
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
93
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
94
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
95
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
96
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
97
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
98
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
99
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
100
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
101
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
102
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
103
+ * ====================================================================
104
+ *
105
+ * This product includes cryptographic software written by Eric Young
106
+ * (eay@cryptsoft.com). This product includes software written by Tim
107
+ * Hudson (tjh@cryptsoft.com).
108
+ *
109
+ */
110
+ /* ====================================================================
111
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
112
+ *
113
+ * Portions of the attached software ("Contribution") are developed by
114
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
115
+ *
116
+ * The Contribution is licensed pursuant to the OpenSSL open source
117
+ * license provided above.
118
+ *
119
+ * ECC cipher suite support in OpenSSL originally written by
120
+ * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
121
+ *
122
+ */
123
+ /* ====================================================================
124
+ * Copyright 2005 Nokia. All rights reserved.
125
+ *
126
+ * The portions of the attached software ("Contribution") is developed by
127
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
128
+ * license.
129
+ *
130
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
131
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
132
+ * support (see RFC 4279) to OpenSSL.
133
+ *
134
+ * No patent licenses or other rights except those expressly stated in
135
+ * the OpenSSL open source license shall be deemed granted or received
136
+ * expressly, by implication, estoppel, or otherwise.
137
+ *
138
+ * No assurances are provided by Nokia that the Contribution does not
139
+ * infringe the patent or other intellectual property rights of any third
140
+ * party or that the license provides you with all the necessary rights
141
+ * to make use of the Contribution.
142
+ *
143
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
144
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
145
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
146
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
147
+ * OTHERWISE.
148
+ */
149
+
150
+ #include <openssl/ssl.h>
151
+
152
+ #include <assert.h>
153
+ #include <limits.h>
154
+ #include <string.h>
155
+
156
+ #include <utility>
157
+
158
+ #include <openssl/aead.h>
159
+ #include <openssl/bn.h>
160
+ #include <openssl/buf.h>
161
+ #include <openssl/bytestring.h>
162
+ #include <openssl/ec_key.h>
163
+ #include <openssl/ecdsa.h>
164
+ #include <openssl/err.h>
165
+ #include <openssl/evp.h>
166
+ #include <openssl/md5.h>
167
+ #include <openssl/mem.h>
168
+ #include <openssl/rand.h>
169
+
170
+ #include "../crypto/internal.h"
171
+ #include "internal.h"
172
+
173
+
174
+ namespace bssl {
175
+
176
+ enum ssl_client_hs_state_t {
177
+ state_start_connect = 0,
178
+ state_enter_early_data,
179
+ state_read_hello_verify_request,
180
+ state_read_server_hello,
181
+ state_tls13,
182
+ state_read_server_certificate,
183
+ state_read_certificate_status,
184
+ state_verify_server_certificate,
185
+ state_read_server_key_exchange,
186
+ state_read_certificate_request,
187
+ state_read_server_hello_done,
188
+ state_send_client_certificate,
189
+ state_send_client_key_exchange,
190
+ state_send_client_certificate_verify,
191
+ state_send_client_finished,
192
+ state_finish_flight,
193
+ state_read_session_ticket,
194
+ state_process_change_cipher_spec,
195
+ state_read_server_finished,
196
+ state_finish_client_handshake,
197
+ state_done,
198
+ };
199
+
200
+ // ssl_get_client_disabled sets |*out_mask_a| and |*out_mask_k| to masks of
201
+ // disabled algorithms.
202
+ static void ssl_get_client_disabled(SSL *ssl, uint32_t *out_mask_a,
203
+ uint32_t *out_mask_k) {
204
+ *out_mask_a = 0;
205
+ *out_mask_k = 0;
206
+
207
+ // PSK requires a client callback.
208
+ if (ssl->psk_client_callback == NULL) {
209
+ *out_mask_a |= SSL_aPSK;
210
+ *out_mask_k |= SSL_kPSK;
211
+ }
212
+ }
213
+
214
+ static int ssl_write_client_cipher_list(SSL_HANDSHAKE *hs, CBB *out) {
215
+ SSL *const ssl = hs->ssl;
216
+ uint32_t mask_a, mask_k;
217
+ ssl_get_client_disabled(ssl, &mask_a, &mask_k);
218
+
219
+ CBB child;
220
+ if (!CBB_add_u16_length_prefixed(out, &child)) {
221
+ return 0;
222
+ }
223
+
224
+ // Add a fake cipher suite. See draft-davidben-tls-grease-01.
225
+ if (ssl->ctx->grease_enabled &&
226
+ !CBB_add_u16(&child, ssl_get_grease_value(ssl, ssl_grease_cipher))) {
227
+ return 0;
228
+ }
229
+
230
+ // Add TLS 1.3 ciphers. Order ChaCha20-Poly1305 relative to AES-GCM based on
231
+ // hardware support.
232
+ if (hs->max_version >= TLS1_3_VERSION) {
233
+ if (!EVP_has_aes_hardware() &&
234
+ !CBB_add_u16(&child, TLS1_CK_CHACHA20_POLY1305_SHA256 & 0xffff)) {
235
+ return 0;
236
+ }
237
+ if (!CBB_add_u16(&child, TLS1_CK_AES_128_GCM_SHA256 & 0xffff) ||
238
+ !CBB_add_u16(&child, TLS1_CK_AES_256_GCM_SHA384 & 0xffff)) {
239
+ return 0;
240
+ }
241
+ if (EVP_has_aes_hardware() &&
242
+ !CBB_add_u16(&child, TLS1_CK_CHACHA20_POLY1305_SHA256 & 0xffff)) {
243
+ return 0;
244
+ }
245
+ }
246
+
247
+ if (hs->min_version < TLS1_3_VERSION) {
248
+ int any_enabled = 0;
249
+ for (const SSL_CIPHER *cipher : SSL_get_ciphers(ssl)) {
250
+ // Skip disabled ciphers
251
+ if ((cipher->algorithm_mkey & mask_k) ||
252
+ (cipher->algorithm_auth & mask_a)) {
253
+ continue;
254
+ }
255
+ if (SSL_CIPHER_get_min_version(cipher) > hs->max_version ||
256
+ SSL_CIPHER_get_max_version(cipher) < hs->min_version) {
257
+ continue;
258
+ }
259
+ any_enabled = 1;
260
+ if (!CBB_add_u16(&child, ssl_cipher_get_value(cipher))) {
261
+ return 0;
262
+ }
263
+ }
264
+
265
+ // If all ciphers were disabled, return the error to the caller.
266
+ if (!any_enabled && hs->max_version < TLS1_3_VERSION) {
267
+ OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CIPHERS_AVAILABLE);
268
+ return 0;
269
+ }
270
+ }
271
+
272
+ // For SSLv3, the SCSV is added. Otherwise the renegotiation extension is
273
+ // added.
274
+ if (hs->max_version == SSL3_VERSION &&
275
+ !ssl->s3->initial_handshake_complete) {
276
+ if (!CBB_add_u16(&child, SSL3_CK_SCSV & 0xffff)) {
277
+ return 0;
278
+ }
279
+ }
280
+
281
+ if (ssl->mode & SSL_MODE_SEND_FALLBACK_SCSV) {
282
+ if (!CBB_add_u16(&child, SSL3_CK_FALLBACK_SCSV & 0xffff)) {
283
+ return 0;
284
+ }
285
+ }
286
+
287
+ return CBB_flush(out);
288
+ }
289
+
290
+ int ssl_write_client_hello(SSL_HANDSHAKE *hs) {
291
+ SSL *const ssl = hs->ssl;
292
+ ScopedCBB cbb;
293
+ CBB body;
294
+ if (!ssl->method->init_message(ssl, cbb.get(), &body, SSL3_MT_CLIENT_HELLO)) {
295
+ return 0;
296
+ }
297
+
298
+ // Renegotiations do not participate in session resumption.
299
+ int has_session_id = ssl->session != NULL &&
300
+ !ssl->s3->initial_handshake_complete &&
301
+ ssl->session->session_id_length > 0;
302
+
303
+ CBB child;
304
+ if (!CBB_add_u16(&body, hs->client_version) ||
305
+ !CBB_add_bytes(&body, ssl->s3->client_random, SSL3_RANDOM_SIZE) ||
306
+ !CBB_add_u8_length_prefixed(&body, &child)) {
307
+ return 0;
308
+ }
309
+
310
+ if (has_session_id) {
311
+ if (!CBB_add_bytes(&child, ssl->session->session_id,
312
+ ssl->session->session_id_length)) {
313
+ return 0;
314
+ }
315
+ } else {
316
+ // In TLS 1.3 experimental encodings, send a fake placeholder session ID
317
+ // when we do not otherwise have one to send.
318
+ if (hs->max_version >= TLS1_3_VERSION &&
319
+ ssl_is_resumption_variant(ssl->tls13_variant) &&
320
+ !CBB_add_bytes(&child, hs->session_id, hs->session_id_len)) {
321
+ return 0;
322
+ }
323
+ }
324
+
325
+ if (SSL_is_dtls(ssl)) {
326
+ if (!CBB_add_u8_length_prefixed(&body, &child) ||
327
+ !CBB_add_bytes(&child, ssl->d1->cookie, ssl->d1->cookie_len)) {
328
+ return 0;
329
+ }
330
+ }
331
+
332
+ size_t header_len =
333
+ SSL_is_dtls(ssl) ? DTLS1_HM_HEADER_LENGTH : SSL3_HM_HEADER_LENGTH;
334
+ if (!ssl_write_client_cipher_list(hs, &body) ||
335
+ !CBB_add_u8(&body, 1 /* one compression method */) ||
336
+ !CBB_add_u8(&body, 0 /* null compression */) ||
337
+ !ssl_add_clienthello_tlsext(hs, &body, header_len + CBB_len(&body))) {
338
+ return 0;
339
+ }
340
+
341
+ Array<uint8_t> msg;
342
+ if (!ssl->method->finish_message(ssl, cbb.get(), &msg)) {
343
+ return 0;
344
+ }
345
+
346
+ // Now that the length prefixes have been computed, fill in the placeholder
347
+ // PSK binder.
348
+ if (hs->needs_psk_binder &&
349
+ !tls13_write_psk_binder(hs, msg.data(), msg.size())) {
350
+ return 0;
351
+ }
352
+
353
+ return ssl->method->add_message(ssl, std::move(msg));
354
+ }
355
+
356
+ static int parse_server_version(SSL_HANDSHAKE *hs, uint16_t *out,
357
+ const SSLMessage &msg) {
358
+ SSL *const ssl = hs->ssl;
359
+ if (msg.type != SSL3_MT_SERVER_HELLO &&
360
+ msg.type != SSL3_MT_HELLO_RETRY_REQUEST) {
361
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
362
+ OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_MESSAGE);
363
+ return 0;
364
+ }
365
+
366
+ CBS server_hello = msg.body;
367
+ if (!CBS_get_u16(&server_hello, out)) {
368
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
369
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
370
+ return 0;
371
+ }
372
+
373
+ // The server version may also be in the supported_versions extension if
374
+ // applicable.
375
+ if (msg.type != SSL3_MT_SERVER_HELLO || *out != TLS1_2_VERSION) {
376
+ return 1;
377
+ }
378
+
379
+ uint8_t sid_length;
380
+ if (!CBS_skip(&server_hello, SSL3_RANDOM_SIZE) ||
381
+ !CBS_get_u8(&server_hello, &sid_length) ||
382
+ !CBS_skip(&server_hello, sid_length + 2 /* cipher_suite */ +
383
+ 1 /* compression_method */)) {
384
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
385
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
386
+ return 0;
387
+ }
388
+
389
+ // The extensions block may not be present.
390
+ if (CBS_len(&server_hello) == 0) {
391
+ return 1;
392
+ }
393
+
394
+ CBS extensions;
395
+ if (!CBS_get_u16_length_prefixed(&server_hello, &extensions) ||
396
+ CBS_len(&server_hello) != 0) {
397
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
398
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
399
+ return 0;
400
+ }
401
+
402
+ bool have_supported_versions;
403
+ CBS supported_versions;
404
+ const SSL_EXTENSION_TYPE ext_types[] = {
405
+ {TLSEXT_TYPE_supported_versions, &have_supported_versions,
406
+ &supported_versions},
407
+ };
408
+
409
+ uint8_t alert = SSL_AD_DECODE_ERROR;
410
+ if (!ssl_parse_extensions(&extensions, &alert, ext_types,
411
+ OPENSSL_ARRAY_SIZE(ext_types),
412
+ 1 /* ignore unknown */)) {
413
+ ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
414
+ return 0;
415
+ }
416
+
417
+ if (have_supported_versions &&
418
+ (!CBS_get_u16(&supported_versions, out) ||
419
+ CBS_len(&supported_versions) != 0)) {
420
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
421
+ return 0;
422
+ }
423
+
424
+ return 1;
425
+ }
426
+
427
+ static enum ssl_hs_wait_t do_start_connect(SSL_HANDSHAKE *hs) {
428
+ SSL *const ssl = hs->ssl;
429
+
430
+ ssl_do_info_callback(ssl, SSL_CB_HANDSHAKE_START, 1);
431
+ // |session_reused| must be reset in case this is a renegotiation.
432
+ ssl->s3->session_reused = false;
433
+
434
+ // Freeze the version range.
435
+ if (!ssl_get_version_range(ssl, &hs->min_version, &hs->max_version)) {
436
+ return ssl_hs_error;
437
+ }
438
+
439
+ // SSL 3.0 ClientHellos should use SSL 3.0 not TLS 1.0, for the record-layer
440
+ // version.
441
+ if (hs->max_version == SSL3_VERSION) {
442
+ ssl->s3->aead_write_ctx->SetVersionIfNullCipher(SSL3_VERSION);
443
+ }
444
+
445
+ // Always advertise the ClientHello version from the original maximum version,
446
+ // even on renegotiation. The static RSA key exchange uses this field, and
447
+ // some servers fail when it changes across handshakes.
448
+ if (SSL_is_dtls(hs->ssl)) {
449
+ hs->client_version =
450
+ hs->max_version >= TLS1_2_VERSION ? DTLS1_2_VERSION : DTLS1_VERSION;
451
+ } else {
452
+ hs->client_version =
453
+ hs->max_version >= TLS1_2_VERSION ? TLS1_2_VERSION : hs->max_version;
454
+ }
455
+
456
+ // If the configured session has expired or was created at a disabled
457
+ // version, drop it.
458
+ if (ssl->session != NULL) {
459
+ if (ssl->session->is_server ||
460
+ !ssl_supports_version(hs, ssl->session->ssl_version) ||
461
+ (ssl->session->session_id_length == 0 &&
462
+ ssl->session->tlsext_ticklen == 0) ||
463
+ ssl->session->not_resumable ||
464
+ !ssl_session_is_time_valid(ssl, ssl->session)) {
465
+ ssl_set_session(ssl, NULL);
466
+ }
467
+ }
468
+
469
+ if (!RAND_bytes(ssl->s3->client_random, sizeof(ssl->s3->client_random))) {
470
+ return ssl_hs_error;
471
+ }
472
+
473
+ // Initialize a random session ID for the experimental TLS 1.3 variant
474
+ // requiring a session id.
475
+ if (ssl_is_resumption_variant(ssl->tls13_variant)) {
476
+ hs->session_id_len = sizeof(hs->session_id);
477
+ if (!RAND_bytes(hs->session_id, hs->session_id_len)) {
478
+ return ssl_hs_error;
479
+ }
480
+ }
481
+
482
+ if (!ssl_write_client_hello(hs)) {
483
+ return ssl_hs_error;
484
+ }
485
+
486
+ hs->state = state_enter_early_data;
487
+ return ssl_hs_flush;
488
+ }
489
+
490
+ static enum ssl_hs_wait_t do_enter_early_data(SSL_HANDSHAKE *hs) {
491
+ SSL *const ssl = hs->ssl;
492
+
493
+ if (SSL_is_dtls(ssl)) {
494
+ hs->state = state_read_hello_verify_request;
495
+ return ssl_hs_ok;
496
+ }
497
+
498
+ if (!hs->early_data_offered) {
499
+ hs->state = state_read_server_hello;
500
+ return ssl_hs_ok;
501
+ }
502
+
503
+ ssl->s3->aead_write_ctx->SetVersionIfNullCipher(ssl->session->ssl_version);
504
+ if (ssl_is_draft22(ssl->session->ssl_version) &&
505
+ !ssl->method->add_change_cipher_spec(ssl)) {
506
+ return ssl_hs_error;
507
+ }
508
+
509
+ if (!tls13_init_early_key_schedule(hs, ssl->session->master_key,
510
+ ssl->session->master_key_length) ||
511
+ !tls13_derive_early_secrets(hs) ||
512
+ !tls13_set_traffic_key(ssl, evp_aead_seal, hs->early_traffic_secret,
513
+ hs->hash_len)) {
514
+ return ssl_hs_error;
515
+ }
516
+
517
+ // Stash the early data session, so connection properties may be queried out
518
+ // of it.
519
+ hs->in_early_data = true;
520
+ SSL_SESSION_up_ref(ssl->session);
521
+ hs->early_session.reset(ssl->session);
522
+ hs->can_early_write = true;
523
+
524
+ hs->state = state_read_server_hello;
525
+ return ssl_hs_early_return;
526
+ }
527
+
528
+ static enum ssl_hs_wait_t do_read_hello_verify_request(SSL_HANDSHAKE *hs) {
529
+ SSL *const ssl = hs->ssl;
530
+
531
+ assert(SSL_is_dtls(ssl));
532
+
533
+ SSLMessage msg;
534
+ if (!ssl->method->get_message(ssl, &msg)) {
535
+ return ssl_hs_read_message;
536
+ }
537
+
538
+ if (msg.type != DTLS1_MT_HELLO_VERIFY_REQUEST) {
539
+ hs->state = state_read_server_hello;
540
+ return ssl_hs_ok;
541
+ }
542
+
543
+ CBS hello_verify_request = msg.body, cookie;
544
+ uint16_t server_version;
545
+ if (!CBS_get_u16(&hello_verify_request, &server_version) ||
546
+ !CBS_get_u8_length_prefixed(&hello_verify_request, &cookie) ||
547
+ CBS_len(&cookie) > sizeof(ssl->d1->cookie) ||
548
+ CBS_len(&hello_verify_request) != 0) {
549
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
550
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
551
+ return ssl_hs_error;
552
+ }
553
+
554
+ OPENSSL_memcpy(ssl->d1->cookie, CBS_data(&cookie), CBS_len(&cookie));
555
+ ssl->d1->cookie_len = CBS_len(&cookie);
556
+
557
+ ssl->method->next_message(ssl);
558
+
559
+ // DTLS resets the handshake buffer after HelloVerifyRequest.
560
+ if (!hs->transcript.Init()) {
561
+ return ssl_hs_error;
562
+ }
563
+
564
+ if (!ssl_write_client_hello(hs)) {
565
+ return ssl_hs_error;
566
+ }
567
+
568
+ hs->state = state_read_server_hello;
569
+ return ssl_hs_flush;
570
+ }
571
+
572
+ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
573
+ SSL *const ssl = hs->ssl;
574
+ SSLMessage msg;
575
+ if (!ssl->method->get_message(ssl, &msg)) {
576
+ return ssl_hs_read_server_hello;
577
+ }
578
+
579
+ uint16_t server_version;
580
+ if (!parse_server_version(hs, &server_version, msg)) {
581
+ return ssl_hs_error;
582
+ }
583
+
584
+ if (!ssl_supports_version(hs, server_version)) {
585
+ OPENSSL_PUT_ERROR(SSL, SSL_R_UNSUPPORTED_PROTOCOL);
586
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_PROTOCOL_VERSION);
587
+ return ssl_hs_error;
588
+ }
589
+
590
+ assert(ssl->s3->have_version == ssl->s3->initial_handshake_complete);
591
+ if (!ssl->s3->have_version) {
592
+ ssl->version = server_version;
593
+ // At this point, the connection's version is known and ssl->version is
594
+ // fixed. Begin enforcing the record-layer version.
595
+ ssl->s3->have_version = true;
596
+ ssl->s3->aead_write_ctx->SetVersionIfNullCipher(ssl->version);
597
+ } else if (server_version != ssl->version) {
598
+ OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_SSL_VERSION);
599
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_PROTOCOL_VERSION);
600
+ return ssl_hs_error;
601
+ }
602
+
603
+ if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
604
+ hs->state = state_tls13;
605
+ return ssl_hs_ok;
606
+ }
607
+
608
+ // Clear some TLS 1.3 state that no longer needs to be retained.
609
+ hs->key_share.reset();
610
+ hs->key_share_bytes.Reset();
611
+
612
+ // A TLS 1.2 server would not know to skip the early data we offered. Report
613
+ // an error code sooner. The caller may use this error code to implement the
614
+ // fallback described in draft-ietf-tls-tls13-18 appendix C.3.
615
+ if (hs->early_data_offered) {
616
+ OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_VERSION_ON_EARLY_DATA);
617
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_PROTOCOL_VERSION);
618
+ return ssl_hs_error;
619
+ }
620
+
621
+ if (!ssl_check_message_type(ssl, msg, SSL3_MT_SERVER_HELLO)) {
622
+ return ssl_hs_error;
623
+ }
624
+
625
+ CBS server_hello = msg.body, server_random, session_id;
626
+ uint16_t cipher_suite;
627
+ uint8_t compression_method;
628
+ if (!CBS_skip(&server_hello, 2 /* version */) ||
629
+ !CBS_get_bytes(&server_hello, &server_random, SSL3_RANDOM_SIZE) ||
630
+ !CBS_get_u8_length_prefixed(&server_hello, &session_id) ||
631
+ CBS_len(&session_id) > SSL3_SESSION_ID_SIZE ||
632
+ !CBS_get_u16(&server_hello, &cipher_suite) ||
633
+ !CBS_get_u8(&server_hello, &compression_method)) {
634
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
635
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
636
+ return ssl_hs_error;
637
+ }
638
+
639
+ // Copy over the server random.
640
+ OPENSSL_memcpy(ssl->s3->server_random, CBS_data(&server_random),
641
+ SSL3_RANDOM_SIZE);
642
+
643
+ // TODO(davidben): Implement the TLS 1.1 and 1.2 downgrade sentinels once TLS
644
+ // 1.3 is finalized and we are not implementing a draft version.
645
+
646
+ if (!ssl->s3->initial_handshake_complete && ssl->session != NULL &&
647
+ ssl->session->session_id_length != 0 &&
648
+ CBS_mem_equal(&session_id, ssl->session->session_id,
649
+ ssl->session->session_id_length)) {
650
+ ssl->s3->session_reused = true;
651
+ } else {
652
+ // The session wasn't resumed. Create a fresh SSL_SESSION to
653
+ // fill out.
654
+ ssl_set_session(ssl, NULL);
655
+ if (!ssl_get_new_session(hs, 0 /* client */)) {
656
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
657
+ return ssl_hs_error;
658
+ }
659
+ // Note: session_id could be empty.
660
+ hs->new_session->session_id_length = CBS_len(&session_id);
661
+ OPENSSL_memcpy(hs->new_session->session_id, CBS_data(&session_id),
662
+ CBS_len(&session_id));
663
+ }
664
+
665
+ const SSL_CIPHER *cipher = SSL_get_cipher_by_value(cipher_suite);
666
+ if (cipher == NULL) {
667
+ // unknown cipher
668
+ OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_CIPHER_RETURNED);
669
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
670
+ return ssl_hs_error;
671
+ }
672
+
673
+ // The cipher must be allowed in the selected version and enabled.
674
+ uint32_t mask_a, mask_k;
675
+ ssl_get_client_disabled(ssl, &mask_a, &mask_k);
676
+ if ((cipher->algorithm_mkey & mask_k) || (cipher->algorithm_auth & mask_a) ||
677
+ SSL_CIPHER_get_min_version(cipher) > ssl_protocol_version(ssl) ||
678
+ SSL_CIPHER_get_max_version(cipher) < ssl_protocol_version(ssl) ||
679
+ !sk_SSL_CIPHER_find(SSL_get_ciphers(ssl), NULL, cipher)) {
680
+ OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CIPHER_RETURNED);
681
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
682
+ return ssl_hs_error;
683
+ }
684
+
685
+ if (ssl->session != NULL) {
686
+ if (ssl->session->ssl_version != ssl->version) {
687
+ OPENSSL_PUT_ERROR(SSL, SSL_R_OLD_SESSION_VERSION_NOT_RETURNED);
688
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
689
+ return ssl_hs_error;
690
+ }
691
+ if (ssl->session->cipher != cipher) {
692
+ OPENSSL_PUT_ERROR(SSL, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
693
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
694
+ return ssl_hs_error;
695
+ }
696
+ if (!ssl_session_is_context_valid(ssl, ssl->session)) {
697
+ // This is actually a client application bug.
698
+ OPENSSL_PUT_ERROR(SSL,
699
+ SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
700
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
701
+ return ssl_hs_error;
702
+ }
703
+ } else {
704
+ hs->new_session->cipher = cipher;
705
+ }
706
+ hs->new_cipher = cipher;
707
+
708
+ // Now that the cipher is known, initialize the handshake hash and hash the
709
+ // ServerHello.
710
+ if (!hs->transcript.InitHash(ssl_protocol_version(ssl), hs->new_cipher) ||
711
+ !ssl_hash_message(hs, msg)) {
712
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
713
+ return ssl_hs_error;
714
+ }
715
+
716
+ // If doing a full handshake, the server may request a client certificate
717
+ // which requires hashing the handshake transcript. Otherwise, the handshake
718
+ // buffer may be released.
719
+ if (ssl->session != NULL ||
720
+ !ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
721
+ hs->transcript.FreeBuffer();
722
+ }
723
+
724
+ // Only the NULL compression algorithm is supported.
725
+ if (compression_method != 0) {
726
+ OPENSSL_PUT_ERROR(SSL, SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
727
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
728
+ return ssl_hs_error;
729
+ }
730
+
731
+ // TLS extensions
732
+ if (!ssl_parse_serverhello_tlsext(hs, &server_hello)) {
733
+ OPENSSL_PUT_ERROR(SSL, SSL_R_PARSE_TLSEXT);
734
+ return ssl_hs_error;
735
+ }
736
+
737
+ // There should be nothing left over in the record.
738
+ if (CBS_len(&server_hello) != 0) {
739
+ // wrong packet length
740
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
741
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
742
+ return ssl_hs_error;
743
+ }
744
+
745
+ if (ssl->session != NULL &&
746
+ hs->extended_master_secret != ssl->session->extended_master_secret) {
747
+ if (ssl->session->extended_master_secret) {
748
+ OPENSSL_PUT_ERROR(SSL, SSL_R_RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION);
749
+ } else {
750
+ OPENSSL_PUT_ERROR(SSL, SSL_R_RESUMED_NON_EMS_SESSION_WITH_EMS_EXTENSION);
751
+ }
752
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
753
+ return ssl_hs_error;
754
+ }
755
+
756
+ ssl->method->next_message(ssl);
757
+
758
+ if (ssl->session != NULL) {
759
+ hs->state = state_read_session_ticket;
760
+ return ssl_hs_ok;
761
+ }
762
+
763
+ hs->state = state_read_server_certificate;
764
+ return ssl_hs_ok;
765
+ }
766
+
767
+ static enum ssl_hs_wait_t do_tls13(SSL_HANDSHAKE *hs) {
768
+ enum ssl_hs_wait_t wait = tls13_client_handshake(hs);
769
+ if (wait == ssl_hs_ok) {
770
+ hs->state = state_finish_client_handshake;
771
+ return ssl_hs_ok;
772
+ }
773
+
774
+ return wait;
775
+ }
776
+
777
+ static enum ssl_hs_wait_t do_read_server_certificate(SSL_HANDSHAKE *hs) {
778
+ SSL *const ssl = hs->ssl;
779
+
780
+ if (!ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
781
+ hs->state = state_read_certificate_status;
782
+ return ssl_hs_ok;
783
+ }
784
+
785
+ SSLMessage msg;
786
+ if (!ssl->method->get_message(ssl, &msg)) {
787
+ return ssl_hs_read_message;
788
+ }
789
+
790
+ if (!ssl_check_message_type(ssl, msg, SSL3_MT_CERTIFICATE) ||
791
+ !ssl_hash_message(hs, msg)) {
792
+ return ssl_hs_error;
793
+ }
794
+
795
+ CBS body = msg.body;
796
+ uint8_t alert = SSL_AD_DECODE_ERROR;
797
+ UniquePtr<STACK_OF(CRYPTO_BUFFER)> chain;
798
+ if (!ssl_parse_cert_chain(&alert, &chain, &hs->peer_pubkey, NULL, &body,
799
+ ssl->ctx->pool)) {
800
+ ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
801
+ return ssl_hs_error;
802
+ }
803
+ sk_CRYPTO_BUFFER_pop_free(hs->new_session->certs, CRYPTO_BUFFER_free);
804
+ hs->new_session->certs = chain.release();
805
+
806
+ if (sk_CRYPTO_BUFFER_num(hs->new_session->certs) == 0 ||
807
+ CBS_len(&body) != 0 ||
808
+ !ssl->ctx->x509_method->session_cache_objects(hs->new_session.get())) {
809
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
810
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
811
+ return ssl_hs_error;
812
+ }
813
+
814
+ if (!ssl_check_leaf_certificate(
815
+ hs, hs->peer_pubkey.get(),
816
+ sk_CRYPTO_BUFFER_value(hs->new_session->certs, 0))) {
817
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
818
+ return ssl_hs_error;
819
+ }
820
+
821
+ ssl->method->next_message(ssl);
822
+
823
+ hs->state = state_read_certificate_status;
824
+ return ssl_hs_ok;
825
+ }
826
+
827
+ static enum ssl_hs_wait_t do_read_certificate_status(SSL_HANDSHAKE *hs) {
828
+ SSL *const ssl = hs->ssl;
829
+
830
+ if (!hs->certificate_status_expected) {
831
+ hs->state = state_verify_server_certificate;
832
+ return ssl_hs_ok;
833
+ }
834
+
835
+ SSLMessage msg;
836
+ if (!ssl->method->get_message(ssl, &msg)) {
837
+ return ssl_hs_read_message;
838
+ }
839
+
840
+ if (msg.type != SSL3_MT_CERTIFICATE_STATUS) {
841
+ // A server may send status_request in ServerHello and then change its mind
842
+ // about sending CertificateStatus.
843
+ hs->state = state_verify_server_certificate;
844
+ return ssl_hs_ok;
845
+ }
846
+
847
+ if (!ssl_hash_message(hs, msg)) {
848
+ return ssl_hs_error;
849
+ }
850
+
851
+ CBS certificate_status = msg.body, ocsp_response;
852
+ uint8_t status_type;
853
+ if (!CBS_get_u8(&certificate_status, &status_type) ||
854
+ status_type != TLSEXT_STATUSTYPE_ocsp ||
855
+ !CBS_get_u24_length_prefixed(&certificate_status, &ocsp_response) ||
856
+ CBS_len(&ocsp_response) == 0 ||
857
+ CBS_len(&certificate_status) != 0) {
858
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
859
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
860
+ return ssl_hs_error;
861
+ }
862
+
863
+ CRYPTO_BUFFER_free(hs->new_session->ocsp_response);
864
+ hs->new_session->ocsp_response =
865
+ CRYPTO_BUFFER_new_from_CBS(&ocsp_response, ssl->ctx->pool);
866
+ if (hs->new_session->ocsp_response == nullptr) {
867
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
868
+ return ssl_hs_error;
869
+ }
870
+
871
+ ssl->method->next_message(ssl);
872
+
873
+ hs->state = state_verify_server_certificate;
874
+ return ssl_hs_ok;
875
+ }
876
+
877
+ static enum ssl_hs_wait_t do_verify_server_certificate(SSL_HANDSHAKE *hs) {
878
+ if (!ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
879
+ hs->state = state_read_server_key_exchange;
880
+ return ssl_hs_ok;
881
+ }
882
+
883
+ switch (ssl_verify_peer_cert(hs)) {
884
+ case ssl_verify_ok:
885
+ break;
886
+ case ssl_verify_invalid:
887
+ return ssl_hs_error;
888
+ case ssl_verify_retry:
889
+ hs->state = state_verify_server_certificate;
890
+ return ssl_hs_certificate_verify;
891
+ }
892
+
893
+ hs->state = state_read_server_key_exchange;
894
+ return ssl_hs_ok;
895
+ }
896
+
897
+ static enum ssl_hs_wait_t do_read_server_key_exchange(SSL_HANDSHAKE *hs) {
898
+ SSL *const ssl = hs->ssl;
899
+ SSLMessage msg;
900
+ if (!ssl->method->get_message(ssl, &msg)) {
901
+ return ssl_hs_read_message;
902
+ }
903
+
904
+ if (msg.type != SSL3_MT_SERVER_KEY_EXCHANGE) {
905
+ // Some ciphers (pure PSK) have an optional ServerKeyExchange message.
906
+ if (ssl_cipher_requires_server_key_exchange(hs->new_cipher)) {
907
+ OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_MESSAGE);
908
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
909
+ return ssl_hs_error;
910
+ }
911
+
912
+ hs->state = state_read_certificate_request;
913
+ return ssl_hs_ok;
914
+ }
915
+
916
+ if (!ssl_hash_message(hs, msg)) {
917
+ return ssl_hs_error;
918
+ }
919
+
920
+ uint32_t alg_k = hs->new_cipher->algorithm_mkey;
921
+ uint32_t alg_a = hs->new_cipher->algorithm_auth;
922
+ CBS server_key_exchange = msg.body;
923
+ if (alg_a & SSL_aPSK) {
924
+ CBS psk_identity_hint;
925
+
926
+ // Each of the PSK key exchanges begins with a psk_identity_hint.
927
+ if (!CBS_get_u16_length_prefixed(&server_key_exchange,
928
+ &psk_identity_hint)) {
929
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
930
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
931
+ return ssl_hs_error;
932
+ }
933
+
934
+ // Store the PSK identity hint for the ClientKeyExchange. Assume that the
935
+ // maximum length of a PSK identity hint can be as long as the maximum
936
+ // length of a PSK identity. Also do not allow NULL characters; identities
937
+ // are saved as C strings.
938
+ //
939
+ // TODO(davidben): Should invalid hints be ignored? It's a hint rather than
940
+ // a specific identity.
941
+ if (CBS_len(&psk_identity_hint) > PSK_MAX_IDENTITY_LEN ||
942
+ CBS_contains_zero_byte(&psk_identity_hint)) {
943
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DATA_LENGTH_TOO_LONG);
944
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
945
+ return ssl_hs_error;
946
+ }
947
+
948
+ // Save non-empty identity hints as a C string. Empty identity hints we
949
+ // treat as missing. Plain PSK makes it possible to send either no hint
950
+ // (omit ServerKeyExchange) or an empty hint, while ECDHE_PSK can only spell
951
+ // empty hint. Having different capabilities is odd, so we interpret empty
952
+ // and missing as identical.
953
+ char *raw = nullptr;
954
+ if (CBS_len(&psk_identity_hint) != 0 &&
955
+ !CBS_strdup(&psk_identity_hint, &raw)) {
956
+ OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
957
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
958
+ return ssl_hs_error;
959
+ }
960
+ hs->peer_psk_identity_hint.reset(raw);
961
+ }
962
+
963
+ if (alg_k & SSL_kECDHE) {
964
+ // Parse the server parameters.
965
+ uint8_t group_type;
966
+ uint16_t group_id;
967
+ CBS point;
968
+ if (!CBS_get_u8(&server_key_exchange, &group_type) ||
969
+ group_type != NAMED_CURVE_TYPE ||
970
+ !CBS_get_u16(&server_key_exchange, &group_id) ||
971
+ !CBS_get_u8_length_prefixed(&server_key_exchange, &point)) {
972
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
973
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
974
+ return ssl_hs_error;
975
+ }
976
+ hs->new_session->group_id = group_id;
977
+
978
+ // Ensure the group is consistent with preferences.
979
+ if (!tls1_check_group_id(ssl, group_id)) {
980
+ OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CURVE);
981
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
982
+ return ssl_hs_error;
983
+ }
984
+
985
+ // Initialize ECDH and save the peer public key for later.
986
+ hs->key_share = SSLKeyShare::Create(group_id);
987
+ if (!hs->key_share ||
988
+ !hs->peer_key.CopyFrom(point)) {
989
+ return ssl_hs_error;
990
+ }
991
+ } else if (!(alg_k & SSL_kPSK)) {
992
+ OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_MESSAGE);
993
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
994
+ return ssl_hs_error;
995
+ }
996
+
997
+ // At this point, |server_key_exchange| contains the signature, if any, while
998
+ // |msg.body| contains the entire message. From that, derive a CBS containing
999
+ // just the parameter.
1000
+ CBS parameter;
1001
+ CBS_init(&parameter, CBS_data(&msg.body),
1002
+ CBS_len(&msg.body) - CBS_len(&server_key_exchange));
1003
+
1004
+ // ServerKeyExchange should be signed by the server's public key.
1005
+ if (ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
1006
+ uint16_t signature_algorithm = 0;
1007
+ if (ssl_protocol_version(ssl) >= TLS1_2_VERSION) {
1008
+ if (!CBS_get_u16(&server_key_exchange, &signature_algorithm)) {
1009
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
1010
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1011
+ return ssl_hs_error;
1012
+ }
1013
+ uint8_t alert = SSL_AD_DECODE_ERROR;
1014
+ if (!tls12_check_peer_sigalg(ssl, &alert, signature_algorithm)) {
1015
+ ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
1016
+ return ssl_hs_error;
1017
+ }
1018
+ hs->new_session->peer_signature_algorithm = signature_algorithm;
1019
+ } else if (!tls1_get_legacy_signature_algorithm(&signature_algorithm,
1020
+ hs->peer_pubkey.get())) {
1021
+ OPENSSL_PUT_ERROR(SSL, SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE);
1022
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNSUPPORTED_CERTIFICATE);
1023
+ return ssl_hs_error;
1024
+ }
1025
+
1026
+ // The last field in |server_key_exchange| is the signature.
1027
+ CBS signature;
1028
+ if (!CBS_get_u16_length_prefixed(&server_key_exchange, &signature) ||
1029
+ CBS_len(&server_key_exchange) != 0) {
1030
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
1031
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1032
+ return ssl_hs_error;
1033
+ }
1034
+
1035
+ ScopedCBB transcript;
1036
+ Array<uint8_t> transcript_data;
1037
+ if (!CBB_init(transcript.get(),
1038
+ 2 * SSL3_RANDOM_SIZE + CBS_len(&parameter)) ||
1039
+ !CBB_add_bytes(transcript.get(), ssl->s3->client_random,
1040
+ SSL3_RANDOM_SIZE) ||
1041
+ !CBB_add_bytes(transcript.get(), ssl->s3->server_random,
1042
+ SSL3_RANDOM_SIZE) ||
1043
+ !CBB_add_bytes(transcript.get(), CBS_data(&parameter),
1044
+ CBS_len(&parameter)) ||
1045
+ !CBBFinishArray(transcript.get(), &transcript_data)) {
1046
+ OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
1047
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
1048
+ return ssl_hs_error;
1049
+ }
1050
+
1051
+ bool sig_ok = ssl_public_key_verify(ssl, signature, signature_algorithm,
1052
+ hs->peer_pubkey.get(), transcript_data);
1053
+ #if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
1054
+ sig_ok = true;
1055
+ ERR_clear_error();
1056
+ #endif
1057
+ if (!sig_ok) {
1058
+ // bad signature
1059
+ OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SIGNATURE);
1060
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
1061
+ return ssl_hs_error;
1062
+ }
1063
+ } else {
1064
+ // PSK ciphers are the only supported certificate-less ciphers.
1065
+ assert(alg_a == SSL_aPSK);
1066
+
1067
+ if (CBS_len(&server_key_exchange) > 0) {
1068
+ OPENSSL_PUT_ERROR(SSL, SSL_R_EXTRA_DATA_IN_MESSAGE);
1069
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1070
+ return ssl_hs_error;
1071
+ }
1072
+ }
1073
+
1074
+ ssl->method->next_message(ssl);
1075
+ hs->state = state_read_certificate_request;
1076
+ return ssl_hs_ok;
1077
+ }
1078
+
1079
+ static enum ssl_hs_wait_t do_read_certificate_request(SSL_HANDSHAKE *hs) {
1080
+ SSL *const ssl = hs->ssl;
1081
+
1082
+ if (!ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
1083
+ hs->state = state_read_server_hello_done;
1084
+ return ssl_hs_ok;
1085
+ }
1086
+
1087
+ SSLMessage msg;
1088
+ if (!ssl->method->get_message(ssl, &msg)) {
1089
+ return ssl_hs_read_message;
1090
+ }
1091
+
1092
+ if (msg.type == SSL3_MT_SERVER_HELLO_DONE) {
1093
+ // If we get here we don't need the handshake buffer as we won't be doing
1094
+ // client auth.
1095
+ hs->transcript.FreeBuffer();
1096
+ hs->state = state_read_server_hello_done;
1097
+ return ssl_hs_ok;
1098
+ }
1099
+
1100
+ if (!ssl_check_message_type(ssl, msg, SSL3_MT_CERTIFICATE_REQUEST) ||
1101
+ !ssl_hash_message(hs, msg)) {
1102
+ return ssl_hs_error;
1103
+ }
1104
+
1105
+ // Get the certificate types.
1106
+ CBS body = msg.body, certificate_types;
1107
+ if (!CBS_get_u8_length_prefixed(&body, &certificate_types)) {
1108
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1109
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
1110
+ return ssl_hs_error;
1111
+ }
1112
+
1113
+ if (!hs->certificate_types.CopyFrom(certificate_types)) {
1114
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
1115
+ return ssl_hs_error;
1116
+ }
1117
+
1118
+ if (ssl_protocol_version(ssl) >= TLS1_2_VERSION) {
1119
+ CBS supported_signature_algorithms;
1120
+ if (!CBS_get_u16_length_prefixed(&body, &supported_signature_algorithms) ||
1121
+ !tls1_parse_peer_sigalgs(hs, &supported_signature_algorithms)) {
1122
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1123
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
1124
+ return ssl_hs_error;
1125
+ }
1126
+ }
1127
+
1128
+ uint8_t alert = SSL_AD_DECODE_ERROR;
1129
+ UniquePtr<STACK_OF(CRYPTO_BUFFER)> ca_names =
1130
+ ssl_parse_client_CA_list(ssl, &alert, &body);
1131
+ if (!ca_names) {
1132
+ ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
1133
+ return ssl_hs_error;
1134
+ }
1135
+
1136
+ if (CBS_len(&body) != 0) {
1137
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1138
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
1139
+ return ssl_hs_error;
1140
+ }
1141
+
1142
+ hs->cert_request = true;
1143
+ hs->ca_names = std::move(ca_names);
1144
+ ssl->ctx->x509_method->hs_flush_cached_ca_names(hs);
1145
+
1146
+ ssl->method->next_message(ssl);
1147
+ hs->state = state_read_server_hello_done;
1148
+ return ssl_hs_ok;
1149
+ }
1150
+
1151
+ static enum ssl_hs_wait_t do_read_server_hello_done(SSL_HANDSHAKE *hs) {
1152
+ SSL *const ssl = hs->ssl;
1153
+ SSLMessage msg;
1154
+ if (!ssl->method->get_message(ssl, &msg)) {
1155
+ return ssl_hs_read_message;
1156
+ }
1157
+
1158
+ if (!ssl_check_message_type(ssl, msg, SSL3_MT_SERVER_HELLO_DONE) ||
1159
+ !ssl_hash_message(hs, msg)) {
1160
+ return ssl_hs_error;
1161
+ }
1162
+
1163
+ // ServerHelloDone is empty.
1164
+ if (CBS_len(&msg.body) != 0) {
1165
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1166
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
1167
+ return ssl_hs_error;
1168
+ }
1169
+
1170
+ ssl->method->next_message(ssl);
1171
+ hs->state = state_send_client_certificate;
1172
+ return ssl_hs_ok;
1173
+ }
1174
+
1175
+ static enum ssl_hs_wait_t do_send_client_certificate(SSL_HANDSHAKE *hs) {
1176
+ SSL *const ssl = hs->ssl;
1177
+
1178
+ // The peer didn't request a certificate.
1179
+ if (!hs->cert_request) {
1180
+ hs->state = state_send_client_key_exchange;
1181
+ return ssl_hs_ok;
1182
+ }
1183
+
1184
+ // Call cert_cb to update the certificate.
1185
+ if (ssl->cert->cert_cb != NULL) {
1186
+ int rv = ssl->cert->cert_cb(ssl, ssl->cert->cert_cb_arg);
1187
+ if (rv == 0) {
1188
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
1189
+ OPENSSL_PUT_ERROR(SSL, SSL_R_CERT_CB_ERROR);
1190
+ return ssl_hs_error;
1191
+ }
1192
+ if (rv < 0) {
1193
+ hs->state = state_send_client_certificate;
1194
+ return ssl_hs_x509_lookup;
1195
+ }
1196
+ }
1197
+
1198
+ if (!ssl_has_certificate(ssl)) {
1199
+ // Without a client certificate, the handshake buffer may be released.
1200
+ hs->transcript.FreeBuffer();
1201
+
1202
+ // In SSL 3.0, the Certificate message is replaced with a warning alert.
1203
+ if (ssl->version == SSL3_VERSION) {
1204
+ if (!ssl->method->add_alert(ssl, SSL3_AL_WARNING,
1205
+ SSL_AD_NO_CERTIFICATE)) {
1206
+ return ssl_hs_error;
1207
+ }
1208
+ hs->state = state_send_client_key_exchange;
1209
+ return ssl_hs_ok;
1210
+ }
1211
+ }
1212
+
1213
+ if (!ssl_on_certificate_selected(hs) ||
1214
+ !ssl_output_cert_chain(ssl)) {
1215
+ return ssl_hs_error;
1216
+ }
1217
+
1218
+
1219
+ hs->state = state_send_client_key_exchange;
1220
+ return ssl_hs_ok;
1221
+ }
1222
+
1223
+ static_assert(sizeof(size_t) >= sizeof(unsigned),
1224
+ "size_t is smaller than unsigned");
1225
+
1226
+ static enum ssl_hs_wait_t do_send_client_key_exchange(SSL_HANDSHAKE *hs) {
1227
+ SSL *const ssl = hs->ssl;
1228
+ ScopedCBB cbb;
1229
+ CBB body;
1230
+ if (!ssl->method->init_message(ssl, cbb.get(), &body,
1231
+ SSL3_MT_CLIENT_KEY_EXCHANGE)) {
1232
+ return ssl_hs_error;
1233
+ }
1234
+
1235
+ Array<uint8_t> pms;
1236
+ uint32_t alg_k = hs->new_cipher->algorithm_mkey;
1237
+ uint32_t alg_a = hs->new_cipher->algorithm_auth;
1238
+
1239
+ // If using a PSK key exchange, prepare the pre-shared key.
1240
+ unsigned psk_len = 0;
1241
+ uint8_t psk[PSK_MAX_PSK_LEN];
1242
+ if (alg_a & SSL_aPSK) {
1243
+ if (ssl->psk_client_callback == NULL) {
1244
+ OPENSSL_PUT_ERROR(SSL, SSL_R_PSK_NO_CLIENT_CB);
1245
+ return ssl_hs_error;
1246
+ }
1247
+
1248
+ char identity[PSK_MAX_IDENTITY_LEN + 1];
1249
+ OPENSSL_memset(identity, 0, sizeof(identity));
1250
+ psk_len =
1251
+ ssl->psk_client_callback(ssl, hs->peer_psk_identity_hint.get(),
1252
+ identity, sizeof(identity), psk, sizeof(psk));
1253
+ if (psk_len == 0) {
1254
+ OPENSSL_PUT_ERROR(SSL, SSL_R_PSK_IDENTITY_NOT_FOUND);
1255
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
1256
+ return ssl_hs_error;
1257
+ }
1258
+ assert(psk_len <= PSK_MAX_PSK_LEN);
1259
+
1260
+ OPENSSL_free(hs->new_session->psk_identity);
1261
+ hs->new_session->psk_identity = BUF_strdup(identity);
1262
+ if (hs->new_session->psk_identity == NULL) {
1263
+ OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
1264
+ return ssl_hs_error;
1265
+ }
1266
+
1267
+ // Write out psk_identity.
1268
+ CBB child;
1269
+ if (!CBB_add_u16_length_prefixed(&body, &child) ||
1270
+ !CBB_add_bytes(&child, (const uint8_t *)identity,
1271
+ OPENSSL_strnlen(identity, sizeof(identity))) ||
1272
+ !CBB_flush(&body)) {
1273
+ return ssl_hs_error;
1274
+ }
1275
+ }
1276
+
1277
+ // Depending on the key exchange method, compute |pms|.
1278
+ if (alg_k & SSL_kRSA) {
1279
+ if (!pms.Init(SSL_MAX_MASTER_KEY_LENGTH)) {
1280
+ return ssl_hs_error;
1281
+ }
1282
+
1283
+ RSA *rsa = EVP_PKEY_get0_RSA(hs->peer_pubkey.get());
1284
+ if (rsa == NULL) {
1285
+ OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
1286
+ return ssl_hs_error;
1287
+ }
1288
+
1289
+ pms[0] = hs->client_version >> 8;
1290
+ pms[1] = hs->client_version & 0xff;
1291
+ if (!RAND_bytes(&pms[2], SSL_MAX_MASTER_KEY_LENGTH - 2)) {
1292
+ return ssl_hs_error;
1293
+ }
1294
+
1295
+ CBB child, *enc_pms = &body;
1296
+ size_t enc_pms_len;
1297
+ // In TLS, there is a length prefix.
1298
+ if (ssl->version > SSL3_VERSION) {
1299
+ if (!CBB_add_u16_length_prefixed(&body, &child)) {
1300
+ return ssl_hs_error;
1301
+ }
1302
+ enc_pms = &child;
1303
+ }
1304
+
1305
+ uint8_t *ptr;
1306
+ if (!CBB_reserve(enc_pms, &ptr, RSA_size(rsa)) ||
1307
+ !RSA_encrypt(rsa, &enc_pms_len, ptr, RSA_size(rsa), pms.data(),
1308
+ pms.size(), RSA_PKCS1_PADDING) ||
1309
+ !CBB_did_write(enc_pms, enc_pms_len) ||
1310
+ !CBB_flush(&body)) {
1311
+ return ssl_hs_error;
1312
+ }
1313
+ } else if (alg_k & SSL_kECDHE) {
1314
+ // Generate a keypair and serialize the public half.
1315
+ CBB child;
1316
+ if (!CBB_add_u8_length_prefixed(&body, &child)) {
1317
+ return ssl_hs_error;
1318
+ }
1319
+
1320
+ // Compute the premaster.
1321
+ uint8_t alert = SSL_AD_DECODE_ERROR;
1322
+ if (!hs->key_share->Accept(&child, &pms, &alert, hs->peer_key)) {
1323
+ ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
1324
+ return ssl_hs_error;
1325
+ }
1326
+ if (!CBB_flush(&body)) {
1327
+ return ssl_hs_error;
1328
+ }
1329
+
1330
+ // The key exchange state may now be discarded.
1331
+ hs->key_share.reset();
1332
+ hs->peer_key.Reset();
1333
+ } else if (alg_k & SSL_kPSK) {
1334
+ // For plain PSK, other_secret is a block of 0s with the same length as
1335
+ // the pre-shared key.
1336
+ if (!pms.Init(psk_len)) {
1337
+ return ssl_hs_error;
1338
+ }
1339
+ OPENSSL_memset(pms.data(), 0, pms.size());
1340
+ } else {
1341
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
1342
+ OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
1343
+ return ssl_hs_error;
1344
+ }
1345
+
1346
+ // For a PSK cipher suite, other_secret is combined with the pre-shared
1347
+ // key.
1348
+ if (alg_a & SSL_aPSK) {
1349
+ ScopedCBB pms_cbb;
1350
+ CBB child;
1351
+ if (!CBB_init(pms_cbb.get(), 2 + psk_len + 2 + pms.size()) ||
1352
+ !CBB_add_u16_length_prefixed(pms_cbb.get(), &child) ||
1353
+ !CBB_add_bytes(&child, pms.data(), pms.size()) ||
1354
+ !CBB_add_u16_length_prefixed(pms_cbb.get(), &child) ||
1355
+ !CBB_add_bytes(&child, psk, psk_len) ||
1356
+ !CBBFinishArray(pms_cbb.get(), &pms)) {
1357
+ OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
1358
+ return ssl_hs_error;
1359
+ }
1360
+ }
1361
+
1362
+ // The message must be added to the finished hash before calculating the
1363
+ // master secret.
1364
+ if (!ssl_add_message_cbb(ssl, cbb.get())) {
1365
+ return ssl_hs_error;
1366
+ }
1367
+
1368
+ hs->new_session->master_key_length =
1369
+ tls1_generate_master_secret(hs, hs->new_session->master_key, pms);
1370
+ if (hs->new_session->master_key_length == 0) {
1371
+ return ssl_hs_error;
1372
+ }
1373
+ hs->new_session->extended_master_secret = hs->extended_master_secret;
1374
+
1375
+ hs->state = state_send_client_certificate_verify;
1376
+ return ssl_hs_ok;
1377
+ }
1378
+
1379
+ static enum ssl_hs_wait_t do_send_client_certificate_verify(SSL_HANDSHAKE *hs) {
1380
+ SSL *const ssl = hs->ssl;
1381
+
1382
+ if (!hs->cert_request || !ssl_has_certificate(ssl)) {
1383
+ hs->state = state_send_client_finished;
1384
+ return ssl_hs_ok;
1385
+ }
1386
+
1387
+ assert(ssl_has_private_key(ssl));
1388
+ ScopedCBB cbb;
1389
+ CBB body, child;
1390
+ if (!ssl->method->init_message(ssl, cbb.get(), &body,
1391
+ SSL3_MT_CERTIFICATE_VERIFY)) {
1392
+ return ssl_hs_error;
1393
+ }
1394
+
1395
+ uint16_t signature_algorithm;
1396
+ if (!tls1_choose_signature_algorithm(hs, &signature_algorithm)) {
1397
+ return ssl_hs_error;
1398
+ }
1399
+ if (ssl_protocol_version(ssl) >= TLS1_2_VERSION) {
1400
+ // Write out the digest type in TLS 1.2.
1401
+ if (!CBB_add_u16(&body, signature_algorithm)) {
1402
+ OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
1403
+ return ssl_hs_error;
1404
+ }
1405
+ }
1406
+
1407
+ // Set aside space for the signature.
1408
+ const size_t max_sig_len = EVP_PKEY_size(hs->local_pubkey.get());
1409
+ uint8_t *ptr;
1410
+ if (!CBB_add_u16_length_prefixed(&body, &child) ||
1411
+ !CBB_reserve(&child, &ptr, max_sig_len)) {
1412
+ return ssl_hs_error;
1413
+ }
1414
+
1415
+ size_t sig_len = max_sig_len;
1416
+ // The SSL3 construction for CertificateVerify does not decompose into a
1417
+ // single final digest and signature, and must be special-cased.
1418
+ if (ssl_protocol_version(ssl) == SSL3_VERSION) {
1419
+ if (ssl->cert->key_method != NULL) {
1420
+ OPENSSL_PUT_ERROR(SSL, SSL_R_UNSUPPORTED_PROTOCOL_FOR_CUSTOM_KEY);
1421
+ return ssl_hs_error;
1422
+ }
1423
+
1424
+ uint8_t digest[EVP_MAX_MD_SIZE];
1425
+ size_t digest_len;
1426
+ if (!hs->transcript.GetSSL3CertVerifyHash(
1427
+ digest, &digest_len, hs->new_session.get(), signature_algorithm)) {
1428
+ return ssl_hs_error;
1429
+ }
1430
+
1431
+ UniquePtr<EVP_PKEY_CTX> pctx(EVP_PKEY_CTX_new(ssl->cert->privatekey, NULL));
1432
+ if (!pctx ||
1433
+ !EVP_PKEY_sign_init(pctx.get()) ||
1434
+ !EVP_PKEY_sign(pctx.get(), ptr, &sig_len, digest, digest_len)) {
1435
+ return ssl_hs_error;
1436
+ }
1437
+ } else {
1438
+ switch (ssl_private_key_sign(hs, ptr, &sig_len, max_sig_len,
1439
+ signature_algorithm,
1440
+ hs->transcript.buffer())) {
1441
+ case ssl_private_key_success:
1442
+ break;
1443
+ case ssl_private_key_failure:
1444
+ return ssl_hs_error;
1445
+ case ssl_private_key_retry:
1446
+ hs->state = state_send_client_certificate_verify;
1447
+ return ssl_hs_private_key_operation;
1448
+ }
1449
+ }
1450
+
1451
+ if (!CBB_did_write(&child, sig_len) ||
1452
+ !ssl_add_message_cbb(ssl, cbb.get())) {
1453
+ return ssl_hs_error;
1454
+ }
1455
+
1456
+ // The handshake buffer is no longer necessary.
1457
+ hs->transcript.FreeBuffer();
1458
+
1459
+ hs->state = state_send_client_finished;
1460
+ return ssl_hs_ok;
1461
+ }
1462
+
1463
+ static enum ssl_hs_wait_t do_send_client_finished(SSL_HANDSHAKE *hs) {
1464
+ SSL *const ssl = hs->ssl;
1465
+ // Resolve Channel ID first, before any non-idempotent operations.
1466
+ if (ssl->s3->tlsext_channel_id_valid) {
1467
+ if (!ssl_do_channel_id_callback(ssl)) {
1468
+ return ssl_hs_error;
1469
+ }
1470
+
1471
+ if (ssl->tlsext_channel_id_private == NULL) {
1472
+ hs->state = state_send_client_finished;
1473
+ return ssl_hs_channel_id_lookup;
1474
+ }
1475
+ }
1476
+
1477
+ if (!ssl->method->add_change_cipher_spec(ssl) ||
1478
+ !tls1_change_cipher_state(hs, evp_aead_seal)) {
1479
+ return ssl_hs_error;
1480
+ }
1481
+
1482
+ if (hs->next_proto_neg_seen) {
1483
+ static const uint8_t kZero[32] = {0};
1484
+ size_t padding_len =
1485
+ 32 - ((ssl->s3->next_proto_negotiated.size() + 2) % 32);
1486
+
1487
+ ScopedCBB cbb;
1488
+ CBB body, child;
1489
+ if (!ssl->method->init_message(ssl, cbb.get(), &body, SSL3_MT_NEXT_PROTO) ||
1490
+ !CBB_add_u8_length_prefixed(&body, &child) ||
1491
+ !CBB_add_bytes(&child, ssl->s3->next_proto_negotiated.data(),
1492
+ ssl->s3->next_proto_negotiated.size()) ||
1493
+ !CBB_add_u8_length_prefixed(&body, &child) ||
1494
+ !CBB_add_bytes(&child, kZero, padding_len) ||
1495
+ !ssl_add_message_cbb(ssl, cbb.get())) {
1496
+ OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
1497
+ return ssl_hs_error;
1498
+ }
1499
+ }
1500
+
1501
+ if (ssl->s3->tlsext_channel_id_valid) {
1502
+ ScopedCBB cbb;
1503
+ CBB body;
1504
+ if (!ssl->method->init_message(ssl, cbb.get(), &body, SSL3_MT_CHANNEL_ID) ||
1505
+ !tls1_write_channel_id(hs, &body) ||
1506
+ !ssl_add_message_cbb(ssl, cbb.get())) {
1507
+ OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
1508
+ return ssl_hs_error;
1509
+ }
1510
+ }
1511
+
1512
+ if (!ssl_send_finished(hs)) {
1513
+ return ssl_hs_error;
1514
+ }
1515
+
1516
+ hs->state = state_finish_flight;
1517
+ return ssl_hs_flush;
1518
+ }
1519
+
1520
+ static bool can_false_start(const SSL_HANDSHAKE *hs) {
1521
+ SSL *const ssl = hs->ssl;
1522
+
1523
+ // False Start only for TLS 1.2 with an ECDHE+AEAD cipher and ALPN or NPN.
1524
+ return !SSL_is_dtls(ssl) &&
1525
+ SSL_version(ssl) == TLS1_2_VERSION &&
1526
+ (!ssl->s3->alpn_selected.empty() ||
1527
+ !ssl->s3->next_proto_negotiated.empty()) &&
1528
+ hs->new_cipher->algorithm_mkey == SSL_kECDHE &&
1529
+ hs->new_cipher->algorithm_mac == SSL_AEAD;
1530
+ }
1531
+
1532
+ static enum ssl_hs_wait_t do_finish_flight(SSL_HANDSHAKE *hs) {
1533
+ SSL *const ssl = hs->ssl;
1534
+ if (ssl->session != NULL) {
1535
+ hs->state = state_finish_client_handshake;
1536
+ return ssl_hs_ok;
1537
+ }
1538
+
1539
+ // This is a full handshake. If it involves ChannelID, then record the
1540
+ // handshake hashes at this point in the session so that any resumption of
1541
+ // this session with ChannelID can sign those hashes.
1542
+ if (!tls1_record_handshake_hashes_for_channel_id(hs)) {
1543
+ return ssl_hs_error;
1544
+ }
1545
+
1546
+ hs->state = state_read_session_ticket;
1547
+
1548
+ if ((SSL_get_mode(ssl) & SSL_MODE_ENABLE_FALSE_START) &&
1549
+ can_false_start(hs) &&
1550
+ // No False Start on renegotiation (would complicate the state machine).
1551
+ !ssl->s3->initial_handshake_complete) {
1552
+ hs->in_false_start = true;
1553
+ hs->can_early_write = true;
1554
+ return ssl_hs_early_return;
1555
+ }
1556
+
1557
+ return ssl_hs_ok;
1558
+ }
1559
+
1560
+ static enum ssl_hs_wait_t do_read_session_ticket(SSL_HANDSHAKE *hs) {
1561
+ SSL *const ssl = hs->ssl;
1562
+
1563
+ if (!hs->ticket_expected) {
1564
+ hs->state = state_process_change_cipher_spec;
1565
+ return ssl_hs_read_change_cipher_spec;
1566
+ }
1567
+
1568
+ SSLMessage msg;
1569
+ if (!ssl->method->get_message(ssl, &msg)) {
1570
+ return ssl_hs_read_message;
1571
+ }
1572
+
1573
+ if (!ssl_check_message_type(ssl, msg, SSL3_MT_NEW_SESSION_TICKET) ||
1574
+ !ssl_hash_message(hs, msg)) {
1575
+ return ssl_hs_error;
1576
+ }
1577
+
1578
+ CBS new_session_ticket = msg.body, ticket;
1579
+ uint32_t tlsext_tick_lifetime_hint;
1580
+ if (!CBS_get_u32(&new_session_ticket, &tlsext_tick_lifetime_hint) ||
1581
+ !CBS_get_u16_length_prefixed(&new_session_ticket, &ticket) ||
1582
+ CBS_len(&new_session_ticket) != 0) {
1583
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1584
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
1585
+ return ssl_hs_error;
1586
+ }
1587
+
1588
+ if (CBS_len(&ticket) == 0) {
1589
+ // RFC 5077 allows a server to change its mind and send no ticket after
1590
+ // negotiating the extension. The value of |ticket_expected| is checked in
1591
+ // |ssl_update_cache| so is cleared here to avoid an unnecessary update.
1592
+ hs->ticket_expected = false;
1593
+ ssl->method->next_message(ssl);
1594
+ hs->state = state_process_change_cipher_spec;
1595
+ return ssl_hs_read_change_cipher_spec;
1596
+ }
1597
+
1598
+ SSL_SESSION *session = hs->new_session.get();
1599
+ UniquePtr<SSL_SESSION> renewed_session;
1600
+ if (ssl->session != NULL) {
1601
+ // The server is sending a new ticket for an existing session. Sessions are
1602
+ // immutable once established, so duplicate all but the ticket of the
1603
+ // existing session.
1604
+ renewed_session =
1605
+ SSL_SESSION_dup(ssl->session, SSL_SESSION_INCLUDE_NONAUTH);
1606
+ if (!renewed_session) {
1607
+ // This should never happen.
1608
+ OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
1609
+ return ssl_hs_error;
1610
+ }
1611
+ session = renewed_session.get();
1612
+ }
1613
+
1614
+ // |tlsext_tick_lifetime_hint| is measured from when the ticket was issued.
1615
+ ssl_session_rebase_time(ssl, session);
1616
+
1617
+ if (!CBS_stow(&ticket, &session->tlsext_tick, &session->tlsext_ticklen)) {
1618
+ OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
1619
+ return ssl_hs_error;
1620
+ }
1621
+ session->tlsext_tick_lifetime_hint = tlsext_tick_lifetime_hint;
1622
+
1623
+ // Generate a session ID for this session based on the session ticket. We use
1624
+ // the session ID mechanism for detecting ticket resumption. This also fits in
1625
+ // with assumptions elsewhere in OpenSSL.
1626
+ if (!EVP_Digest(CBS_data(&ticket), CBS_len(&ticket),
1627
+ session->session_id, &session->session_id_length,
1628
+ EVP_sha256(), NULL)) {
1629
+ return ssl_hs_error;
1630
+ }
1631
+
1632
+ if (renewed_session) {
1633
+ session->not_resumable = 0;
1634
+ SSL_SESSION_free(ssl->session);
1635
+ ssl->session = renewed_session.release();
1636
+ }
1637
+
1638
+ ssl->method->next_message(ssl);
1639
+ hs->state = state_process_change_cipher_spec;
1640
+ return ssl_hs_read_change_cipher_spec;
1641
+ }
1642
+
1643
+ static enum ssl_hs_wait_t do_process_change_cipher_spec(SSL_HANDSHAKE *hs) {
1644
+ if (!tls1_change_cipher_state(hs, evp_aead_open)) {
1645
+ return ssl_hs_error;
1646
+ }
1647
+
1648
+ hs->state = state_read_server_finished;
1649
+ return ssl_hs_ok;
1650
+ }
1651
+
1652
+ static enum ssl_hs_wait_t do_read_server_finished(SSL_HANDSHAKE *hs) {
1653
+ SSL *const ssl = hs->ssl;
1654
+ enum ssl_hs_wait_t wait = ssl_get_finished(hs);
1655
+ if (wait != ssl_hs_ok) {
1656
+ return wait;
1657
+ }
1658
+
1659
+ if (ssl->session != NULL) {
1660
+ hs->state = state_send_client_finished;
1661
+ return ssl_hs_ok;
1662
+ }
1663
+
1664
+ hs->state = state_finish_client_handshake;
1665
+ return ssl_hs_ok;
1666
+ }
1667
+
1668
+ static enum ssl_hs_wait_t do_finish_client_handshake(SSL_HANDSHAKE *hs) {
1669
+ SSL *const ssl = hs->ssl;
1670
+
1671
+ ssl->method->on_handshake_complete(ssl);
1672
+
1673
+ if (ssl->session != NULL) {
1674
+ SSL_SESSION_up_ref(ssl->session);
1675
+ ssl->s3->established_session.reset(ssl->session);
1676
+ } else {
1677
+ // We make a copy of the session in order to maintain the immutability
1678
+ // of the new established_session due to False Start. The caller may
1679
+ // have taken a reference to the temporary session.
1680
+ ssl->s3->established_session =
1681
+ SSL_SESSION_dup(hs->new_session.get(), SSL_SESSION_DUP_ALL);
1682
+ if (!ssl->s3->established_session) {
1683
+ return ssl_hs_error;
1684
+ }
1685
+ // Renegotiations do not participate in session resumption.
1686
+ if (!ssl->s3->initial_handshake_complete) {
1687
+ ssl->s3->established_session->not_resumable = 0;
1688
+ }
1689
+
1690
+ hs->new_session.reset();
1691
+ }
1692
+
1693
+ hs->handshake_finalized = true;
1694
+ ssl->s3->initial_handshake_complete = true;
1695
+ ssl_update_cache(hs, SSL_SESS_CACHE_CLIENT);
1696
+
1697
+ hs->state = state_done;
1698
+ return ssl_hs_ok;
1699
+ }
1700
+
1701
+ enum ssl_hs_wait_t ssl_client_handshake(SSL_HANDSHAKE *hs) {
1702
+ while (hs->state != state_done) {
1703
+ enum ssl_hs_wait_t ret = ssl_hs_error;
1704
+ enum ssl_client_hs_state_t state =
1705
+ static_cast<enum ssl_client_hs_state_t>(hs->state);
1706
+ switch (state) {
1707
+ case state_start_connect:
1708
+ ret = do_start_connect(hs);
1709
+ break;
1710
+ case state_enter_early_data:
1711
+ ret = do_enter_early_data(hs);
1712
+ break;
1713
+ case state_read_hello_verify_request:
1714
+ ret = do_read_hello_verify_request(hs);
1715
+ break;
1716
+ case state_read_server_hello:
1717
+ ret = do_read_server_hello(hs);
1718
+ break;
1719
+ case state_tls13:
1720
+ ret = do_tls13(hs);
1721
+ break;
1722
+ case state_read_server_certificate:
1723
+ ret = do_read_server_certificate(hs);
1724
+ break;
1725
+ case state_read_certificate_status:
1726
+ ret = do_read_certificate_status(hs);
1727
+ break;
1728
+ case state_verify_server_certificate:
1729
+ ret = do_verify_server_certificate(hs);
1730
+ break;
1731
+ case state_read_server_key_exchange:
1732
+ ret = do_read_server_key_exchange(hs);
1733
+ break;
1734
+ case state_read_certificate_request:
1735
+ ret = do_read_certificate_request(hs);
1736
+ break;
1737
+ case state_read_server_hello_done:
1738
+ ret = do_read_server_hello_done(hs);
1739
+ break;
1740
+ case state_send_client_certificate:
1741
+ ret = do_send_client_certificate(hs);
1742
+ break;
1743
+ case state_send_client_key_exchange:
1744
+ ret = do_send_client_key_exchange(hs);
1745
+ break;
1746
+ case state_send_client_certificate_verify:
1747
+ ret = do_send_client_certificate_verify(hs);
1748
+ break;
1749
+ case state_send_client_finished:
1750
+ ret = do_send_client_finished(hs);
1751
+ break;
1752
+ case state_finish_flight:
1753
+ ret = do_finish_flight(hs);
1754
+ break;
1755
+ case state_read_session_ticket:
1756
+ ret = do_read_session_ticket(hs);
1757
+ break;
1758
+ case state_process_change_cipher_spec:
1759
+ ret = do_process_change_cipher_spec(hs);
1760
+ break;
1761
+ case state_read_server_finished:
1762
+ ret = do_read_server_finished(hs);
1763
+ break;
1764
+ case state_finish_client_handshake:
1765
+ ret = do_finish_client_handshake(hs);
1766
+ break;
1767
+ case state_done:
1768
+ ret = ssl_hs_ok;
1769
+ break;
1770
+ }
1771
+
1772
+ if (hs->state != state) {
1773
+ ssl_do_info_callback(hs->ssl, SSL_CB_CONNECT_LOOP, 1);
1774
+ }
1775
+
1776
+ if (ret != ssl_hs_ok) {
1777
+ return ret;
1778
+ }
1779
+ }
1780
+
1781
+ ssl_do_info_callback(hs->ssl, SSL_CB_HANDSHAKE_DONE, 1);
1782
+ return ssl_hs_ok;
1783
+ }
1784
+
1785
+ const char *ssl_client_handshake_state(SSL_HANDSHAKE *hs) {
1786
+ enum ssl_client_hs_state_t state =
1787
+ static_cast<enum ssl_client_hs_state_t>(hs->state);
1788
+ switch (state) {
1789
+ case state_start_connect:
1790
+ return "TLS client start_connect";
1791
+ case state_enter_early_data:
1792
+ return "TLS client enter_early_data";
1793
+ case state_read_hello_verify_request:
1794
+ return "TLS client read_hello_verify_request";
1795
+ case state_read_server_hello:
1796
+ return "TLS client read_server_hello";
1797
+ case state_tls13:
1798
+ return tls13_client_handshake_state(hs);
1799
+ case state_read_server_certificate:
1800
+ return "TLS client read_server_certificate";
1801
+ case state_read_certificate_status:
1802
+ return "TLS client read_certificate_status";
1803
+ case state_verify_server_certificate:
1804
+ return "TLS client verify_server_certificate";
1805
+ case state_read_server_key_exchange:
1806
+ return "TLS client read_server_key_exchange";
1807
+ case state_read_certificate_request:
1808
+ return "TLS client read_certificate_request";
1809
+ case state_read_server_hello_done:
1810
+ return "TLS client read_server_hello_done";
1811
+ case state_send_client_certificate:
1812
+ return "TLS client send_client_certificate";
1813
+ case state_send_client_key_exchange:
1814
+ return "TLS client send_client_key_exchange";
1815
+ case state_send_client_certificate_verify:
1816
+ return "TLS client send_client_certificate_verify";
1817
+ case state_send_client_finished:
1818
+ return "TLS client send_client_finished";
1819
+ case state_finish_flight:
1820
+ return "TLS client finish_flight";
1821
+ case state_read_session_ticket:
1822
+ return "TLS client read_session_ticket";
1823
+ case state_process_change_cipher_spec:
1824
+ return "TLS client process_change_cipher_spec";
1825
+ case state_read_server_finished:
1826
+ return "TLS client read_server_finished";
1827
+ case state_finish_client_handshake:
1828
+ return "TLS client finish_client_handshake";
1829
+ case state_done:
1830
+ return "TLS client done";
1831
+ }
1832
+
1833
+ return "TLS client unknown";
1834
+ }
1835
+
1836
+ }