grpc-flamingo 1.11.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (1318) hide show
  1. checksums.yaml +7 -0
  2. data/.yardopts +1 -0
  3. data/Makefile +23896 -0
  4. data/etc/roots.pem +4475 -0
  5. data/include/grpc/byte_buffer.h +27 -0
  6. data/include/grpc/byte_buffer_reader.h +26 -0
  7. data/include/grpc/census.h +40 -0
  8. data/include/grpc/compression.h +75 -0
  9. data/include/grpc/fork.h +26 -0
  10. data/include/grpc/grpc.h +469 -0
  11. data/include/grpc/grpc_cronet.h +38 -0
  12. data/include/grpc/grpc_posix.h +67 -0
  13. data/include/grpc/grpc_security.h +495 -0
  14. data/include/grpc/grpc_security_constants.h +107 -0
  15. data/include/grpc/impl/codegen/atm.h +95 -0
  16. data/include/grpc/impl/codegen/atm_gcc_atomic.h +91 -0
  17. data/include/grpc/impl/codegen/atm_gcc_sync.h +83 -0
  18. data/include/grpc/impl/codegen/atm_windows.h +126 -0
  19. data/include/grpc/impl/codegen/byte_buffer.h +88 -0
  20. data/include/grpc/impl/codegen/byte_buffer_reader.h +42 -0
  21. data/include/grpc/impl/codegen/compression_types.h +107 -0
  22. data/include/grpc/impl/codegen/connectivity_state.h +44 -0
  23. data/include/grpc/impl/codegen/fork.h +48 -0
  24. data/include/grpc/impl/codegen/gpr_slice.h +69 -0
  25. data/include/grpc/impl/codegen/gpr_types.h +59 -0
  26. data/include/grpc/impl/codegen/grpc_types.h +669 -0
  27. data/include/grpc/impl/codegen/port_platform.h +507 -0
  28. data/include/grpc/impl/codegen/propagation_bits.h +52 -0
  29. data/include/grpc/impl/codegen/slice.h +147 -0
  30. data/include/grpc/impl/codegen/status.h +153 -0
  31. data/include/grpc/impl/codegen/sync.h +63 -0
  32. data/include/grpc/impl/codegen/sync_custom.h +38 -0
  33. data/include/grpc/impl/codegen/sync_generic.h +48 -0
  34. data/include/grpc/impl/codegen/sync_posix.h +34 -0
  35. data/include/grpc/impl/codegen/sync_windows.h +36 -0
  36. data/include/grpc/load_reporting.h +48 -0
  37. data/include/grpc/module.modulemap +74 -0
  38. data/include/grpc/slice.h +172 -0
  39. data/include/grpc/slice_buffer.h +84 -0
  40. data/include/grpc/status.h +26 -0
  41. data/include/grpc/support/alloc.h +68 -0
  42. data/include/grpc/support/atm.h +26 -0
  43. data/include/grpc/support/atm_gcc_atomic.h +26 -0
  44. data/include/grpc/support/atm_gcc_sync.h +26 -0
  45. data/include/grpc/support/atm_windows.h +26 -0
  46. data/include/grpc/support/cpu.h +44 -0
  47. data/include/grpc/support/log.h +104 -0
  48. data/include/grpc/support/log_windows.h +38 -0
  49. data/include/grpc/support/port_platform.h +24 -0
  50. data/include/grpc/support/string_util.h +49 -0
  51. data/include/grpc/support/sync.h +298 -0
  52. data/include/grpc/support/sync_custom.h +26 -0
  53. data/include/grpc/support/sync_generic.h +26 -0
  54. data/include/grpc/support/sync_posix.h +26 -0
  55. data/include/grpc/support/sync_windows.h +26 -0
  56. data/include/grpc/support/thd_id.h +44 -0
  57. data/include/grpc/support/time.h +92 -0
  58. data/include/grpc/support/workaround_list.h +31 -0
  59. data/src/boringssl/err_data.c +1348 -0
  60. data/src/core/ext/census/grpc_context.cc +38 -0
  61. data/src/core/ext/filters/client_channel/backup_poller.cc +174 -0
  62. data/src/core/ext/filters/client_channel/backup_poller.h +35 -0
  63. data/src/core/ext/filters/client_channel/channel_connectivity.cc +248 -0
  64. data/src/core/ext/filters/client_channel/client_channel.cc +3209 -0
  65. data/src/core/ext/filters/client_channel/client_channel.h +57 -0
  66. data/src/core/ext/filters/client_channel/client_channel_factory.cc +67 -0
  67. data/src/core/ext/filters/client_channel/client_channel_factory.h +74 -0
  68. data/src/core/ext/filters/client_channel/client_channel_plugin.cc +62 -0
  69. data/src/core/ext/filters/client_channel/connector.cc +41 -0
  70. data/src/core/ext/filters/client_channel/connector.h +73 -0
  71. data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +370 -0
  72. data/src/core/ext/filters/client_channel/http_connect_handshaker.h +34 -0
  73. data/src/core/ext/filters/client_channel/http_proxy.cc +195 -0
  74. data/src/core/ext/filters/client_channel/http_proxy.h +24 -0
  75. data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +138 -0
  76. data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.h +29 -0
  77. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +1906 -0
  78. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +36 -0
  79. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +108 -0
  80. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +152 -0
  81. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +67 -0
  82. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +304 -0
  83. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +88 -0
  84. data/src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.c +102 -0
  85. data/src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.h +190 -0
  86. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +591 -0
  87. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +687 -0
  88. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.cc +253 -0
  89. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +136 -0
  90. data/src/core/ext/filters/client_channel/lb_policy.cc +59 -0
  91. data/src/core/ext/filters/client_channel/lb_policy.h +201 -0
  92. data/src/core/ext/filters/client_channel/lb_policy_factory.cc +155 -0
  93. data/src/core/ext/filters/client_channel/lb_policy_factory.h +127 -0
  94. data/src/core/ext/filters/client_channel/lb_policy_registry.cc +97 -0
  95. data/src/core/ext/filters/client_channel/lb_policy_registry.h +54 -0
  96. data/src/core/ext/filters/client_channel/method_params.cc +178 -0
  97. data/src/core/ext/filters/client_channel/method_params.h +74 -0
  98. data/src/core/ext/filters/client_channel/parse_address.cc +192 -0
  99. data/src/core/ext/filters/client_channel/parse_address.h +50 -0
  100. data/src/core/ext/filters/client_channel/proxy_mapper.cc +48 -0
  101. data/src/core/ext/filters/client_channel/proxy_mapper.h +74 -0
  102. data/src/core/ext/filters/client_channel/proxy_mapper_registry.cc +122 -0
  103. data/src/core/ext/filters/client_channel/proxy_mapper_registry.h +44 -0
  104. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +493 -0
  105. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +53 -0
  106. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +351 -0
  107. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +593 -0
  108. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +74 -0
  109. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +59 -0
  110. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +340 -0
  111. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +297 -0
  112. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +83 -0
  113. data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +214 -0
  114. data/src/core/ext/filters/client_channel/resolver.cc +35 -0
  115. data/src/core/ext/filters/client_channel/resolver.h +134 -0
  116. data/src/core/ext/filters/client_channel/resolver_factory.h +71 -0
  117. data/src/core/ext/filters/client_channel/resolver_registry.cc +178 -0
  118. data/src/core/ext/filters/client_channel/resolver_registry.h +83 -0
  119. data/src/core/ext/filters/client_channel/retry_throttle.cc +191 -0
  120. data/src/core/ext/filters/client_channel/retry_throttle.h +77 -0
  121. data/src/core/ext/filters/client_channel/subchannel.cc +815 -0
  122. data/src/core/ext/filters/client_channel/subchannel.h +183 -0
  123. data/src/core/ext/filters/client_channel/subchannel_index.cc +254 -0
  124. data/src/core/ext/filters/client_channel/subchannel_index.h +79 -0
  125. data/src/core/ext/filters/client_channel/uri_parser.cc +314 -0
  126. data/src/core/ext/filters/client_channel/uri_parser.h +50 -0
  127. data/src/core/ext/filters/deadline/deadline_filter.cc +386 -0
  128. data/src/core/ext/filters/deadline/deadline_filter.h +93 -0
  129. data/src/core/ext/filters/http/client/http_client_filter.cc +558 -0
  130. data/src/core/ext/filters/http/client/http_client_filter.h +31 -0
  131. data/src/core/ext/filters/http/client_authority_filter.cc +156 -0
  132. data/src/core/ext/filters/http/client_authority_filter.h +34 -0
  133. data/src/core/ext/filters/http/http_filters_plugin.cc +89 -0
  134. data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +499 -0
  135. data/src/core/ext/filters/http/message_compress/message_compress_filter.h +53 -0
  136. data/src/core/ext/filters/http/server/http_server_filter.cc +434 -0
  137. data/src/core/ext/filters/http/server/http_server_filter.h +29 -0
  138. data/src/core/ext/filters/load_reporting/server_load_reporting_filter.cc +222 -0
  139. data/src/core/ext/filters/load_reporting/server_load_reporting_filter.h +30 -0
  140. data/src/core/ext/filters/load_reporting/server_load_reporting_plugin.cc +71 -0
  141. data/src/core/ext/filters/load_reporting/server_load_reporting_plugin.h +61 -0
  142. data/src/core/ext/filters/max_age/max_age_filter.cc +543 -0
  143. data/src/core/ext/filters/max_age/max_age_filter.h +26 -0
  144. data/src/core/ext/filters/message_size/message_size_filter.cc +324 -0
  145. data/src/core/ext/filters/message_size/message_size_filter.h +26 -0
  146. data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +208 -0
  147. data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.h +27 -0
  148. data/src/core/ext/filters/workarounds/workaround_utils.cc +53 -0
  149. data/src/core/ext/filters/workarounds/workaround_utils.h +39 -0
  150. data/src/core/ext/transport/chttp2/alpn/alpn.cc +44 -0
  151. data/src/core/ext/transport/chttp2/alpn/alpn.h +36 -0
  152. data/src/core/ext/transport/chttp2/client/authority.cc +42 -0
  153. data/src/core/ext/transport/chttp2/client/authority.h +36 -0
  154. data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +229 -0
  155. data/src/core/ext/transport/chttp2/client/chttp2_connector.h +28 -0
  156. data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +110 -0
  157. data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +79 -0
  158. data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +230 -0
  159. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +353 -0
  160. data/src/core/ext/transport/chttp2/server/chttp2_server.h +33 -0
  161. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +45 -0
  162. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +74 -0
  163. data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +89 -0
  164. data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +249 -0
  165. data/src/core/ext/transport/chttp2/transport/bin_decoder.h +56 -0
  166. data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +231 -0
  167. data/src/core/ext/transport/chttp2/transport/bin_encoder.h +41 -0
  168. data/src/core/ext/transport/chttp2/transport/chttp2_plugin.cc +35 -0
  169. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +3102 -0
  170. data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +45 -0
  171. data/src/core/ext/transport/chttp2/transport/flow_control.cc +405 -0
  172. data/src/core/ext/transport/chttp2/transport/flow_control.h +482 -0
  173. data/src/core/ext/transport/chttp2/transport/frame.h +47 -0
  174. data/src/core/ext/transport/chttp2/transport/frame_data.cc +314 -0
  175. data/src/core/ext/transport/chttp2/transport/frame_data.h +84 -0
  176. data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +186 -0
  177. data/src/core/ext/transport/chttp2/transport/frame_goaway.h +62 -0
  178. data/src/core/ext/transport/chttp2/transport/frame_ping.cc +131 -0
  179. data/src/core/ext/transport/chttp2/transport/frame_ping.h +45 -0
  180. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +112 -0
  181. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +43 -0
  182. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +238 -0
  183. data/src/core/ext/transport/chttp2/transport/frame_settings.h +60 -0
  184. data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +122 -0
  185. data/src/core/ext/transport/chttp2/transport/frame_window_update.h +45 -0
  186. data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +699 -0
  187. data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +95 -0
  188. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +1680 -0
  189. data/src/core/ext/transport/chttp2/transport/hpack_parser.h +109 -0
  190. data/src/core/ext/transport/chttp2/transport/hpack_table.cc +368 -0
  191. data/src/core/ext/transport/chttp2/transport/hpack_table.h +95 -0
  192. data/src/core/ext/transport/chttp2/transport/http2_settings.cc +62 -0
  193. data/src/core/ext/transport/chttp2/transport/http2_settings.h +62 -0
  194. data/src/core/ext/transport/chttp2/transport/huffsyms.cc +92 -0
  195. data/src/core/ext/transport/chttp2/transport/huffsyms.h +33 -0
  196. data/src/core/ext/transport/chttp2/transport/incoming_metadata.cc +73 -0
  197. data/src/core/ext/transport/chttp2/transport/incoming_metadata.h +49 -0
  198. data/src/core/ext/transport/chttp2/transport/internal.h +799 -0
  199. data/src/core/ext/transport/chttp2/transport/parsing.cc +745 -0
  200. data/src/core/ext/transport/chttp2/transport/stream_lists.cc +216 -0
  201. data/src/core/ext/transport/chttp2/transport/stream_map.cc +167 -0
  202. data/src/core/ext/transport/chttp2/transport/stream_map.h +68 -0
  203. data/src/core/ext/transport/chttp2/transport/varint.cc +56 -0
  204. data/src/core/ext/transport/chttp2/transport/varint.h +60 -0
  205. data/src/core/ext/transport/chttp2/transport/writing.cc +641 -0
  206. data/src/core/ext/transport/inproc/inproc_plugin.cc +28 -0
  207. data/src/core/ext/transport/inproc/inproc_transport.cc +1240 -0
  208. data/src/core/ext/transport/inproc/inproc_transport.h +35 -0
  209. data/src/core/lib/avl/avl.cc +306 -0
  210. data/src/core/lib/avl/avl.h +94 -0
  211. data/src/core/lib/backoff/backoff.cc +78 -0
  212. data/src/core/lib/backoff/backoff.h +89 -0
  213. data/src/core/lib/channel/channel_args.cc +413 -0
  214. data/src/core/lib/channel/channel_args.h +127 -0
  215. data/src/core/lib/channel/channel_stack.cc +258 -0
  216. data/src/core/lib/channel/channel_stack.h +280 -0
  217. data/src/core/lib/channel/channel_stack_builder.cc +314 -0
  218. data/src/core/lib/channel/channel_stack_builder.h +160 -0
  219. data/src/core/lib/channel/channel_trace.cc +239 -0
  220. data/src/core/lib/channel/channel_trace.h +133 -0
  221. data/src/core/lib/channel/channel_trace_registry.cc +80 -0
  222. data/src/core/lib/channel/channel_trace_registry.h +43 -0
  223. data/src/core/lib/channel/connected_channel.cc +236 -0
  224. data/src/core/lib/channel/connected_channel.h +34 -0
  225. data/src/core/lib/channel/context.h +49 -0
  226. data/src/core/lib/channel/handshaker.cc +259 -0
  227. data/src/core/lib/channel/handshaker.h +166 -0
  228. data/src/core/lib/channel/handshaker_factory.cc +41 -0
  229. data/src/core/lib/channel/handshaker_factory.h +50 -0
  230. data/src/core/lib/channel/handshaker_registry.cc +97 -0
  231. data/src/core/lib/channel/handshaker_registry.h +48 -0
  232. data/src/core/lib/channel/status_util.cc +100 -0
  233. data/src/core/lib/channel/status_util.h +58 -0
  234. data/src/core/lib/compression/algorithm_metadata.h +61 -0
  235. data/src/core/lib/compression/compression.cc +174 -0
  236. data/src/core/lib/compression/compression_internal.cc +276 -0
  237. data/src/core/lib/compression/compression_internal.h +88 -0
  238. data/src/core/lib/compression/message_compress.cc +187 -0
  239. data/src/core/lib/compression/message_compress.h +40 -0
  240. data/src/core/lib/compression/stream_compression.cc +79 -0
  241. data/src/core/lib/compression/stream_compression.h +116 -0
  242. data/src/core/lib/compression/stream_compression_gzip.cc +230 -0
  243. data/src/core/lib/compression/stream_compression_gzip.h +28 -0
  244. data/src/core/lib/compression/stream_compression_identity.cc +94 -0
  245. data/src/core/lib/compression/stream_compression_identity.h +29 -0
  246. data/src/core/lib/debug/stats.cc +178 -0
  247. data/src/core/lib/debug/stats.h +61 -0
  248. data/src/core/lib/debug/stats_data.cc +682 -0
  249. data/src/core/lib/debug/stats_data.h +435 -0
  250. data/src/core/lib/debug/trace.cc +144 -0
  251. data/src/core/lib/debug/trace.h +104 -0
  252. data/src/core/lib/gpr/alloc.cc +99 -0
  253. data/src/core/lib/gpr/arena.cc +152 -0
  254. data/src/core/lib/gpr/arena.h +41 -0
  255. data/src/core/lib/gpr/atm.cc +35 -0
  256. data/src/core/lib/gpr/cpu_iphone.cc +36 -0
  257. data/src/core/lib/gpr/cpu_linux.cc +82 -0
  258. data/src/core/lib/gpr/cpu_posix.cc +81 -0
  259. data/src/core/lib/gpr/cpu_windows.cc +33 -0
  260. data/src/core/lib/gpr/env.h +43 -0
  261. data/src/core/lib/gpr/env_linux.cc +82 -0
  262. data/src/core/lib/gpr/env_posix.cc +47 -0
  263. data/src/core/lib/gpr/env_windows.cc +72 -0
  264. data/src/core/lib/gpr/fork.cc +78 -0
  265. data/src/core/lib/gpr/fork.h +35 -0
  266. data/src/core/lib/gpr/host_port.cc +98 -0
  267. data/src/core/lib/gpr/host_port.h +43 -0
  268. data/src/core/lib/gpr/log.cc +96 -0
  269. data/src/core/lib/gpr/log_android.cc +72 -0
  270. data/src/core/lib/gpr/log_linux.cc +93 -0
  271. data/src/core/lib/gpr/log_posix.cc +90 -0
  272. data/src/core/lib/gpr/log_windows.cc +97 -0
  273. data/src/core/lib/gpr/mpscq.cc +117 -0
  274. data/src/core/lib/gpr/mpscq.h +86 -0
  275. data/src/core/lib/gpr/murmur_hash.cc +80 -0
  276. data/src/core/lib/gpr/murmur_hash.h +29 -0
  277. data/src/core/lib/gpr/spinlock.h +46 -0
  278. data/src/core/lib/gpr/string.cc +319 -0
  279. data/src/core/lib/gpr/string.h +109 -0
  280. data/src/core/lib/gpr/string_posix.cc +72 -0
  281. data/src/core/lib/gpr/string_util_windows.cc +82 -0
  282. data/src/core/lib/gpr/string_windows.cc +69 -0
  283. data/src/core/lib/gpr/string_windows.h +32 -0
  284. data/src/core/lib/gpr/sync.cc +124 -0
  285. data/src/core/lib/gpr/sync_posix.cc +107 -0
  286. data/src/core/lib/gpr/sync_windows.cc +118 -0
  287. data/src/core/lib/gpr/time.cc +251 -0
  288. data/src/core/lib/gpr/time_posix.cc +167 -0
  289. data/src/core/lib/gpr/time_precise.cc +78 -0
  290. data/src/core/lib/gpr/time_precise.h +29 -0
  291. data/src/core/lib/gpr/time_windows.cc +98 -0
  292. data/src/core/lib/gpr/tls.h +68 -0
  293. data/src/core/lib/gpr/tls_gcc.h +52 -0
  294. data/src/core/lib/gpr/tls_msvc.h +52 -0
  295. data/src/core/lib/gpr/tls_pthread.cc +30 -0
  296. data/src/core/lib/gpr/tls_pthread.h +56 -0
  297. data/src/core/lib/gpr/tmpfile.h +32 -0
  298. data/src/core/lib/gpr/tmpfile_msys.cc +58 -0
  299. data/src/core/lib/gpr/tmpfile_posix.cc +70 -0
  300. data/src/core/lib/gpr/tmpfile_windows.cc +69 -0
  301. data/src/core/lib/gpr/useful.h +65 -0
  302. data/src/core/lib/gpr/wrap_memcpy.cc +42 -0
  303. data/src/core/lib/gprpp/abstract.h +34 -0
  304. data/src/core/lib/gprpp/atomic.h +30 -0
  305. data/src/core/lib/gprpp/atomic_with_atm.h +57 -0
  306. data/src/core/lib/gprpp/atomic_with_std.h +35 -0
  307. data/src/core/lib/gprpp/debug_location.h +52 -0
  308. data/src/core/lib/gprpp/inlined_vector.h +136 -0
  309. data/src/core/lib/gprpp/manual_constructor.h +213 -0
  310. data/src/core/lib/gprpp/memory.h +111 -0
  311. data/src/core/lib/gprpp/orphanable.h +199 -0
  312. data/src/core/lib/gprpp/ref_counted.h +169 -0
  313. data/src/core/lib/gprpp/ref_counted_ptr.h +112 -0
  314. data/src/core/lib/gprpp/thd.h +135 -0
  315. data/src/core/lib/gprpp/thd_posix.cc +209 -0
  316. data/src/core/lib/gprpp/thd_windows.cc +162 -0
  317. data/src/core/lib/http/format_request.cc +122 -0
  318. data/src/core/lib/http/format_request.h +34 -0
  319. data/src/core/lib/http/httpcli.cc +303 -0
  320. data/src/core/lib/http/httpcli.h +127 -0
  321. data/src/core/lib/http/httpcli_security_connector.cc +202 -0
  322. data/src/core/lib/http/parser.cc +371 -0
  323. data/src/core/lib/http/parser.h +113 -0
  324. data/src/core/lib/iomgr/block_annotate.h +57 -0
  325. data/src/core/lib/iomgr/call_combiner.cc +212 -0
  326. data/src/core/lib/iomgr/call_combiner.h +112 -0
  327. data/src/core/lib/iomgr/closure.h +351 -0
  328. data/src/core/lib/iomgr/combiner.cc +358 -0
  329. data/src/core/lib/iomgr/combiner.h +66 -0
  330. data/src/core/lib/iomgr/endpoint.cc +63 -0
  331. data/src/core/lib/iomgr/endpoint.h +98 -0
  332. data/src/core/lib/iomgr/endpoint_pair.h +34 -0
  333. data/src/core/lib/iomgr/endpoint_pair_posix.cc +73 -0
  334. data/src/core/lib/iomgr/endpoint_pair_uv.cc +40 -0
  335. data/src/core/lib/iomgr/endpoint_pair_windows.cc +87 -0
  336. data/src/core/lib/iomgr/error.cc +793 -0
  337. data/src/core/lib/iomgr/error.h +207 -0
  338. data/src/core/lib/iomgr/error_internal.h +63 -0
  339. data/src/core/lib/iomgr/ev_epoll1_linux.cc +1248 -0
  340. data/src/core/lib/iomgr/ev_epoll1_linux.h +31 -0
  341. data/src/core/lib/iomgr/ev_epollex_linux.cc +1494 -0
  342. data/src/core/lib/iomgr/ev_epollex_linux.h +30 -0
  343. data/src/core/lib/iomgr/ev_epollsig_linux.cc +1735 -0
  344. data/src/core/lib/iomgr/ev_epollsig_linux.h +35 -0
  345. data/src/core/lib/iomgr/ev_poll_posix.cc +1758 -0
  346. data/src/core/lib/iomgr/ev_poll_posix.h +29 -0
  347. data/src/core/lib/iomgr/ev_posix.cc +330 -0
  348. data/src/core/lib/iomgr/ev_posix.h +145 -0
  349. data/src/core/lib/iomgr/ev_windows.cc +30 -0
  350. data/src/core/lib/iomgr/exec_ctx.cc +147 -0
  351. data/src/core/lib/iomgr/exec_ctx.h +210 -0
  352. data/src/core/lib/iomgr/executor.cc +301 -0
  353. data/src/core/lib/iomgr/executor.h +50 -0
  354. data/src/core/lib/iomgr/fork_posix.cc +89 -0
  355. data/src/core/lib/iomgr/fork_windows.cc +41 -0
  356. data/src/core/lib/iomgr/gethostname.h +26 -0
  357. data/src/core/lib/iomgr/gethostname_fallback.cc +30 -0
  358. data/src/core/lib/iomgr/gethostname_host_name_max.cc +40 -0
  359. data/src/core/lib/iomgr/gethostname_sysconf.cc +40 -0
  360. data/src/core/lib/iomgr/iocp_windows.cc +152 -0
  361. data/src/core/lib/iomgr/iocp_windows.h +48 -0
  362. data/src/core/lib/iomgr/iomgr.cc +178 -0
  363. data/src/core/lib/iomgr/iomgr.h +36 -0
  364. data/src/core/lib/iomgr/iomgr_custom.cc +63 -0
  365. data/src/core/lib/iomgr/iomgr_custom.h +47 -0
  366. data/src/core/lib/iomgr/iomgr_internal.cc +43 -0
  367. data/src/core/lib/iomgr/iomgr_internal.h +57 -0
  368. data/src/core/lib/iomgr/iomgr_posix.cc +67 -0
  369. data/src/core/lib/iomgr/iomgr_posix.h +26 -0
  370. data/src/core/lib/iomgr/iomgr_uv.cc +40 -0
  371. data/src/core/lib/iomgr/iomgr_windows.cc +87 -0
  372. data/src/core/lib/iomgr/is_epollexclusive_available.cc +104 -0
  373. data/src/core/lib/iomgr/is_epollexclusive_available.h +36 -0
  374. data/src/core/lib/iomgr/load_file.cc +80 -0
  375. data/src/core/lib/iomgr/load_file.h +35 -0
  376. data/src/core/lib/iomgr/lockfree_event.cc +250 -0
  377. data/src/core/lib/iomgr/lockfree_event.h +72 -0
  378. data/src/core/lib/iomgr/nameser.h +106 -0
  379. data/src/core/lib/iomgr/network_status_tracker.cc +36 -0
  380. data/src/core/lib/iomgr/network_status_tracker.h +32 -0
  381. data/src/core/lib/iomgr/polling_entity.cc +87 -0
  382. data/src/core/lib/iomgr/polling_entity.h +68 -0
  383. data/src/core/lib/iomgr/pollset.cc +56 -0
  384. data/src/core/lib/iomgr/pollset.h +99 -0
  385. data/src/core/lib/iomgr/pollset_custom.cc +106 -0
  386. data/src/core/lib/iomgr/pollset_custom.h +35 -0
  387. data/src/core/lib/iomgr/pollset_set.cc +55 -0
  388. data/src/core/lib/iomgr/pollset_set.h +55 -0
  389. data/src/core/lib/iomgr/pollset_set_custom.cc +48 -0
  390. data/src/core/lib/iomgr/pollset_set_custom.h +26 -0
  391. data/src/core/lib/iomgr/pollset_set_windows.cc +51 -0
  392. data/src/core/lib/iomgr/pollset_set_windows.h +26 -0
  393. data/src/core/lib/iomgr/pollset_uv.cc +93 -0
  394. data/src/core/lib/iomgr/pollset_windows.cc +229 -0
  395. data/src/core/lib/iomgr/pollset_windows.h +70 -0
  396. data/src/core/lib/iomgr/port.h +147 -0
  397. data/src/core/lib/iomgr/resolve_address.cc +50 -0
  398. data/src/core/lib/iomgr/resolve_address.h +83 -0
  399. data/src/core/lib/iomgr/resolve_address_custom.cc +187 -0
  400. data/src/core/lib/iomgr/resolve_address_custom.h +43 -0
  401. data/src/core/lib/iomgr/resolve_address_posix.cc +180 -0
  402. data/src/core/lib/iomgr/resolve_address_windows.cc +165 -0
  403. data/src/core/lib/iomgr/resource_quota.cc +871 -0
  404. data/src/core/lib/iomgr/resource_quota.h +142 -0
  405. data/src/core/lib/iomgr/sockaddr.h +32 -0
  406. data/src/core/lib/iomgr/sockaddr_custom.h +54 -0
  407. data/src/core/lib/iomgr/sockaddr_posix.h +55 -0
  408. data/src/core/lib/iomgr/sockaddr_utils.cc +298 -0
  409. data/src/core/lib/iomgr/sockaddr_utils.h +84 -0
  410. data/src/core/lib/iomgr/sockaddr_windows.h +55 -0
  411. data/src/core/lib/iomgr/socket_factory_posix.cc +94 -0
  412. data/src/core/lib/iomgr/socket_factory_posix.h +69 -0
  413. data/src/core/lib/iomgr/socket_mutator.cc +83 -0
  414. data/src/core/lib/iomgr/socket_mutator.h +61 -0
  415. data/src/core/lib/iomgr/socket_utils.h +38 -0
  416. data/src/core/lib/iomgr/socket_utils_common_posix.cc +327 -0
  417. data/src/core/lib/iomgr/socket_utils_linux.cc +43 -0
  418. data/src/core/lib/iomgr/socket_utils_posix.cc +59 -0
  419. data/src/core/lib/iomgr/socket_utils_posix.h +134 -0
  420. data/src/core/lib/iomgr/socket_utils_uv.cc +45 -0
  421. data/src/core/lib/iomgr/socket_utils_windows.cc +43 -0
  422. data/src/core/lib/iomgr/socket_windows.cc +151 -0
  423. data/src/core/lib/iomgr/socket_windows.h +113 -0
  424. data/src/core/lib/iomgr/sys_epoll_wrapper.h +30 -0
  425. data/src/core/lib/iomgr/tcp_client.cc +36 -0
  426. data/src/core/lib/iomgr/tcp_client.h +52 -0
  427. data/src/core/lib/iomgr/tcp_client_custom.cc +151 -0
  428. data/src/core/lib/iomgr/tcp_client_posix.cc +359 -0
  429. data/src/core/lib/iomgr/tcp_client_posix.h +68 -0
  430. data/src/core/lib/iomgr/tcp_client_windows.cc +231 -0
  431. data/src/core/lib/iomgr/tcp_custom.cc +365 -0
  432. data/src/core/lib/iomgr/tcp_custom.h +81 -0
  433. data/src/core/lib/iomgr/tcp_posix.cc +814 -0
  434. data/src/core/lib/iomgr/tcp_posix.h +57 -0
  435. data/src/core/lib/iomgr/tcp_server.cc +73 -0
  436. data/src/core/lib/iomgr/tcp_server.h +122 -0
  437. data/src/core/lib/iomgr/tcp_server_custom.cc +472 -0
  438. data/src/core/lib/iomgr/tcp_server_posix.cc +582 -0
  439. data/src/core/lib/iomgr/tcp_server_utils_posix.h +122 -0
  440. data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +208 -0
  441. data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +184 -0
  442. data/src/core/lib/iomgr/tcp_server_utils_posix_noifaddrs.cc +36 -0
  443. data/src/core/lib/iomgr/tcp_server_windows.cc +559 -0
  444. data/src/core/lib/iomgr/tcp_uv.cc +417 -0
  445. data/src/core/lib/iomgr/tcp_windows.cc +455 -0
  446. data/src/core/lib/iomgr/tcp_windows.h +51 -0
  447. data/src/core/lib/iomgr/time_averaged_stats.cc +64 -0
  448. data/src/core/lib/iomgr/time_averaged_stats.h +73 -0
  449. data/src/core/lib/iomgr/timer.cc +45 -0
  450. data/src/core/lib/iomgr/timer.h +125 -0
  451. data/src/core/lib/iomgr/timer_custom.cc +93 -0
  452. data/src/core/lib/iomgr/timer_custom.h +43 -0
  453. data/src/core/lib/iomgr/timer_generic.cc +663 -0
  454. data/src/core/lib/iomgr/timer_heap.cc +135 -0
  455. data/src/core/lib/iomgr/timer_heap.h +44 -0
  456. data/src/core/lib/iomgr/timer_manager.cc +347 -0
  457. data/src/core/lib/iomgr/timer_manager.h +39 -0
  458. data/src/core/lib/iomgr/timer_uv.cc +63 -0
  459. data/src/core/lib/iomgr/udp_server.cc +692 -0
  460. data/src/core/lib/iomgr/udp_server.h +103 -0
  461. data/src/core/lib/iomgr/unix_sockets_posix.cc +104 -0
  462. data/src/core/lib/iomgr/unix_sockets_posix.h +43 -0
  463. data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +49 -0
  464. data/src/core/lib/iomgr/wakeup_fd_cv.cc +107 -0
  465. data/src/core/lib/iomgr/wakeup_fd_cv.h +69 -0
  466. data/src/core/lib/iomgr/wakeup_fd_eventfd.cc +83 -0
  467. data/src/core/lib/iomgr/wakeup_fd_nospecial.cc +38 -0
  468. data/src/core/lib/iomgr/wakeup_fd_pipe.cc +100 -0
  469. data/src/core/lib/iomgr/wakeup_fd_pipe.h +28 -0
  470. data/src/core/lib/iomgr/wakeup_fd_posix.cc +87 -0
  471. data/src/core/lib/iomgr/wakeup_fd_posix.h +96 -0
  472. data/src/core/lib/json/json.cc +86 -0
  473. data/src/core/lib/json/json.h +94 -0
  474. data/src/core/lib/json/json_common.h +34 -0
  475. data/src/core/lib/json/json_reader.cc +663 -0
  476. data/src/core/lib/json/json_reader.h +146 -0
  477. data/src/core/lib/json/json_string.cc +367 -0
  478. data/src/core/lib/json/json_writer.cc +245 -0
  479. data/src/core/lib/json/json_writer.h +84 -0
  480. data/src/core/lib/profiling/basic_timers.cc +286 -0
  481. data/src/core/lib/profiling/stap_timers.cc +50 -0
  482. data/src/core/lib/profiling/timers.h +94 -0
  483. data/src/core/lib/security/context/security_context.cc +348 -0
  484. data/src/core/lib/security/context/security_context.h +115 -0
  485. data/src/core/lib/security/credentials/alts/alts_credentials.cc +119 -0
  486. data/src/core/lib/security/credentials/alts/alts_credentials.h +102 -0
  487. data/src/core/lib/security/credentials/alts/check_gcp_environment.cc +72 -0
  488. data/src/core/lib/security/credentials/alts/check_gcp_environment.h +57 -0
  489. data/src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc +67 -0
  490. data/src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc +33 -0
  491. data/src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc +114 -0
  492. data/src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc +126 -0
  493. data/src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc +46 -0
  494. data/src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h +112 -0
  495. data/src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc +58 -0
  496. data/src/core/lib/security/credentials/composite/composite_credentials.cc +269 -0
  497. data/src/core/lib/security/credentials/composite/composite_credentials.h +59 -0
  498. data/src/core/lib/security/credentials/credentials.cc +286 -0
  499. data/src/core/lib/security/credentials/credentials.h +246 -0
  500. data/src/core/lib/security/credentials/credentials_metadata.cc +62 -0
  501. data/src/core/lib/security/credentials/fake/fake_credentials.cc +136 -0
  502. data/src/core/lib/security/credentials/fake/fake_credentials.h +64 -0
  503. data/src/core/lib/security/credentials/google_default/credentials_generic.cc +41 -0
  504. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +322 -0
  505. data/src/core/lib/security/credentials/google_default/google_default_credentials.h +45 -0
  506. data/src/core/lib/security/credentials/iam/iam_credentials.cc +86 -0
  507. data/src/core/lib/security/credentials/iam/iam_credentials.h +31 -0
  508. data/src/core/lib/security/credentials/jwt/json_token.cc +314 -0
  509. data/src/core/lib/security/credentials/jwt/json_token.h +75 -0
  510. data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +190 -0
  511. data/src/core/lib/security/credentials/jwt/jwt_credentials.h +49 -0
  512. data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +934 -0
  513. data/src/core/lib/security/credentials/jwt/jwt_verifier.h +123 -0
  514. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +532 -0
  515. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +106 -0
  516. data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +271 -0
  517. data/src/core/lib/security/credentials/plugin/plugin_credentials.h +46 -0
  518. data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +349 -0
  519. data/src/core/lib/security/credentials/ssl/ssl_credentials.h +54 -0
  520. data/src/core/lib/security/security_connector/alts_security_connector.cc +287 -0
  521. data/src/core/lib/security/security_connector/alts_security_connector.h +69 -0
  522. data/src/core/lib/security/security_connector/security_connector.cc +1200 -0
  523. data/src/core/lib/security/security_connector/security_connector.h +283 -0
  524. data/src/core/lib/security/transport/auth_filters.h +37 -0
  525. data/src/core/lib/security/transport/client_auth_filter.cc +418 -0
  526. data/src/core/lib/security/transport/secure_endpoint.cc +429 -0
  527. data/src/core/lib/security/transport/secure_endpoint.h +41 -0
  528. data/src/core/lib/security/transport/security_handshaker.cc +526 -0
  529. data/src/core/lib/security/transport/security_handshaker.h +34 -0
  530. data/src/core/lib/security/transport/server_auth_filter.cc +269 -0
  531. data/src/core/lib/security/transport/target_authority_table.cc +75 -0
  532. data/src/core/lib/security/transport/target_authority_table.h +40 -0
  533. data/src/core/lib/security/transport/tsi_error.cc +29 -0
  534. data/src/core/lib/security/transport/tsi_error.h +29 -0
  535. data/src/core/lib/security/util/json_util.cc +48 -0
  536. data/src/core/lib/security/util/json_util.h +42 -0
  537. data/src/core/lib/slice/b64.cc +240 -0
  538. data/src/core/lib/slice/b64.h +51 -0
  539. data/src/core/lib/slice/percent_encoding.cc +169 -0
  540. data/src/core/lib/slice/percent_encoding.h +65 -0
  541. data/src/core/lib/slice/slice.cc +489 -0
  542. data/src/core/lib/slice/slice_buffer.cc +359 -0
  543. data/src/core/lib/slice/slice_hash_table.h +201 -0
  544. data/src/core/lib/slice/slice_intern.cc +332 -0
  545. data/src/core/lib/slice/slice_internal.h +49 -0
  546. data/src/core/lib/slice/slice_string_helpers.cc +118 -0
  547. data/src/core/lib/slice/slice_string_helpers.h +47 -0
  548. data/src/core/lib/slice/slice_weak_hash_table.h +105 -0
  549. data/src/core/lib/surface/api_trace.cc +24 -0
  550. data/src/core/lib/surface/api_trace.h +52 -0
  551. data/src/core/lib/surface/byte_buffer.cc +92 -0
  552. data/src/core/lib/surface/byte_buffer_reader.cc +129 -0
  553. data/src/core/lib/surface/call.cc +2002 -0
  554. data/src/core/lib/surface/call.h +109 -0
  555. data/src/core/lib/surface/call_details.cc +42 -0
  556. data/src/core/lib/surface/call_log_batch.cc +120 -0
  557. data/src/core/lib/surface/call_test_only.h +43 -0
  558. data/src/core/lib/surface/channel.cc +450 -0
  559. data/src/core/lib/surface/channel.h +83 -0
  560. data/src/core/lib/surface/channel_init.cc +109 -0
  561. data/src/core/lib/surface/channel_init.h +73 -0
  562. data/src/core/lib/surface/channel_ping.cc +65 -0
  563. data/src/core/lib/surface/channel_stack_type.cc +58 -0
  564. data/src/core/lib/surface/channel_stack_type.h +47 -0
  565. data/src/core/lib/surface/completion_queue.cc +1262 -0
  566. data/src/core/lib/surface/completion_queue.h +93 -0
  567. data/src/core/lib/surface/completion_queue_factory.cc +79 -0
  568. data/src/core/lib/surface/completion_queue_factory.h +38 -0
  569. data/src/core/lib/surface/event_string.cc +68 -0
  570. data/src/core/lib/surface/event_string.h +29 -0
  571. data/src/core/lib/surface/init.cc +196 -0
  572. data/src/core/lib/surface/init.h +27 -0
  573. data/src/core/lib/surface/init_secure.cc +81 -0
  574. data/src/core/lib/surface/lame_client.cc +180 -0
  575. data/src/core/lib/surface/lame_client.h +28 -0
  576. data/src/core/lib/surface/metadata_array.cc +36 -0
  577. data/src/core/lib/surface/server.cc +1445 -0
  578. data/src/core/lib/surface/server.h +58 -0
  579. data/src/core/lib/surface/validate_metadata.cc +95 -0
  580. data/src/core/lib/surface/validate_metadata.h +30 -0
  581. data/src/core/lib/surface/version.cc +28 -0
  582. data/src/core/lib/transport/bdp_estimator.cc +87 -0
  583. data/src/core/lib/transport/bdp_estimator.h +94 -0
  584. data/src/core/lib/transport/byte_stream.cc +160 -0
  585. data/src/core/lib/transport/byte_stream.h +164 -0
  586. data/src/core/lib/transport/connectivity_state.cc +196 -0
  587. data/src/core/lib/transport/connectivity_state.h +87 -0
  588. data/src/core/lib/transport/error_utils.cc +118 -0
  589. data/src/core/lib/transport/error_utils.h +46 -0
  590. data/src/core/lib/transport/http2_errors.h +41 -0
  591. data/src/core/lib/transport/metadata.cc +539 -0
  592. data/src/core/lib/transport/metadata.h +165 -0
  593. data/src/core/lib/transport/metadata_batch.cc +329 -0
  594. data/src/core/lib/transport/metadata_batch.h +150 -0
  595. data/src/core/lib/transport/pid_controller.cc +51 -0
  596. data/src/core/lib/transport/pid_controller.h +116 -0
  597. data/src/core/lib/transport/service_config.cc +106 -0
  598. data/src/core/lib/transport/service_config.h +249 -0
  599. data/src/core/lib/transport/static_metadata.cc +601 -0
  600. data/src/core/lib/transport/static_metadata.h +603 -0
  601. data/src/core/lib/transport/status_conversion.cc +100 -0
  602. data/src/core/lib/transport/status_conversion.h +38 -0
  603. data/src/core/lib/transport/status_metadata.cc +54 -0
  604. data/src/core/lib/transport/status_metadata.h +30 -0
  605. data/src/core/lib/transport/timeout_encoding.cc +144 -0
  606. data/src/core/lib/transport/timeout_encoding.h +37 -0
  607. data/src/core/lib/transport/transport.cc +278 -0
  608. data/src/core/lib/transport/transport.h +378 -0
  609. data/src/core/lib/transport/transport_impl.h +71 -0
  610. data/src/core/lib/transport/transport_op_string.cc +214 -0
  611. data/src/core/plugin_registry/grpc_plugin_registry.cc +97 -0
  612. data/src/core/tsi/alts/crypt/aes_gcm.cc +687 -0
  613. data/src/core/tsi/alts/crypt/gsec.cc +189 -0
  614. data/src/core/tsi/alts/crypt/gsec.h +454 -0
  615. data/src/core/tsi/alts/frame_protector/alts_counter.cc +118 -0
  616. data/src/core/tsi/alts/frame_protector/alts_counter.h +98 -0
  617. data/src/core/tsi/alts/frame_protector/alts_crypter.cc +66 -0
  618. data/src/core/tsi/alts/frame_protector/alts_crypter.h +255 -0
  619. data/src/core/tsi/alts/frame_protector/alts_frame_protector.cc +407 -0
  620. data/src/core/tsi/alts/frame_protector/alts_frame_protector.h +55 -0
  621. data/src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc +114 -0
  622. data/src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h +114 -0
  623. data/src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc +105 -0
  624. data/src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc +103 -0
  625. data/src/core/tsi/alts/frame_protector/frame_handler.cc +218 -0
  626. data/src/core/tsi/alts/frame_protector/frame_handler.h +236 -0
  627. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +316 -0
  628. data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +137 -0
  629. data/src/core/tsi/alts/handshaker/alts_handshaker_service_api.cc +520 -0
  630. data/src/core/tsi/alts/handshaker/alts_handshaker_service_api.h +323 -0
  631. data/src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.cc +143 -0
  632. data/src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.h +149 -0
  633. data/src/core/tsi/alts/handshaker/alts_tsi_event.cc +73 -0
  634. data/src/core/tsi/alts/handshaker/alts_tsi_event.h +93 -0
  635. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +483 -0
  636. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +83 -0
  637. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h +52 -0
  638. data/src/core/tsi/alts/handshaker/alts_tsi_utils.cc +58 -0
  639. data/src/core/tsi/alts/handshaker/alts_tsi_utils.h +52 -0
  640. data/src/core/tsi/alts/handshaker/altscontext.pb.c +48 -0
  641. data/src/core/tsi/alts/handshaker/altscontext.pb.h +64 -0
  642. data/src/core/tsi/alts/handshaker/handshaker.pb.c +123 -0
  643. data/src/core/tsi/alts/handshaker/handshaker.pb.h +255 -0
  644. data/src/core/tsi/alts/handshaker/transport_security_common.pb.c +50 -0
  645. data/src/core/tsi/alts/handshaker/transport_security_common.pb.h +78 -0
  646. data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +196 -0
  647. data/src/core/tsi/alts/handshaker/transport_security_common_api.h +163 -0
  648. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc +180 -0
  649. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h +52 -0
  650. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc +144 -0
  651. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h +49 -0
  652. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h +91 -0
  653. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc +174 -0
  654. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h +100 -0
  655. data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc +476 -0
  656. data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h +199 -0
  657. data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +296 -0
  658. data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h +52 -0
  659. data/src/core/tsi/alts_transport_security.cc +63 -0
  660. data/src/core/tsi/alts_transport_security.h +47 -0
  661. data/src/core/tsi/fake_transport_security.cc +787 -0
  662. data/src/core/tsi/fake_transport_security.h +45 -0
  663. data/src/core/tsi/ssl/session_cache/ssl_session.h +73 -0
  664. data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +58 -0
  665. data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +211 -0
  666. data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +93 -0
  667. data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +76 -0
  668. data/src/core/tsi/ssl_transport_security.cc +1831 -0
  669. data/src/core/tsi/ssl_transport_security.h +314 -0
  670. data/src/core/tsi/ssl_types.h +42 -0
  671. data/src/core/tsi/transport_security.cc +326 -0
  672. data/src/core/tsi/transport_security.h +127 -0
  673. data/src/core/tsi/transport_security_adapter.cc +235 -0
  674. data/src/core/tsi/transport_security_adapter.h +41 -0
  675. data/src/core/tsi/transport_security_grpc.cc +66 -0
  676. data/src/core/tsi/transport_security_grpc.h +74 -0
  677. data/src/core/tsi/transport_security_interface.h +454 -0
  678. data/src/ruby/bin/apis/google/protobuf/empty.rb +29 -0
  679. data/src/ruby/bin/apis/pubsub_demo.rb +241 -0
  680. data/src/ruby/bin/apis/tech/pubsub/proto/pubsub.rb +159 -0
  681. data/src/ruby/bin/apis/tech/pubsub/proto/pubsub_services.rb +88 -0
  682. data/src/ruby/bin/math_client.rb +132 -0
  683. data/src/ruby/bin/math_pb.rb +32 -0
  684. data/src/ruby/bin/math_server.rb +191 -0
  685. data/src/ruby/bin/math_services_pb.rb +51 -0
  686. data/src/ruby/bin/noproto_client.rb +93 -0
  687. data/src/ruby/bin/noproto_server.rb +97 -0
  688. data/src/ruby/ext/grpc/extconf.rb +118 -0
  689. data/src/ruby/ext/grpc/rb_byte_buffer.c +64 -0
  690. data/src/ruby/ext/grpc/rb_byte_buffer.h +35 -0
  691. data/src/ruby/ext/grpc/rb_call.c +1041 -0
  692. data/src/ruby/ext/grpc/rb_call.h +53 -0
  693. data/src/ruby/ext/grpc/rb_call_credentials.c +290 -0
  694. data/src/ruby/ext/grpc/rb_call_credentials.h +31 -0
  695. data/src/ruby/ext/grpc/rb_channel.c +828 -0
  696. data/src/ruby/ext/grpc/rb_channel.h +34 -0
  697. data/src/ruby/ext/grpc/rb_channel_args.c +155 -0
  698. data/src/ruby/ext/grpc/rb_channel_args.h +38 -0
  699. data/src/ruby/ext/grpc/rb_channel_credentials.c +263 -0
  700. data/src/ruby/ext/grpc/rb_channel_credentials.h +32 -0
  701. data/src/ruby/ext/grpc/rb_completion_queue.c +100 -0
  702. data/src/ruby/ext/grpc/rb_completion_queue.h +36 -0
  703. data/src/ruby/ext/grpc/rb_compression_options.c +468 -0
  704. data/src/ruby/ext/grpc/rb_compression_options.h +29 -0
  705. data/src/ruby/ext/grpc/rb_event_thread.c +141 -0
  706. data/src/ruby/ext/grpc/rb_event_thread.h +21 -0
  707. data/src/ruby/ext/grpc/rb_grpc.c +340 -0
  708. data/src/ruby/ext/grpc/rb_grpc.h +72 -0
  709. data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +507 -0
  710. data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +766 -0
  711. data/src/ruby/ext/grpc/rb_loader.c +57 -0
  712. data/src/ruby/ext/grpc/rb_loader.h +25 -0
  713. data/src/ruby/ext/grpc/rb_server.c +366 -0
  714. data/src/ruby/ext/grpc/rb_server.h +32 -0
  715. data/src/ruby/ext/grpc/rb_server_credentials.c +243 -0
  716. data/src/ruby/ext/grpc/rb_server_credentials.h +32 -0
  717. data/src/ruby/lib/grpc/core/time_consts.rb +56 -0
  718. data/src/ruby/lib/grpc/errors.rb +201 -0
  719. data/src/ruby/lib/grpc/generic/active_call.rb +674 -0
  720. data/src/ruby/lib/grpc/generic/bidi_call.rb +233 -0
  721. data/src/ruby/lib/grpc/generic/client_stub.rb +501 -0
  722. data/src/ruby/lib/grpc/generic/interceptor_registry.rb +53 -0
  723. data/src/ruby/lib/grpc/generic/interceptors.rb +186 -0
  724. data/src/ruby/lib/grpc/generic/rpc_desc.rb +204 -0
  725. data/src/ruby/lib/grpc/generic/rpc_server.rb +490 -0
  726. data/src/ruby/lib/grpc/generic/service.rb +210 -0
  727. data/src/ruby/lib/grpc/google_rpc_status_utils.rb +35 -0
  728. data/src/ruby/lib/grpc/grpc.rb +24 -0
  729. data/src/ruby/lib/grpc/logconfig.rb +44 -0
  730. data/src/ruby/lib/grpc/notifier.rb +45 -0
  731. data/src/ruby/lib/grpc/version.rb +18 -0
  732. data/src/ruby/lib/grpc.rb +35 -0
  733. data/src/ruby/pb/README.md +42 -0
  734. data/src/ruby/pb/generate_proto_ruby.sh +43 -0
  735. data/src/ruby/pb/grpc/health/checker.rb +76 -0
  736. data/src/ruby/pb/grpc/health/v1/health_pb.rb +28 -0
  737. data/src/ruby/pb/grpc/health/v1/health_services_pb.rb +41 -0
  738. data/src/ruby/pb/grpc/testing/duplicate/echo_duplicate_services_pb.rb +44 -0
  739. data/src/ruby/pb/grpc/testing/metrics_pb.rb +28 -0
  740. data/src/ruby/pb/grpc/testing/metrics_services_pb.rb +49 -0
  741. data/src/ruby/pb/src/proto/grpc/testing/empty_pb.rb +15 -0
  742. data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +82 -0
  743. data/src/ruby/pb/src/proto/grpc/testing/test_pb.rb +14 -0
  744. data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +102 -0
  745. data/src/ruby/pb/test/client.rb +764 -0
  746. data/src/ruby/pb/test/server.rb +252 -0
  747. data/src/ruby/spec/call_credentials_spec.rb +42 -0
  748. data/src/ruby/spec/call_spec.rb +180 -0
  749. data/src/ruby/spec/channel_connection_spec.rb +126 -0
  750. data/src/ruby/spec/channel_credentials_spec.rb +82 -0
  751. data/src/ruby/spec/channel_spec.rb +190 -0
  752. data/src/ruby/spec/client_auth_spec.rb +137 -0
  753. data/src/ruby/spec/client_server_spec.rb +664 -0
  754. data/src/ruby/spec/compression_options_spec.rb +149 -0
  755. data/src/ruby/spec/error_sanity_spec.rb +49 -0
  756. data/src/ruby/spec/generic/active_call_spec.rb +672 -0
  757. data/src/ruby/spec/generic/client_interceptors_spec.rb +153 -0
  758. data/src/ruby/spec/generic/client_stub_spec.rb +1067 -0
  759. data/src/ruby/spec/generic/interceptor_registry_spec.rb +65 -0
  760. data/src/ruby/spec/generic/rpc_desc_spec.rb +374 -0
  761. data/src/ruby/spec/generic/rpc_server_pool_spec.rb +127 -0
  762. data/src/ruby/spec/generic/rpc_server_spec.rb +726 -0
  763. data/src/ruby/spec/generic/server_interceptors_spec.rb +218 -0
  764. data/src/ruby/spec/generic/service_spec.rb +261 -0
  765. data/src/ruby/spec/google_rpc_status_utils_spec.rb +293 -0
  766. data/src/ruby/spec/pb/duplicate/codegen_spec.rb +56 -0
  767. data/src/ruby/spec/pb/health/checker_spec.rb +236 -0
  768. data/src/ruby/spec/pb/package_with_underscore/checker_spec.rb +54 -0
  769. data/src/ruby/spec/pb/package_with_underscore/data.proto +23 -0
  770. data/src/ruby/spec/pb/package_with_underscore/service.proto +23 -0
  771. data/src/ruby/spec/server_credentials_spec.rb +79 -0
  772. data/src/ruby/spec/server_spec.rb +209 -0
  773. data/src/ruby/spec/spec_helper.rb +60 -0
  774. data/src/ruby/spec/support/helpers.rb +107 -0
  775. data/src/ruby/spec/support/services.rb +147 -0
  776. data/src/ruby/spec/testdata/README +1 -0
  777. data/src/ruby/spec/testdata/ca.pem +15 -0
  778. data/src/ruby/spec/testdata/client.key +16 -0
  779. data/src/ruby/spec/testdata/client.pem +14 -0
  780. data/src/ruby/spec/testdata/server1.key +16 -0
  781. data/src/ruby/spec/testdata/server1.pem +16 -0
  782. data/src/ruby/spec/time_consts_spec.rb +74 -0
  783. data/third_party/address_sorting/address_sorting.c +369 -0
  784. data/third_party/address_sorting/address_sorting_internal.h +70 -0
  785. data/third_party/address_sorting/address_sorting_posix.c +97 -0
  786. data/third_party/address_sorting/address_sorting_windows.c +55 -0
  787. data/third_party/address_sorting/include/address_sorting/address_sorting.h +110 -0
  788. data/third_party/boringssl/crypto/asn1/a_bitstr.c +271 -0
  789. data/third_party/boringssl/crypto/asn1/a_bool.c +110 -0
  790. data/third_party/boringssl/crypto/asn1/a_d2i_fp.c +297 -0
  791. data/third_party/boringssl/crypto/asn1/a_dup.c +111 -0
  792. data/third_party/boringssl/crypto/asn1/a_enum.c +195 -0
  793. data/third_party/boringssl/crypto/asn1/a_gentm.c +261 -0
  794. data/third_party/boringssl/crypto/asn1/a_i2d_fp.c +150 -0
  795. data/third_party/boringssl/crypto/asn1/a_int.c +474 -0
  796. data/third_party/boringssl/crypto/asn1/a_mbstr.c +409 -0
  797. data/third_party/boringssl/crypto/asn1/a_object.c +275 -0
  798. data/third_party/boringssl/crypto/asn1/a_octet.c +77 -0
  799. data/third_party/boringssl/crypto/asn1/a_print.c +93 -0
  800. data/third_party/boringssl/crypto/asn1/a_strnid.c +312 -0
  801. data/third_party/boringssl/crypto/asn1/a_time.c +213 -0
  802. data/third_party/boringssl/crypto/asn1/a_type.c +151 -0
  803. data/third_party/boringssl/crypto/asn1/a_utctm.c +303 -0
  804. data/third_party/boringssl/crypto/asn1/a_utf8.c +234 -0
  805. data/third_party/boringssl/crypto/asn1/asn1_lib.c +442 -0
  806. data/third_party/boringssl/crypto/asn1/asn1_locl.h +101 -0
  807. data/third_party/boringssl/crypto/asn1/asn1_par.c +80 -0
  808. data/third_party/boringssl/crypto/asn1/asn_pack.c +105 -0
  809. data/third_party/boringssl/crypto/asn1/f_enum.c +93 -0
  810. data/third_party/boringssl/crypto/asn1/f_int.c +97 -0
  811. data/third_party/boringssl/crypto/asn1/f_string.c +91 -0
  812. data/third_party/boringssl/crypto/asn1/tasn_dec.c +1223 -0
  813. data/third_party/boringssl/crypto/asn1/tasn_enc.c +662 -0
  814. data/third_party/boringssl/crypto/asn1/tasn_fre.c +244 -0
  815. data/third_party/boringssl/crypto/asn1/tasn_new.c +387 -0
  816. data/third_party/boringssl/crypto/asn1/tasn_typ.c +131 -0
  817. data/third_party/boringssl/crypto/asn1/tasn_utl.c +280 -0
  818. data/third_party/boringssl/crypto/asn1/time_support.c +206 -0
  819. data/third_party/boringssl/crypto/base64/base64.c +466 -0
  820. data/third_party/boringssl/crypto/bio/bio.c +636 -0
  821. data/third_party/boringssl/crypto/bio/bio_mem.c +330 -0
  822. data/third_party/boringssl/crypto/bio/connect.c +542 -0
  823. data/third_party/boringssl/crypto/bio/fd.c +275 -0
  824. data/third_party/boringssl/crypto/bio/file.c +313 -0
  825. data/third_party/boringssl/crypto/bio/hexdump.c +192 -0
  826. data/third_party/boringssl/crypto/bio/internal.h +111 -0
  827. data/third_party/boringssl/crypto/bio/pair.c +489 -0
  828. data/third_party/boringssl/crypto/bio/printf.c +115 -0
  829. data/third_party/boringssl/crypto/bio/socket.c +202 -0
  830. data/third_party/boringssl/crypto/bio/socket_helper.c +114 -0
  831. data/third_party/boringssl/crypto/bn_extra/bn_asn1.c +64 -0
  832. data/third_party/boringssl/crypto/bn_extra/convert.c +465 -0
  833. data/third_party/boringssl/crypto/buf/buf.c +231 -0
  834. data/third_party/boringssl/crypto/bytestring/asn1_compat.c +52 -0
  835. data/third_party/boringssl/crypto/bytestring/ber.c +264 -0
  836. data/third_party/boringssl/crypto/bytestring/cbb.c +568 -0
  837. data/third_party/boringssl/crypto/bytestring/cbs.c +487 -0
  838. data/third_party/boringssl/crypto/bytestring/internal.h +75 -0
  839. data/third_party/boringssl/crypto/chacha/chacha.c +167 -0
  840. data/third_party/boringssl/crypto/cipher_extra/cipher_extra.c +114 -0
  841. data/third_party/boringssl/crypto/cipher_extra/derive_key.c +152 -0
  842. data/third_party/boringssl/crypto/cipher_extra/e_aesctrhmac.c +281 -0
  843. data/third_party/boringssl/crypto/cipher_extra/e_aesgcmsiv.c +867 -0
  844. data/third_party/boringssl/crypto/cipher_extra/e_chacha20poly1305.c +326 -0
  845. data/third_party/boringssl/crypto/cipher_extra/e_null.c +85 -0
  846. data/third_party/boringssl/crypto/cipher_extra/e_rc2.c +460 -0
  847. data/third_party/boringssl/crypto/cipher_extra/e_rc4.c +87 -0
  848. data/third_party/boringssl/crypto/cipher_extra/e_ssl3.c +460 -0
  849. data/third_party/boringssl/crypto/cipher_extra/e_tls.c +681 -0
  850. data/third_party/boringssl/crypto/cipher_extra/internal.h +128 -0
  851. data/third_party/boringssl/crypto/cipher_extra/tls_cbc.c +482 -0
  852. data/third_party/boringssl/crypto/cmac/cmac.c +241 -0
  853. data/third_party/boringssl/crypto/conf/conf.c +803 -0
  854. data/third_party/boringssl/crypto/conf/conf_def.h +127 -0
  855. data/third_party/boringssl/crypto/conf/internal.h +31 -0
  856. data/third_party/boringssl/crypto/cpu-aarch64-linux.c +61 -0
  857. data/third_party/boringssl/crypto/cpu-arm-linux.c +363 -0
  858. data/third_party/boringssl/crypto/cpu-arm.c +38 -0
  859. data/third_party/boringssl/crypto/cpu-intel.c +288 -0
  860. data/third_party/boringssl/crypto/cpu-ppc64le.c +38 -0
  861. data/third_party/boringssl/crypto/crypto.c +198 -0
  862. data/third_party/boringssl/crypto/curve25519/spake25519.c +539 -0
  863. data/third_party/boringssl/crypto/curve25519/x25519-x86_64.c +247 -0
  864. data/third_party/boringssl/crypto/dh/check.c +217 -0
  865. data/third_party/boringssl/crypto/dh/dh.c +519 -0
  866. data/third_party/boringssl/crypto/dh/dh_asn1.c +160 -0
  867. data/third_party/boringssl/crypto/dh/params.c +93 -0
  868. data/third_party/boringssl/crypto/digest_extra/digest_extra.c +240 -0
  869. data/third_party/boringssl/crypto/dsa/dsa.c +984 -0
  870. data/third_party/boringssl/crypto/dsa/dsa_asn1.c +339 -0
  871. data/third_party/boringssl/crypto/ec_extra/ec_asn1.c +563 -0
  872. data/third_party/boringssl/crypto/ecdh/ecdh.c +161 -0
  873. data/third_party/boringssl/crypto/ecdsa_extra/ecdsa_asn1.c +275 -0
  874. data/third_party/boringssl/crypto/engine/engine.c +98 -0
  875. data/third_party/boringssl/crypto/err/err.c +847 -0
  876. data/third_party/boringssl/crypto/err/internal.h +58 -0
  877. data/third_party/boringssl/crypto/evp/digestsign.c +231 -0
  878. data/third_party/boringssl/crypto/evp/evp.c +362 -0
  879. data/third_party/boringssl/crypto/evp/evp_asn1.c +337 -0
  880. data/third_party/boringssl/crypto/evp/evp_ctx.c +446 -0
  881. data/third_party/boringssl/crypto/evp/internal.h +252 -0
  882. data/third_party/boringssl/crypto/evp/p_dsa_asn1.c +268 -0
  883. data/third_party/boringssl/crypto/evp/p_ec.c +239 -0
  884. data/third_party/boringssl/crypto/evp/p_ec_asn1.c +256 -0
  885. data/third_party/boringssl/crypto/evp/p_ed25519.c +71 -0
  886. data/third_party/boringssl/crypto/evp/p_ed25519_asn1.c +190 -0
  887. data/third_party/boringssl/crypto/evp/p_rsa.c +634 -0
  888. data/third_party/boringssl/crypto/evp/p_rsa_asn1.c +189 -0
  889. data/third_party/boringssl/crypto/evp/pbkdf.c +146 -0
  890. data/third_party/boringssl/crypto/evp/print.c +489 -0
  891. data/third_party/boringssl/crypto/evp/scrypt.c +209 -0
  892. data/third_party/boringssl/crypto/evp/sign.c +151 -0
  893. data/third_party/boringssl/crypto/ex_data.c +261 -0
  894. data/third_party/boringssl/crypto/fipsmodule/aes/aes.c +1100 -0
  895. data/third_party/boringssl/crypto/fipsmodule/aes/internal.h +100 -0
  896. data/third_party/boringssl/crypto/fipsmodule/aes/key_wrap.c +138 -0
  897. data/third_party/boringssl/crypto/fipsmodule/aes/mode_wrappers.c +112 -0
  898. data/third_party/boringssl/crypto/fipsmodule/bcm.c +679 -0
  899. data/third_party/boringssl/crypto/fipsmodule/bn/add.c +371 -0
  900. data/third_party/boringssl/crypto/fipsmodule/bn/asm/x86_64-gcc.c +540 -0
  901. data/third_party/boringssl/crypto/fipsmodule/bn/bn.c +370 -0
  902. data/third_party/boringssl/crypto/fipsmodule/bn/bytes.c +269 -0
  903. data/third_party/boringssl/crypto/fipsmodule/bn/cmp.c +254 -0
  904. data/third_party/boringssl/crypto/fipsmodule/bn/ctx.c +303 -0
  905. data/third_party/boringssl/crypto/fipsmodule/bn/div.c +733 -0
  906. data/third_party/boringssl/crypto/fipsmodule/bn/exponentiation.c +1390 -0
  907. data/third_party/boringssl/crypto/fipsmodule/bn/gcd.c +627 -0
  908. data/third_party/boringssl/crypto/fipsmodule/bn/generic.c +710 -0
  909. data/third_party/boringssl/crypto/fipsmodule/bn/internal.h +413 -0
  910. data/third_party/boringssl/crypto/fipsmodule/bn/jacobi.c +146 -0
  911. data/third_party/boringssl/crypto/fipsmodule/bn/montgomery.c +483 -0
  912. data/third_party/boringssl/crypto/fipsmodule/bn/montgomery_inv.c +207 -0
  913. data/third_party/boringssl/crypto/fipsmodule/bn/mul.c +902 -0
  914. data/third_party/boringssl/crypto/fipsmodule/bn/prime.c +894 -0
  915. data/third_party/boringssl/crypto/fipsmodule/bn/random.c +299 -0
  916. data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.c +254 -0
  917. data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.h +53 -0
  918. data/third_party/boringssl/crypto/fipsmodule/bn/shift.c +305 -0
  919. data/third_party/boringssl/crypto/fipsmodule/bn/sqrt.c +502 -0
  920. data/third_party/boringssl/crypto/fipsmodule/cipher/aead.c +284 -0
  921. data/third_party/boringssl/crypto/fipsmodule/cipher/cipher.c +615 -0
  922. data/third_party/boringssl/crypto/fipsmodule/cipher/e_aes.c +1437 -0
  923. data/third_party/boringssl/crypto/fipsmodule/cipher/e_des.c +233 -0
  924. data/third_party/boringssl/crypto/fipsmodule/cipher/internal.h +129 -0
  925. data/third_party/boringssl/crypto/fipsmodule/delocate.h +88 -0
  926. data/third_party/boringssl/crypto/fipsmodule/des/des.c +785 -0
  927. data/third_party/boringssl/crypto/fipsmodule/des/internal.h +238 -0
  928. data/third_party/boringssl/crypto/fipsmodule/digest/digest.c +256 -0
  929. data/third_party/boringssl/crypto/fipsmodule/digest/digests.c +280 -0
  930. data/third_party/boringssl/crypto/fipsmodule/digest/internal.h +112 -0
  931. data/third_party/boringssl/crypto/fipsmodule/digest/md32_common.h +268 -0
  932. data/third_party/boringssl/crypto/fipsmodule/ec/ec.c +943 -0
  933. data/third_party/boringssl/crypto/fipsmodule/ec/ec_key.c +517 -0
  934. data/third_party/boringssl/crypto/fipsmodule/ec/ec_montgomery.c +277 -0
  935. data/third_party/boringssl/crypto/fipsmodule/ec/internal.h +316 -0
  936. data/third_party/boringssl/crypto/fipsmodule/ec/oct.c +404 -0
  937. data/third_party/boringssl/crypto/fipsmodule/ec/p224-64.c +1131 -0
  938. data/third_party/boringssl/crypto/fipsmodule/ec/p256-64.c +1674 -0
  939. data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64-table.h +9543 -0
  940. data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.c +456 -0
  941. data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.h +113 -0
  942. data/third_party/boringssl/crypto/fipsmodule/ec/simple.c +1052 -0
  943. data/third_party/boringssl/crypto/fipsmodule/ec/util-64.c +109 -0
  944. data/third_party/boringssl/crypto/fipsmodule/ec/wnaf.c +474 -0
  945. data/third_party/boringssl/crypto/fipsmodule/ecdsa/ecdsa.c +442 -0
  946. data/third_party/boringssl/crypto/fipsmodule/hmac/hmac.c +228 -0
  947. data/third_party/boringssl/crypto/fipsmodule/is_fips.c +27 -0
  948. data/third_party/boringssl/crypto/fipsmodule/md4/md4.c +254 -0
  949. data/third_party/boringssl/crypto/fipsmodule/md5/md5.c +298 -0
  950. data/third_party/boringssl/crypto/fipsmodule/modes/cbc.c +211 -0
  951. data/third_party/boringssl/crypto/fipsmodule/modes/cfb.c +234 -0
  952. data/third_party/boringssl/crypto/fipsmodule/modes/ctr.c +220 -0
  953. data/third_party/boringssl/crypto/fipsmodule/modes/gcm.c +1063 -0
  954. data/third_party/boringssl/crypto/fipsmodule/modes/internal.h +384 -0
  955. data/third_party/boringssl/crypto/fipsmodule/modes/ofb.c +95 -0
  956. data/third_party/boringssl/crypto/fipsmodule/modes/polyval.c +91 -0
  957. data/third_party/boringssl/crypto/fipsmodule/rand/ctrdrbg.c +200 -0
  958. data/third_party/boringssl/crypto/fipsmodule/rand/internal.h +92 -0
  959. data/third_party/boringssl/crypto/fipsmodule/rand/rand.c +358 -0
  960. data/third_party/boringssl/crypto/fipsmodule/rand/urandom.c +302 -0
  961. data/third_party/boringssl/crypto/fipsmodule/rsa/blinding.c +263 -0
  962. data/third_party/boringssl/crypto/fipsmodule/rsa/internal.h +131 -0
  963. data/third_party/boringssl/crypto/fipsmodule/rsa/padding.c +692 -0
  964. data/third_party/boringssl/crypto/fipsmodule/rsa/rsa.c +857 -0
  965. data/third_party/boringssl/crypto/fipsmodule/rsa/rsa_impl.c +1051 -0
  966. data/third_party/boringssl/crypto/fipsmodule/sha/sha1-altivec.c +361 -0
  967. data/third_party/boringssl/crypto/fipsmodule/sha/sha1.c +375 -0
  968. data/third_party/boringssl/crypto/fipsmodule/sha/sha256.c +337 -0
  969. data/third_party/boringssl/crypto/fipsmodule/sha/sha512.c +608 -0
  970. data/third_party/boringssl/crypto/hkdf/hkdf.c +112 -0
  971. data/third_party/boringssl/crypto/internal.h +676 -0
  972. data/third_party/boringssl/crypto/lhash/lhash.c +336 -0
  973. data/third_party/boringssl/crypto/mem.c +237 -0
  974. data/third_party/boringssl/crypto/obj/obj.c +621 -0
  975. data/third_party/boringssl/crypto/obj/obj_dat.h +6244 -0
  976. data/third_party/boringssl/crypto/obj/obj_xref.c +122 -0
  977. data/third_party/boringssl/crypto/pem/pem_all.c +262 -0
  978. data/third_party/boringssl/crypto/pem/pem_info.c +379 -0
  979. data/third_party/boringssl/crypto/pem/pem_lib.c +776 -0
  980. data/third_party/boringssl/crypto/pem/pem_oth.c +88 -0
  981. data/third_party/boringssl/crypto/pem/pem_pk8.c +258 -0
  982. data/third_party/boringssl/crypto/pem/pem_pkey.c +227 -0
  983. data/third_party/boringssl/crypto/pem/pem_x509.c +65 -0
  984. data/third_party/boringssl/crypto/pem/pem_xaux.c +65 -0
  985. data/third_party/boringssl/crypto/pkcs7/internal.h +49 -0
  986. data/third_party/boringssl/crypto/pkcs7/pkcs7.c +166 -0
  987. data/third_party/boringssl/crypto/pkcs7/pkcs7_x509.c +233 -0
  988. data/third_party/boringssl/crypto/pkcs8/internal.h +120 -0
  989. data/third_party/boringssl/crypto/pkcs8/p5_pbev2.c +307 -0
  990. data/third_party/boringssl/crypto/pkcs8/pkcs8.c +513 -0
  991. data/third_party/boringssl/crypto/pkcs8/pkcs8_x509.c +789 -0
  992. data/third_party/boringssl/crypto/poly1305/internal.h +41 -0
  993. data/third_party/boringssl/crypto/poly1305/poly1305.c +318 -0
  994. data/third_party/boringssl/crypto/poly1305/poly1305_arm.c +304 -0
  995. data/third_party/boringssl/crypto/poly1305/poly1305_vec.c +839 -0
  996. data/third_party/boringssl/crypto/pool/internal.h +45 -0
  997. data/third_party/boringssl/crypto/pool/pool.c +200 -0
  998. data/third_party/boringssl/crypto/rand_extra/deterministic.c +48 -0
  999. data/third_party/boringssl/crypto/rand_extra/forkunsafe.c +46 -0
  1000. data/third_party/boringssl/crypto/rand_extra/fuchsia.c +43 -0
  1001. data/third_party/boringssl/crypto/rand_extra/rand_extra.c +70 -0
  1002. data/third_party/boringssl/crypto/rand_extra/windows.c +53 -0
  1003. data/third_party/boringssl/crypto/rc4/rc4.c +98 -0
  1004. data/third_party/boringssl/crypto/refcount_c11.c +67 -0
  1005. data/third_party/boringssl/crypto/refcount_lock.c +53 -0
  1006. data/third_party/boringssl/crypto/rsa_extra/rsa_asn1.c +325 -0
  1007. data/third_party/boringssl/crypto/stack/stack.c +380 -0
  1008. data/third_party/boringssl/crypto/thread.c +110 -0
  1009. data/third_party/boringssl/crypto/thread_none.c +59 -0
  1010. data/third_party/boringssl/crypto/thread_pthread.c +176 -0
  1011. data/third_party/boringssl/crypto/thread_win.c +237 -0
  1012. data/third_party/boringssl/crypto/x509/a_digest.c +96 -0
  1013. data/third_party/boringssl/crypto/x509/a_sign.c +128 -0
  1014. data/third_party/boringssl/crypto/x509/a_strex.c +633 -0
  1015. data/third_party/boringssl/crypto/x509/a_verify.c +115 -0
  1016. data/third_party/boringssl/crypto/x509/algorithm.c +153 -0
  1017. data/third_party/boringssl/crypto/x509/asn1_gen.c +841 -0
  1018. data/third_party/boringssl/crypto/x509/by_dir.c +451 -0
  1019. data/third_party/boringssl/crypto/x509/by_file.c +274 -0
  1020. data/third_party/boringssl/crypto/x509/charmap.h +15 -0
  1021. data/third_party/boringssl/crypto/x509/i2d_pr.c +83 -0
  1022. data/third_party/boringssl/crypto/x509/internal.h +66 -0
  1023. data/third_party/boringssl/crypto/x509/rsa_pss.c +385 -0
  1024. data/third_party/boringssl/crypto/x509/t_crl.c +128 -0
  1025. data/third_party/boringssl/crypto/x509/t_req.c +246 -0
  1026. data/third_party/boringssl/crypto/x509/t_x509.c +547 -0
  1027. data/third_party/boringssl/crypto/x509/t_x509a.c +111 -0
  1028. data/third_party/boringssl/crypto/x509/vpm_int.h +70 -0
  1029. data/third_party/boringssl/crypto/x509/x509.c +157 -0
  1030. data/third_party/boringssl/crypto/x509/x509_att.c +381 -0
  1031. data/third_party/boringssl/crypto/x509/x509_cmp.c +477 -0
  1032. data/third_party/boringssl/crypto/x509/x509_d2.c +106 -0
  1033. data/third_party/boringssl/crypto/x509/x509_def.c +103 -0
  1034. data/third_party/boringssl/crypto/x509/x509_ext.c +206 -0
  1035. data/third_party/boringssl/crypto/x509/x509_lu.c +725 -0
  1036. data/third_party/boringssl/crypto/x509/x509_obj.c +198 -0
  1037. data/third_party/boringssl/crypto/x509/x509_r2x.c +117 -0
  1038. data/third_party/boringssl/crypto/x509/x509_req.c +322 -0
  1039. data/third_party/boringssl/crypto/x509/x509_set.c +164 -0
  1040. data/third_party/boringssl/crypto/x509/x509_trs.c +326 -0
  1041. data/third_party/boringssl/crypto/x509/x509_txt.c +205 -0
  1042. data/third_party/boringssl/crypto/x509/x509_v3.c +278 -0
  1043. data/third_party/boringssl/crypto/x509/x509_vfy.c +2472 -0
  1044. data/third_party/boringssl/crypto/x509/x509_vpm.c +648 -0
  1045. data/third_party/boringssl/crypto/x509/x509cset.c +170 -0
  1046. data/third_party/boringssl/crypto/x509/x509name.c +389 -0
  1047. data/third_party/boringssl/crypto/x509/x509rset.c +81 -0
  1048. data/third_party/boringssl/crypto/x509/x509spki.c +137 -0
  1049. data/third_party/boringssl/crypto/x509/x_algor.c +151 -0
  1050. data/third_party/boringssl/crypto/x509/x_all.c +501 -0
  1051. data/third_party/boringssl/crypto/x509/x_attrib.c +111 -0
  1052. data/third_party/boringssl/crypto/x509/x_crl.c +541 -0
  1053. data/third_party/boringssl/crypto/x509/x_exten.c +75 -0
  1054. data/third_party/boringssl/crypto/x509/x_info.c +98 -0
  1055. data/third_party/boringssl/crypto/x509/x_name.c +541 -0
  1056. data/third_party/boringssl/crypto/x509/x_pkey.c +106 -0
  1057. data/third_party/boringssl/crypto/x509/x_pubkey.c +368 -0
  1058. data/third_party/boringssl/crypto/x509/x_req.c +109 -0
  1059. data/third_party/boringssl/crypto/x509/x_sig.c +69 -0
  1060. data/third_party/boringssl/crypto/x509/x_spki.c +80 -0
  1061. data/third_party/boringssl/crypto/x509/x_val.c +69 -0
  1062. data/third_party/boringssl/crypto/x509/x_x509.c +328 -0
  1063. data/third_party/boringssl/crypto/x509/x_x509a.c +198 -0
  1064. data/third_party/boringssl/crypto/x509v3/ext_dat.h +143 -0
  1065. data/third_party/boringssl/crypto/x509v3/pcy_cache.c +284 -0
  1066. data/third_party/boringssl/crypto/x509v3/pcy_data.c +130 -0
  1067. data/third_party/boringssl/crypto/x509v3/pcy_int.h +217 -0
  1068. data/third_party/boringssl/crypto/x509v3/pcy_lib.c +155 -0
  1069. data/third_party/boringssl/crypto/x509v3/pcy_map.c +130 -0
  1070. data/third_party/boringssl/crypto/x509v3/pcy_node.c +188 -0
  1071. data/third_party/boringssl/crypto/x509v3/pcy_tree.c +840 -0
  1072. data/third_party/boringssl/crypto/x509v3/v3_akey.c +204 -0
  1073. data/third_party/boringssl/crypto/x509v3/v3_akeya.c +72 -0
  1074. data/third_party/boringssl/crypto/x509v3/v3_alt.c +623 -0
  1075. data/third_party/boringssl/crypto/x509v3/v3_bcons.c +133 -0
  1076. data/third_party/boringssl/crypto/x509v3/v3_bitst.c +141 -0
  1077. data/third_party/boringssl/crypto/x509v3/v3_conf.c +462 -0
  1078. data/third_party/boringssl/crypto/x509v3/v3_cpols.c +502 -0
  1079. data/third_party/boringssl/crypto/x509v3/v3_crld.c +561 -0
  1080. data/third_party/boringssl/crypto/x509v3/v3_enum.c +100 -0
  1081. data/third_party/boringssl/crypto/x509v3/v3_extku.c +148 -0
  1082. data/third_party/boringssl/crypto/x509v3/v3_genn.c +251 -0
  1083. data/third_party/boringssl/crypto/x509v3/v3_ia5.c +122 -0
  1084. data/third_party/boringssl/crypto/x509v3/v3_info.c +219 -0
  1085. data/third_party/boringssl/crypto/x509v3/v3_int.c +91 -0
  1086. data/third_party/boringssl/crypto/x509v3/v3_lib.c +370 -0
  1087. data/third_party/boringssl/crypto/x509v3/v3_ncons.c +501 -0
  1088. data/third_party/boringssl/crypto/x509v3/v3_pci.c +287 -0
  1089. data/third_party/boringssl/crypto/x509v3/v3_pcia.c +57 -0
  1090. data/third_party/boringssl/crypto/x509v3/v3_pcons.c +139 -0
  1091. data/third_party/boringssl/crypto/x509v3/v3_pku.c +110 -0
  1092. data/third_party/boringssl/crypto/x509v3/v3_pmaps.c +154 -0
  1093. data/third_party/boringssl/crypto/x509v3/v3_prn.c +229 -0
  1094. data/third_party/boringssl/crypto/x509v3/v3_purp.c +866 -0
  1095. data/third_party/boringssl/crypto/x509v3/v3_skey.c +152 -0
  1096. data/third_party/boringssl/crypto/x509v3/v3_sxnet.c +274 -0
  1097. data/third_party/boringssl/crypto/x509v3/v3_utl.c +1352 -0
  1098. data/third_party/boringssl/include/openssl/aead.h +423 -0
  1099. data/third_party/boringssl/include/openssl/aes.h +170 -0
  1100. data/third_party/boringssl/include/openssl/arm_arch.h +121 -0
  1101. data/third_party/boringssl/include/openssl/asn1.h +982 -0
  1102. data/third_party/boringssl/include/openssl/asn1_mac.h +18 -0
  1103. data/third_party/boringssl/include/openssl/asn1t.h +892 -0
  1104. data/third_party/boringssl/include/openssl/base.h +468 -0
  1105. data/third_party/boringssl/include/openssl/base64.h +187 -0
  1106. data/third_party/boringssl/include/openssl/bio.h +902 -0
  1107. data/third_party/boringssl/include/openssl/blowfish.h +93 -0
  1108. data/third_party/boringssl/include/openssl/bn.h +975 -0
  1109. data/third_party/boringssl/include/openssl/buf.h +137 -0
  1110. data/third_party/boringssl/include/openssl/buffer.h +18 -0
  1111. data/third_party/boringssl/include/openssl/bytestring.h +480 -0
  1112. data/third_party/boringssl/include/openssl/cast.h +96 -0
  1113. data/third_party/boringssl/include/openssl/chacha.h +41 -0
  1114. data/third_party/boringssl/include/openssl/cipher.h +608 -0
  1115. data/third_party/boringssl/include/openssl/cmac.h +87 -0
  1116. data/third_party/boringssl/include/openssl/conf.h +183 -0
  1117. data/third_party/boringssl/include/openssl/cpu.h +196 -0
  1118. data/third_party/boringssl/include/openssl/crypto.h +118 -0
  1119. data/third_party/boringssl/include/openssl/curve25519.h +201 -0
  1120. data/third_party/boringssl/include/openssl/des.h +177 -0
  1121. data/third_party/boringssl/include/openssl/dh.h +298 -0
  1122. data/third_party/boringssl/include/openssl/digest.h +316 -0
  1123. data/third_party/boringssl/include/openssl/dsa.h +435 -0
  1124. data/third_party/boringssl/include/openssl/dtls1.h +16 -0
  1125. data/third_party/boringssl/include/openssl/ec.h +407 -0
  1126. data/third_party/boringssl/include/openssl/ec_key.h +341 -0
  1127. data/third_party/boringssl/include/openssl/ecdh.h +101 -0
  1128. data/third_party/boringssl/include/openssl/ecdsa.h +199 -0
  1129. data/third_party/boringssl/include/openssl/engine.h +109 -0
  1130. data/third_party/boringssl/include/openssl/err.h +458 -0
  1131. data/third_party/boringssl/include/openssl/evp.h +873 -0
  1132. data/third_party/boringssl/include/openssl/ex_data.h +203 -0
  1133. data/third_party/boringssl/include/openssl/hkdf.h +64 -0
  1134. data/third_party/boringssl/include/openssl/hmac.h +186 -0
  1135. data/third_party/boringssl/include/openssl/is_boringssl.h +16 -0
  1136. data/third_party/boringssl/include/openssl/lhash.h +174 -0
  1137. data/third_party/boringssl/include/openssl/lhash_macros.h +174 -0
  1138. data/third_party/boringssl/include/openssl/md4.h +106 -0
  1139. data/third_party/boringssl/include/openssl/md5.h +107 -0
  1140. data/third_party/boringssl/include/openssl/mem.h +156 -0
  1141. data/third_party/boringssl/include/openssl/nid.h +4242 -0
  1142. data/third_party/boringssl/include/openssl/obj.h +233 -0
  1143. data/third_party/boringssl/include/openssl/obj_mac.h +18 -0
  1144. data/third_party/boringssl/include/openssl/objects.h +18 -0
  1145. data/third_party/boringssl/include/openssl/opensslconf.h +67 -0
  1146. data/third_party/boringssl/include/openssl/opensslv.h +18 -0
  1147. data/third_party/boringssl/include/openssl/ossl_typ.h +18 -0
  1148. data/third_party/boringssl/include/openssl/pem.h +397 -0
  1149. data/third_party/boringssl/include/openssl/pkcs12.h +18 -0
  1150. data/third_party/boringssl/include/openssl/pkcs7.h +82 -0
  1151. data/third_party/boringssl/include/openssl/pkcs8.h +230 -0
  1152. data/third_party/boringssl/include/openssl/poly1305.h +51 -0
  1153. data/third_party/boringssl/include/openssl/pool.h +91 -0
  1154. data/third_party/boringssl/include/openssl/rand.h +125 -0
  1155. data/third_party/boringssl/include/openssl/rc4.h +96 -0
  1156. data/third_party/boringssl/include/openssl/ripemd.h +107 -0
  1157. data/third_party/boringssl/include/openssl/rsa.h +731 -0
  1158. data/third_party/boringssl/include/openssl/safestack.h +16 -0
  1159. data/third_party/boringssl/include/openssl/sha.h +256 -0
  1160. data/third_party/boringssl/include/openssl/span.h +191 -0
  1161. data/third_party/boringssl/include/openssl/srtp.h +18 -0
  1162. data/third_party/boringssl/include/openssl/ssl.h +4592 -0
  1163. data/third_party/boringssl/include/openssl/ssl3.h +333 -0
  1164. data/third_party/boringssl/include/openssl/stack.h +485 -0
  1165. data/third_party/boringssl/include/openssl/thread.h +191 -0
  1166. data/third_party/boringssl/include/openssl/tls1.h +610 -0
  1167. data/third_party/boringssl/include/openssl/type_check.h +91 -0
  1168. data/third_party/boringssl/include/openssl/x509.h +1176 -0
  1169. data/third_party/boringssl/include/openssl/x509_vfy.h +614 -0
  1170. data/third_party/boringssl/include/openssl/x509v3.h +826 -0
  1171. data/third_party/boringssl/ssl/bio_ssl.cc +179 -0
  1172. data/third_party/boringssl/ssl/custom_extensions.cc +265 -0
  1173. data/third_party/boringssl/ssl/d1_both.cc +837 -0
  1174. data/third_party/boringssl/ssl/d1_lib.cc +267 -0
  1175. data/third_party/boringssl/ssl/d1_pkt.cc +274 -0
  1176. data/third_party/boringssl/ssl/d1_srtp.cc +232 -0
  1177. data/third_party/boringssl/ssl/dtls_method.cc +193 -0
  1178. data/third_party/boringssl/ssl/dtls_record.cc +353 -0
  1179. data/third_party/boringssl/ssl/handshake.cc +616 -0
  1180. data/third_party/boringssl/ssl/handshake_client.cc +1836 -0
  1181. data/third_party/boringssl/ssl/handshake_server.cc +1662 -0
  1182. data/third_party/boringssl/ssl/internal.h +3011 -0
  1183. data/third_party/boringssl/ssl/s3_both.cc +585 -0
  1184. data/third_party/boringssl/ssl/s3_lib.cc +224 -0
  1185. data/third_party/boringssl/ssl/s3_pkt.cc +443 -0
  1186. data/third_party/boringssl/ssl/ssl_aead_ctx.cc +415 -0
  1187. data/third_party/boringssl/ssl/ssl_asn1.cc +840 -0
  1188. data/third_party/boringssl/ssl/ssl_buffer.cc +286 -0
  1189. data/third_party/boringssl/ssl/ssl_cert.cc +913 -0
  1190. data/third_party/boringssl/ssl/ssl_cipher.cc +1777 -0
  1191. data/third_party/boringssl/ssl/ssl_file.cc +583 -0
  1192. data/third_party/boringssl/ssl/ssl_key_share.cc +250 -0
  1193. data/third_party/boringssl/ssl/ssl_lib.cc +2650 -0
  1194. data/third_party/boringssl/ssl/ssl_privkey.cc +488 -0
  1195. data/third_party/boringssl/ssl/ssl_session.cc +1221 -0
  1196. data/third_party/boringssl/ssl/ssl_stat.cc +224 -0
  1197. data/third_party/boringssl/ssl/ssl_transcript.cc +398 -0
  1198. data/third_party/boringssl/ssl/ssl_versions.cc +472 -0
  1199. data/third_party/boringssl/ssl/ssl_x509.cc +1299 -0
  1200. data/third_party/boringssl/ssl/t1_enc.cc +503 -0
  1201. data/third_party/boringssl/ssl/t1_lib.cc +3457 -0
  1202. data/third_party/boringssl/ssl/tls13_both.cc +551 -0
  1203. data/third_party/boringssl/ssl/tls13_client.cc +977 -0
  1204. data/third_party/boringssl/ssl/tls13_enc.cc +563 -0
  1205. data/third_party/boringssl/ssl/tls13_server.cc +1068 -0
  1206. data/third_party/boringssl/ssl/tls_method.cc +291 -0
  1207. data/third_party/boringssl/ssl/tls_record.cc +712 -0
  1208. data/third_party/boringssl/third_party/fiat/curve25519.c +5062 -0
  1209. data/third_party/boringssl/third_party/fiat/internal.h +142 -0
  1210. data/third_party/cares/ares_build.h +223 -0
  1211. data/third_party/cares/cares/ares.h +658 -0
  1212. data/third_party/cares/cares/ares__close_sockets.c +61 -0
  1213. data/third_party/cares/cares/ares__get_hostent.c +261 -0
  1214. data/third_party/cares/cares/ares__read_line.c +73 -0
  1215. data/third_party/cares/cares/ares__timeval.c +111 -0
  1216. data/third_party/cares/cares/ares_cancel.c +63 -0
  1217. data/third_party/cares/cares/ares_create_query.c +202 -0
  1218. data/third_party/cares/cares/ares_data.c +221 -0
  1219. data/third_party/cares/cares/ares_data.h +72 -0
  1220. data/third_party/cares/cares/ares_destroy.c +108 -0
  1221. data/third_party/cares/cares/ares_dns.h +103 -0
  1222. data/third_party/cares/cares/ares_expand_name.c +209 -0
  1223. data/third_party/cares/cares/ares_expand_string.c +70 -0
  1224. data/third_party/cares/cares/ares_fds.c +59 -0
  1225. data/third_party/cares/cares/ares_free_hostent.c +41 -0
  1226. data/third_party/cares/cares/ares_free_string.c +25 -0
  1227. data/third_party/cares/cares/ares_getenv.c +30 -0
  1228. data/third_party/cares/cares/ares_getenv.h +26 -0
  1229. data/third_party/cares/cares/ares_gethostbyaddr.c +294 -0
  1230. data/third_party/cares/cares/ares_gethostbyname.c +518 -0
  1231. data/third_party/cares/cares/ares_getnameinfo.c +442 -0
  1232. data/third_party/cares/cares/ares_getopt.c +122 -0
  1233. data/third_party/cares/cares/ares_getopt.h +53 -0
  1234. data/third_party/cares/cares/ares_getsock.c +66 -0
  1235. data/third_party/cares/cares/ares_inet_net_pton.h +25 -0
  1236. data/third_party/cares/cares/ares_init.c +2514 -0
  1237. data/third_party/cares/cares/ares_iphlpapi.h +221 -0
  1238. data/third_party/cares/cares/ares_ipv6.h +78 -0
  1239. data/third_party/cares/cares/ares_library_init.c +177 -0
  1240. data/third_party/cares/cares/ares_library_init.h +43 -0
  1241. data/third_party/cares/cares/ares_llist.c +63 -0
  1242. data/third_party/cares/cares/ares_llist.h +39 -0
  1243. data/third_party/cares/cares/ares_mkquery.c +24 -0
  1244. data/third_party/cares/cares/ares_nowarn.c +260 -0
  1245. data/third_party/cares/cares/ares_nowarn.h +61 -0
  1246. data/third_party/cares/cares/ares_options.c +402 -0
  1247. data/third_party/cares/cares/ares_parse_a_reply.c +264 -0
  1248. data/third_party/cares/cares/ares_parse_aaaa_reply.c +264 -0
  1249. data/third_party/cares/cares/ares_parse_mx_reply.c +170 -0
  1250. data/third_party/cares/cares/ares_parse_naptr_reply.c +193 -0
  1251. data/third_party/cares/cares/ares_parse_ns_reply.c +183 -0
  1252. data/third_party/cares/cares/ares_parse_ptr_reply.c +219 -0
  1253. data/third_party/cares/cares/ares_parse_soa_reply.c +133 -0
  1254. data/third_party/cares/cares/ares_parse_srv_reply.c +179 -0
  1255. data/third_party/cares/cares/ares_parse_txt_reply.c +220 -0
  1256. data/third_party/cares/cares/ares_platform.c +11035 -0
  1257. data/third_party/cares/cares/ares_platform.h +43 -0
  1258. data/third_party/cares/cares/ares_private.h +374 -0
  1259. data/third_party/cares/cares/ares_process.c +1448 -0
  1260. data/third_party/cares/cares/ares_query.c +186 -0
  1261. data/third_party/cares/cares/ares_rules.h +125 -0
  1262. data/third_party/cares/cares/ares_search.c +316 -0
  1263. data/third_party/cares/cares/ares_send.c +131 -0
  1264. data/third_party/cares/cares/ares_setup.h +217 -0
  1265. data/third_party/cares/cares/ares_strcasecmp.c +66 -0
  1266. data/third_party/cares/cares/ares_strcasecmp.h +30 -0
  1267. data/third_party/cares/cares/ares_strdup.c +49 -0
  1268. data/third_party/cares/cares/ares_strdup.h +24 -0
  1269. data/third_party/cares/cares/ares_strerror.c +56 -0
  1270. data/third_party/cares/cares/ares_timeout.c +88 -0
  1271. data/third_party/cares/cares/ares_version.c +11 -0
  1272. data/third_party/cares/cares/ares_version.h +24 -0
  1273. data/third_party/cares/cares/ares_writev.c +79 -0
  1274. data/third_party/cares/cares/bitncmp.c +59 -0
  1275. data/third_party/cares/cares/bitncmp.h +26 -0
  1276. data/third_party/cares/cares/config-win32.h +351 -0
  1277. data/third_party/cares/cares/inet_net_pton.c +450 -0
  1278. data/third_party/cares/cares/inet_ntop.c +208 -0
  1279. data/third_party/cares/cares/setup_once.h +554 -0
  1280. data/third_party/cares/cares/windows_port.c +22 -0
  1281. data/third_party/cares/config_darwin/ares_config.h +425 -0
  1282. data/third_party/cares/config_freebsd/ares_config.h +502 -0
  1283. data/third_party/cares/config_linux/ares_config.h +458 -0
  1284. data/third_party/cares/config_openbsd/ares_config.h +502 -0
  1285. data/third_party/nanopb/pb.h +579 -0
  1286. data/third_party/nanopb/pb_common.c +97 -0
  1287. data/third_party/nanopb/pb_common.h +42 -0
  1288. data/third_party/nanopb/pb_decode.c +1347 -0
  1289. data/third_party/nanopb/pb_decode.h +149 -0
  1290. data/third_party/nanopb/pb_encode.c +696 -0
  1291. data/third_party/nanopb/pb_encode.h +154 -0
  1292. data/third_party/zlib/adler32.c +186 -0
  1293. data/third_party/zlib/compress.c +86 -0
  1294. data/third_party/zlib/crc32.c +442 -0
  1295. data/third_party/zlib/crc32.h +441 -0
  1296. data/third_party/zlib/deflate.c +2163 -0
  1297. data/third_party/zlib/deflate.h +349 -0
  1298. data/third_party/zlib/gzclose.c +25 -0
  1299. data/third_party/zlib/gzguts.h +218 -0
  1300. data/third_party/zlib/gzlib.c +637 -0
  1301. data/third_party/zlib/gzread.c +654 -0
  1302. data/third_party/zlib/gzwrite.c +665 -0
  1303. data/third_party/zlib/infback.c +640 -0
  1304. data/third_party/zlib/inffast.c +323 -0
  1305. data/third_party/zlib/inffast.h +11 -0
  1306. data/third_party/zlib/inffixed.h +94 -0
  1307. data/third_party/zlib/inflate.c +1561 -0
  1308. data/third_party/zlib/inflate.h +125 -0
  1309. data/third_party/zlib/inftrees.c +304 -0
  1310. data/third_party/zlib/inftrees.h +62 -0
  1311. data/third_party/zlib/trees.c +1203 -0
  1312. data/third_party/zlib/trees.h +128 -0
  1313. data/third_party/zlib/uncompr.c +93 -0
  1314. data/third_party/zlib/zconf.h +534 -0
  1315. data/third_party/zlib/zlib.h +1912 -0
  1316. data/third_party/zlib/zutil.c +325 -0
  1317. data/third_party/zlib/zutil.h +271 -0
  1318. metadata +1586 -0
@@ -0,0 +1,1662 @@
1
+ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2
+ * All rights reserved.
3
+ *
4
+ * This package is an SSL implementation written
5
+ * by Eric Young (eay@cryptsoft.com).
6
+ * The implementation was written so as to conform with Netscapes SSL.
7
+ *
8
+ * This library is free for commercial and non-commercial use as long as
9
+ * the following conditions are aheared to. The following conditions
10
+ * apply to all code found in this distribution, be it the RC4, RSA,
11
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12
+ * included with this distribution is covered by the same copyright terms
13
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14
+ *
15
+ * Copyright remains Eric Young's, and as such any Copyright notices in
16
+ * the code are not to be removed.
17
+ * If this package is used in a product, Eric Young should be given attribution
18
+ * as the author of the parts of the library used.
19
+ * This can be in the form of a textual message at program startup or
20
+ * in documentation (online or textual) provided with the package.
21
+ *
22
+ * Redistribution and use in source and binary forms, with or without
23
+ * modification, are permitted provided that the following conditions
24
+ * are met:
25
+ * 1. Redistributions of source code must retain the copyright
26
+ * notice, this list of conditions and the following disclaimer.
27
+ * 2. Redistributions in binary form must reproduce the above copyright
28
+ * notice, this list of conditions and the following disclaimer in the
29
+ * documentation and/or other materials provided with the distribution.
30
+ * 3. All advertising materials mentioning features or use of this software
31
+ * must display the following acknowledgement:
32
+ * "This product includes cryptographic software written by
33
+ * Eric Young (eay@cryptsoft.com)"
34
+ * The word 'cryptographic' can be left out if the rouines from the library
35
+ * being used are not cryptographic related :-).
36
+ * 4. If you include any Windows specific code (or a derivative thereof) from
37
+ * the apps directory (application code) you must include an acknowledgement:
38
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39
+ *
40
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50
+ * SUCH DAMAGE.
51
+ *
52
+ * The licence and distribution terms for any publically available version or
53
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
54
+ * copied and put under another distribution licence
55
+ * [including the GNU Public Licence.]
56
+ */
57
+ /* ====================================================================
58
+ * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
59
+ *
60
+ * Redistribution and use in source and binary forms, with or without
61
+ * modification, are permitted provided that the following conditions
62
+ * are met:
63
+ *
64
+ * 1. Redistributions of source code must retain the above copyright
65
+ * notice, this list of conditions and the following disclaimer.
66
+ *
67
+ * 2. Redistributions in binary form must reproduce the above copyright
68
+ * notice, this list of conditions and the following disclaimer in
69
+ * the documentation and/or other materials provided with the
70
+ * distribution.
71
+ *
72
+ * 3. All advertising materials mentioning features or use of this
73
+ * software must display the following acknowledgment:
74
+ * "This product includes software developed by the OpenSSL Project
75
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
76
+ *
77
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
78
+ * endorse or promote products derived from this software without
79
+ * prior written permission. For written permission, please contact
80
+ * openssl-core@openssl.org.
81
+ *
82
+ * 5. Products derived from this software may not be called "OpenSSL"
83
+ * nor may "OpenSSL" appear in their names without prior written
84
+ * permission of the OpenSSL Project.
85
+ *
86
+ * 6. Redistributions of any form whatsoever must retain the following
87
+ * acknowledgment:
88
+ * "This product includes software developed by the OpenSSL Project
89
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
90
+ *
91
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
92
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
93
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
94
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
95
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
96
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
97
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
98
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
99
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
100
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
101
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
102
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
103
+ * ====================================================================
104
+ *
105
+ * This product includes cryptographic software written by Eric Young
106
+ * (eay@cryptsoft.com). This product includes software written by Tim
107
+ * Hudson (tjh@cryptsoft.com).
108
+ *
109
+ */
110
+ /* ====================================================================
111
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
112
+ *
113
+ * Portions of the attached software ("Contribution") are developed by
114
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
115
+ *
116
+ * The Contribution is licensed pursuant to the OpenSSL open source
117
+ * license provided above.
118
+ *
119
+ * ECC cipher suite support in OpenSSL originally written by
120
+ * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
121
+ *
122
+ */
123
+ /* ====================================================================
124
+ * Copyright 2005 Nokia. All rights reserved.
125
+ *
126
+ * The portions of the attached software ("Contribution") is developed by
127
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
128
+ * license.
129
+ *
130
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
131
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
132
+ * support (see RFC 4279) to OpenSSL.
133
+ *
134
+ * No patent licenses or other rights except those expressly stated in
135
+ * the OpenSSL open source license shall be deemed granted or received
136
+ * expressly, by implication, estoppel, or otherwise.
137
+ *
138
+ * No assurances are provided by Nokia that the Contribution does not
139
+ * infringe the patent or other intellectual property rights of any third
140
+ * party or that the license provides you with all the necessary rights
141
+ * to make use of the Contribution.
142
+ *
143
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
144
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
145
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
146
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
147
+ * OTHERWISE. */
148
+
149
+ #include <openssl/ssl.h>
150
+
151
+ #include <assert.h>
152
+ #include <string.h>
153
+
154
+ #include <openssl/bn.h>
155
+ #include <openssl/buf.h>
156
+ #include <openssl/bytestring.h>
157
+ #include <openssl/cipher.h>
158
+ #include <openssl/ec.h>
159
+ #include <openssl/ecdsa.h>
160
+ #include <openssl/err.h>
161
+ #include <openssl/evp.h>
162
+ #include <openssl/hmac.h>
163
+ #include <openssl/md5.h>
164
+ #include <openssl/mem.h>
165
+ #include <openssl/nid.h>
166
+ #include <openssl/rand.h>
167
+ #include <openssl/x509.h>
168
+
169
+ #include "internal.h"
170
+ #include "../crypto/internal.h"
171
+
172
+
173
+ namespace bssl {
174
+
175
+ enum ssl_server_hs_state_t {
176
+ state_start_accept = 0,
177
+ state_read_client_hello,
178
+ state_select_certificate,
179
+ state_tls13,
180
+ state_select_parameters,
181
+ state_send_server_hello,
182
+ state_send_server_certificate,
183
+ state_send_server_key_exchange,
184
+ state_send_server_hello_done,
185
+ state_read_client_certificate,
186
+ state_verify_client_certificate,
187
+ state_read_client_key_exchange,
188
+ state_read_client_certificate_verify,
189
+ state_read_change_cipher_spec,
190
+ state_process_change_cipher_spec,
191
+ state_read_next_proto,
192
+ state_read_channel_id,
193
+ state_read_client_finished,
194
+ state_send_server_finished,
195
+ state_finish_server_handshake,
196
+ state_done,
197
+ };
198
+
199
+ int ssl_client_cipher_list_contains_cipher(const SSL_CLIENT_HELLO *client_hello,
200
+ uint16_t id) {
201
+ CBS cipher_suites;
202
+ CBS_init(&cipher_suites, client_hello->cipher_suites,
203
+ client_hello->cipher_suites_len);
204
+
205
+ while (CBS_len(&cipher_suites) > 0) {
206
+ uint16_t got_id;
207
+ if (!CBS_get_u16(&cipher_suites, &got_id)) {
208
+ return 0;
209
+ }
210
+
211
+ if (got_id == id) {
212
+ return 1;
213
+ }
214
+ }
215
+
216
+ return 0;
217
+ }
218
+
219
+ static int negotiate_version(SSL_HANDSHAKE *hs, uint8_t *out_alert,
220
+ const SSL_CLIENT_HELLO *client_hello) {
221
+ SSL *const ssl = hs->ssl;
222
+ assert(!ssl->s3->have_version);
223
+ CBS supported_versions, versions;
224
+ if (ssl_client_hello_get_extension(client_hello, &supported_versions,
225
+ TLSEXT_TYPE_supported_versions)) {
226
+ if (!CBS_get_u8_length_prefixed(&supported_versions, &versions) ||
227
+ CBS_len(&supported_versions) != 0 ||
228
+ CBS_len(&versions) == 0) {
229
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
230
+ *out_alert = SSL_AD_DECODE_ERROR;
231
+ return 0;
232
+ }
233
+ } else {
234
+ // Convert the ClientHello version to an equivalent supported_versions
235
+ // extension.
236
+ static const uint8_t kTLSVersions[] = {
237
+ 0x03, 0x03, // TLS 1.2
238
+ 0x03, 0x02, // TLS 1.1
239
+ 0x03, 0x01, // TLS 1
240
+ 0x03, 0x00, // SSL 3
241
+ };
242
+
243
+ static const uint8_t kDTLSVersions[] = {
244
+ 0xfe, 0xfd, // DTLS 1.2
245
+ 0xfe, 0xff, // DTLS 1.0
246
+ };
247
+
248
+ size_t versions_len = 0;
249
+ if (SSL_is_dtls(ssl)) {
250
+ if (client_hello->version <= DTLS1_2_VERSION) {
251
+ versions_len = 4;
252
+ } else if (client_hello->version <= DTLS1_VERSION) {
253
+ versions_len = 2;
254
+ }
255
+ CBS_init(&versions, kDTLSVersions + sizeof(kDTLSVersions) - versions_len,
256
+ versions_len);
257
+ } else {
258
+ if (client_hello->version >= TLS1_2_VERSION) {
259
+ versions_len = 8;
260
+ } else if (client_hello->version >= TLS1_1_VERSION) {
261
+ versions_len = 6;
262
+ } else if (client_hello->version >= TLS1_VERSION) {
263
+ versions_len = 4;
264
+ } else if (client_hello->version >= SSL3_VERSION) {
265
+ versions_len = 2;
266
+ }
267
+ CBS_init(&versions, kTLSVersions + sizeof(kTLSVersions) - versions_len,
268
+ versions_len);
269
+ }
270
+ }
271
+
272
+ if (!ssl_negotiate_version(hs, out_alert, &ssl->version, &versions)) {
273
+ return 0;
274
+ }
275
+
276
+ // At this point, the connection's version is known and |ssl->version| is
277
+ // fixed. Begin enforcing the record-layer version.
278
+ ssl->s3->have_version = true;
279
+ ssl->s3->aead_write_ctx->SetVersionIfNullCipher(ssl->version);
280
+
281
+ // Handle FALLBACK_SCSV.
282
+ if (ssl_client_cipher_list_contains_cipher(client_hello,
283
+ SSL3_CK_FALLBACK_SCSV & 0xffff) &&
284
+ ssl_protocol_version(ssl) < hs->max_version) {
285
+ OPENSSL_PUT_ERROR(SSL, SSL_R_INAPPROPRIATE_FALLBACK);
286
+ *out_alert = SSL3_AD_INAPPROPRIATE_FALLBACK;
287
+ return 0;
288
+ }
289
+
290
+ return 1;
291
+ }
292
+
293
+ static UniquePtr<STACK_OF(SSL_CIPHER)> ssl_parse_client_cipher_list(
294
+ const SSL_CLIENT_HELLO *client_hello) {
295
+ CBS cipher_suites;
296
+ CBS_init(&cipher_suites, client_hello->cipher_suites,
297
+ client_hello->cipher_suites_len);
298
+
299
+ UniquePtr<STACK_OF(SSL_CIPHER)> sk(sk_SSL_CIPHER_new_null());
300
+ if (!sk) {
301
+ OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
302
+ return nullptr;
303
+ }
304
+
305
+ while (CBS_len(&cipher_suites) > 0) {
306
+ uint16_t cipher_suite;
307
+
308
+ if (!CBS_get_u16(&cipher_suites, &cipher_suite)) {
309
+ OPENSSL_PUT_ERROR(SSL, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
310
+ return nullptr;
311
+ }
312
+
313
+ const SSL_CIPHER *c = SSL_get_cipher_by_value(cipher_suite);
314
+ if (c != NULL && !sk_SSL_CIPHER_push(sk.get(), c)) {
315
+ OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
316
+ return nullptr;
317
+ }
318
+ }
319
+
320
+ return sk;
321
+ }
322
+
323
+ // ssl_get_compatible_server_ciphers determines the key exchange and
324
+ // authentication cipher suite masks compatible with the server configuration
325
+ // and current ClientHello parameters of |hs|. It sets |*out_mask_k| to the key
326
+ // exchange mask and |*out_mask_a| to the authentication mask.
327
+ static void ssl_get_compatible_server_ciphers(SSL_HANDSHAKE *hs,
328
+ uint32_t *out_mask_k,
329
+ uint32_t *out_mask_a) {
330
+ SSL *const ssl = hs->ssl;
331
+ uint32_t mask_k = 0;
332
+ uint32_t mask_a = 0;
333
+
334
+ if (ssl_has_certificate(ssl)) {
335
+ mask_a |= ssl_cipher_auth_mask_for_key(hs->local_pubkey.get());
336
+ if (EVP_PKEY_id(hs->local_pubkey.get()) == EVP_PKEY_RSA) {
337
+ mask_k |= SSL_kRSA;
338
+ }
339
+ }
340
+
341
+ // Check for a shared group to consider ECDHE ciphers.
342
+ uint16_t unused;
343
+ if (tls1_get_shared_group(hs, &unused)) {
344
+ mask_k |= SSL_kECDHE;
345
+ }
346
+
347
+ // PSK requires a server callback.
348
+ if (ssl->psk_server_callback != NULL) {
349
+ mask_k |= SSL_kPSK;
350
+ mask_a |= SSL_aPSK;
351
+ }
352
+
353
+ *out_mask_k = mask_k;
354
+ *out_mask_a = mask_a;
355
+ }
356
+
357
+ static const SSL_CIPHER *ssl3_choose_cipher(
358
+ SSL_HANDSHAKE *hs, const SSL_CLIENT_HELLO *client_hello,
359
+ const struct ssl_cipher_preference_list_st *server_pref) {
360
+ SSL *const ssl = hs->ssl;
361
+ STACK_OF(SSL_CIPHER) *prio, *allow;
362
+ // in_group_flags will either be NULL, or will point to an array of bytes
363
+ // which indicate equal-preference groups in the |prio| stack. See the
364
+ // comment about |in_group_flags| in the |ssl_cipher_preference_list_st|
365
+ // struct.
366
+ const uint8_t *in_group_flags;
367
+ // group_min contains the minimal index so far found in a group, or -1 if no
368
+ // such value exists yet.
369
+ int group_min = -1;
370
+
371
+ UniquePtr<STACK_OF(SSL_CIPHER)> client_pref =
372
+ ssl_parse_client_cipher_list(client_hello);
373
+ if (!client_pref) {
374
+ return nullptr;
375
+ }
376
+
377
+ if (ssl->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
378
+ prio = server_pref->ciphers;
379
+ in_group_flags = server_pref->in_group_flags;
380
+ allow = client_pref.get();
381
+ } else {
382
+ prio = client_pref.get();
383
+ in_group_flags = NULL;
384
+ allow = server_pref->ciphers;
385
+ }
386
+
387
+ uint32_t mask_k, mask_a;
388
+ ssl_get_compatible_server_ciphers(hs, &mask_k, &mask_a);
389
+
390
+ for (size_t i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
391
+ const SSL_CIPHER *c = sk_SSL_CIPHER_value(prio, i);
392
+
393
+ size_t cipher_index;
394
+ if (// Check if the cipher is supported for the current version.
395
+ SSL_CIPHER_get_min_version(c) <= ssl_protocol_version(ssl) &&
396
+ ssl_protocol_version(ssl) <= SSL_CIPHER_get_max_version(c) &&
397
+ // Check the cipher is supported for the server configuration.
398
+ (c->algorithm_mkey & mask_k) &&
399
+ (c->algorithm_auth & mask_a) &&
400
+ // Check the cipher is in the |allow| list.
401
+ sk_SSL_CIPHER_find(allow, &cipher_index, c)) {
402
+ if (in_group_flags != NULL && in_group_flags[i] == 1) {
403
+ // This element of |prio| is in a group. Update the minimum index found
404
+ // so far and continue looking.
405
+ if (group_min == -1 || (size_t)group_min > cipher_index) {
406
+ group_min = cipher_index;
407
+ }
408
+ } else {
409
+ if (group_min != -1 && (size_t)group_min < cipher_index) {
410
+ cipher_index = group_min;
411
+ }
412
+ return sk_SSL_CIPHER_value(allow, cipher_index);
413
+ }
414
+ }
415
+
416
+ if (in_group_flags != NULL && in_group_flags[i] == 0 && group_min != -1) {
417
+ // We are about to leave a group, but we found a match in it, so that's
418
+ // our answer.
419
+ return sk_SSL_CIPHER_value(allow, group_min);
420
+ }
421
+ }
422
+
423
+ return nullptr;
424
+ }
425
+
426
+ static enum ssl_hs_wait_t do_start_accept(SSL_HANDSHAKE *hs) {
427
+ ssl_do_info_callback(hs->ssl, SSL_CB_HANDSHAKE_START, 1);
428
+ hs->state = state_read_client_hello;
429
+ return ssl_hs_ok;
430
+ }
431
+
432
+ static enum ssl_hs_wait_t do_read_client_hello(SSL_HANDSHAKE *hs) {
433
+ SSL *const ssl = hs->ssl;
434
+
435
+ SSLMessage msg;
436
+ if (!ssl->method->get_message(ssl, &msg)) {
437
+ return ssl_hs_read_message;
438
+ }
439
+
440
+ if (!ssl_check_message_type(ssl, msg, SSL3_MT_CLIENT_HELLO)) {
441
+ return ssl_hs_error;
442
+ }
443
+
444
+ SSL_CLIENT_HELLO client_hello;
445
+ if (!ssl_client_hello_init(ssl, &client_hello, msg)) {
446
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
447
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
448
+ return ssl_hs_error;
449
+ }
450
+
451
+ // Run the early callback.
452
+ if (ssl->ctx->select_certificate_cb != NULL) {
453
+ switch (ssl->ctx->select_certificate_cb(&client_hello)) {
454
+ case ssl_select_cert_retry:
455
+ return ssl_hs_certificate_selection_pending;
456
+
457
+ case ssl_select_cert_error:
458
+ // Connection rejected.
459
+ OPENSSL_PUT_ERROR(SSL, SSL_R_CONNECTION_REJECTED);
460
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
461
+ return ssl_hs_error;
462
+
463
+ default:
464
+ /* fallthrough */;
465
+ }
466
+ }
467
+
468
+ // Freeze the version range after the early callback.
469
+ if (!ssl_get_version_range(ssl, &hs->min_version, &hs->max_version)) {
470
+ return ssl_hs_error;
471
+ }
472
+
473
+ uint8_t alert = SSL_AD_DECODE_ERROR;
474
+ if (!negotiate_version(hs, &alert, &client_hello)) {
475
+ ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
476
+ return ssl_hs_error;
477
+ }
478
+
479
+ hs->client_version = client_hello.version;
480
+ if (client_hello.random_len != SSL3_RANDOM_SIZE) {
481
+ OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
482
+ return ssl_hs_error;
483
+ }
484
+ OPENSSL_memcpy(ssl->s3->client_random, client_hello.random,
485
+ client_hello.random_len);
486
+
487
+ // Only null compression is supported. TLS 1.3 further requires the peer
488
+ // advertise no other compression.
489
+ if (OPENSSL_memchr(client_hello.compression_methods, 0,
490
+ client_hello.compression_methods_len) == NULL ||
491
+ (ssl_protocol_version(ssl) >= TLS1_3_VERSION &&
492
+ client_hello.compression_methods_len != 1)) {
493
+ OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_COMPRESSION_LIST);
494
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
495
+ return ssl_hs_error;
496
+ }
497
+
498
+ // TLS extensions.
499
+ if (!ssl_parse_clienthello_tlsext(hs, &client_hello)) {
500
+ OPENSSL_PUT_ERROR(SSL, SSL_R_PARSE_TLSEXT);
501
+ return ssl_hs_error;
502
+ }
503
+
504
+ hs->state = state_select_certificate;
505
+ return ssl_hs_ok;
506
+ }
507
+
508
+ static enum ssl_hs_wait_t do_select_certificate(SSL_HANDSHAKE *hs) {
509
+ SSL *const ssl = hs->ssl;
510
+
511
+ SSLMessage msg;
512
+ if (!ssl->method->get_message(ssl, &msg)) {
513
+ return ssl_hs_read_message;
514
+ }
515
+
516
+ // Call |cert_cb| to update server certificates if required.
517
+ if (ssl->cert->cert_cb != NULL) {
518
+ int rv = ssl->cert->cert_cb(ssl, ssl->cert->cert_cb_arg);
519
+ if (rv == 0) {
520
+ OPENSSL_PUT_ERROR(SSL, SSL_R_CERT_CB_ERROR);
521
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
522
+ return ssl_hs_error;
523
+ }
524
+ if (rv < 0) {
525
+ return ssl_hs_x509_lookup;
526
+ }
527
+ }
528
+
529
+ if (!ssl_on_certificate_selected(hs)) {
530
+ return ssl_hs_error;
531
+ }
532
+
533
+ if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
534
+ // Jump to the TLS 1.3 state machine.
535
+ hs->state = state_tls13;
536
+ return ssl_hs_ok;
537
+ }
538
+
539
+ SSL_CLIENT_HELLO client_hello;
540
+ if (!ssl_client_hello_init(ssl, &client_hello, msg)) {
541
+ return ssl_hs_error;
542
+ }
543
+
544
+ // Negotiate the cipher suite. This must be done after |cert_cb| so the
545
+ // certificate is finalized.
546
+ hs->new_cipher =
547
+ ssl3_choose_cipher(hs, &client_hello, ssl_get_cipher_preferences(ssl));
548
+ if (hs->new_cipher == NULL) {
549
+ OPENSSL_PUT_ERROR(SSL, SSL_R_NO_SHARED_CIPHER);
550
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
551
+ return ssl_hs_error;
552
+ }
553
+
554
+ hs->state = state_select_parameters;
555
+ return ssl_hs_ok;
556
+ }
557
+
558
+ static enum ssl_hs_wait_t do_tls13(SSL_HANDSHAKE *hs) {
559
+ enum ssl_hs_wait_t wait = tls13_server_handshake(hs);
560
+ if (wait == ssl_hs_ok) {
561
+ hs->state = state_finish_server_handshake;
562
+ return ssl_hs_ok;
563
+ }
564
+
565
+ return wait;
566
+ }
567
+
568
+ static enum ssl_hs_wait_t do_select_parameters(SSL_HANDSHAKE *hs) {
569
+ SSL *const ssl = hs->ssl;
570
+
571
+ SSLMessage msg;
572
+ if (!ssl->method->get_message(ssl, &msg)) {
573
+ return ssl_hs_read_message;
574
+ }
575
+
576
+ SSL_CLIENT_HELLO client_hello;
577
+ if (!ssl_client_hello_init(ssl, &client_hello, msg)) {
578
+ return ssl_hs_error;
579
+ }
580
+
581
+ // Determine whether we are doing session resumption.
582
+ UniquePtr<SSL_SESSION> session;
583
+ bool tickets_supported = false, renew_ticket = false;
584
+ enum ssl_hs_wait_t wait = ssl_get_prev_session(
585
+ ssl, &session, &tickets_supported, &renew_ticket, &client_hello);
586
+ if (wait != ssl_hs_ok) {
587
+ return wait;
588
+ }
589
+
590
+ if (session) {
591
+ if (session->extended_master_secret && !hs->extended_master_secret) {
592
+ // A ClientHello without EMS that attempts to resume a session with EMS
593
+ // is fatal to the connection.
594
+ OPENSSL_PUT_ERROR(SSL, SSL_R_RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION);
595
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
596
+ return ssl_hs_error;
597
+ }
598
+
599
+ if (!ssl_session_is_resumable(hs, session.get()) ||
600
+ // If the client offers the EMS extension, but the previous session
601
+ // didn't use it, then negotiate a new session.
602
+ hs->extended_master_secret != session->extended_master_secret) {
603
+ session.reset();
604
+ }
605
+ }
606
+
607
+ if (session) {
608
+ // Use the old session.
609
+ hs->ticket_expected = renew_ticket;
610
+ ssl->session = session.release();
611
+ ssl->s3->session_reused = true;
612
+ } else {
613
+ hs->ticket_expected = tickets_supported;
614
+ ssl_set_session(ssl, NULL);
615
+ if (!ssl_get_new_session(hs, 1 /* server */)) {
616
+ return ssl_hs_error;
617
+ }
618
+
619
+ // Clear the session ID if we want the session to be single-use.
620
+ if (!(ssl->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)) {
621
+ hs->new_session->session_id_length = 0;
622
+ }
623
+ }
624
+
625
+ if (ssl->ctx->dos_protection_cb != NULL &&
626
+ ssl->ctx->dos_protection_cb(&client_hello) == 0) {
627
+ // Connection rejected for DOS reasons.
628
+ OPENSSL_PUT_ERROR(SSL, SSL_R_CONNECTION_REJECTED);
629
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
630
+ return ssl_hs_error;
631
+ }
632
+
633
+ if (ssl->session == NULL) {
634
+ hs->new_session->cipher = hs->new_cipher;
635
+
636
+ // Determine whether to request a client certificate.
637
+ hs->cert_request = !!(ssl->verify_mode & SSL_VERIFY_PEER);
638
+ // Only request a certificate if Channel ID isn't negotiated.
639
+ if ((ssl->verify_mode & SSL_VERIFY_PEER_IF_NO_OBC) &&
640
+ ssl->s3->tlsext_channel_id_valid) {
641
+ hs->cert_request = false;
642
+ }
643
+ // CertificateRequest may only be sent in certificate-based ciphers.
644
+ if (!ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
645
+ hs->cert_request = false;
646
+ }
647
+
648
+ if (!hs->cert_request) {
649
+ // OpenSSL returns X509_V_OK when no certificates are requested. This is
650
+ // classed by them as a bug, but it's assumed by at least NGINX.
651
+ hs->new_session->verify_result = X509_V_OK;
652
+ }
653
+ }
654
+
655
+ // HTTP/2 negotiation depends on the cipher suite, so ALPN negotiation was
656
+ // deferred. Complete it now.
657
+ uint8_t alert = SSL_AD_DECODE_ERROR;
658
+ if (!ssl_negotiate_alpn(hs, &alert, &client_hello)) {
659
+ ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
660
+ return ssl_hs_error;
661
+ }
662
+
663
+ // Now that all parameters are known, initialize the handshake hash and hash
664
+ // the ClientHello.
665
+ if (!hs->transcript.InitHash(ssl_protocol_version(ssl), hs->new_cipher) ||
666
+ !ssl_hash_message(hs, msg)) {
667
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
668
+ return ssl_hs_error;
669
+ }
670
+
671
+ // Release the handshake buffer if client authentication isn't required.
672
+ if (!hs->cert_request) {
673
+ hs->transcript.FreeBuffer();
674
+ }
675
+
676
+ ssl->method->next_message(ssl);
677
+
678
+ hs->state = state_send_server_hello;
679
+ return ssl_hs_ok;
680
+ }
681
+
682
+ static enum ssl_hs_wait_t do_send_server_hello(SSL_HANDSHAKE *hs) {
683
+ SSL *const ssl = hs->ssl;
684
+
685
+ // We only accept ChannelIDs on connections with ECDHE in order to avoid a
686
+ // known attack while we fix ChannelID itself.
687
+ if (ssl->s3->tlsext_channel_id_valid &&
688
+ (hs->new_cipher->algorithm_mkey & SSL_kECDHE) == 0) {
689
+ ssl->s3->tlsext_channel_id_valid = false;
690
+ }
691
+
692
+ // If this is a resumption and the original handshake didn't support
693
+ // ChannelID then we didn't record the original handshake hashes in the
694
+ // session and so cannot resume with ChannelIDs.
695
+ if (ssl->session != NULL &&
696
+ ssl->session->original_handshake_hash_len == 0) {
697
+ ssl->s3->tlsext_channel_id_valid = false;
698
+ }
699
+
700
+ struct OPENSSL_timeval now;
701
+ ssl_get_current_time(ssl, &now);
702
+ ssl->s3->server_random[0] = now.tv_sec >> 24;
703
+ ssl->s3->server_random[1] = now.tv_sec >> 16;
704
+ ssl->s3->server_random[2] = now.tv_sec >> 8;
705
+ ssl->s3->server_random[3] = now.tv_sec;
706
+ if (!RAND_bytes(ssl->s3->server_random + 4, SSL3_RANDOM_SIZE - 4)) {
707
+ return ssl_hs_error;
708
+ }
709
+
710
+ // TODO(davidben): Implement the TLS 1.1 and 1.2 downgrade sentinels once TLS
711
+ // 1.3 is finalized and we are not implementing a draft version.
712
+
713
+ const SSL_SESSION *session = hs->new_session.get();
714
+ if (ssl->session != NULL) {
715
+ session = ssl->session;
716
+ }
717
+
718
+ ScopedCBB cbb;
719
+ CBB body, session_id;
720
+ if (!ssl->method->init_message(ssl, cbb.get(), &body, SSL3_MT_SERVER_HELLO) ||
721
+ !CBB_add_u16(&body, ssl->version) ||
722
+ !CBB_add_bytes(&body, ssl->s3->server_random, SSL3_RANDOM_SIZE) ||
723
+ !CBB_add_u8_length_prefixed(&body, &session_id) ||
724
+ !CBB_add_bytes(&session_id, session->session_id,
725
+ session->session_id_length) ||
726
+ !CBB_add_u16(&body, ssl_cipher_get_value(hs->new_cipher)) ||
727
+ !CBB_add_u8(&body, 0 /* no compression */) ||
728
+ !ssl_add_serverhello_tlsext(hs, &body) ||
729
+ !ssl_add_message_cbb(ssl, cbb.get())) {
730
+ OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
731
+ return ssl_hs_error;
732
+ }
733
+
734
+ if (ssl->session != NULL) {
735
+ hs->state = state_send_server_finished;
736
+ } else {
737
+ hs->state = state_send_server_certificate;
738
+ }
739
+ return ssl_hs_ok;
740
+ }
741
+
742
+ static enum ssl_hs_wait_t do_send_server_certificate(SSL_HANDSHAKE *hs) {
743
+ SSL *const ssl = hs->ssl;
744
+ ScopedCBB cbb;
745
+
746
+ if (ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
747
+ if (!ssl_has_certificate(ssl)) {
748
+ OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CERTIFICATE_SET);
749
+ return ssl_hs_error;
750
+ }
751
+
752
+ if (!ssl_output_cert_chain(ssl)) {
753
+ return ssl_hs_error;
754
+ }
755
+
756
+ if (hs->certificate_status_expected) {
757
+ CBB body, ocsp_response;
758
+ if (!ssl->method->init_message(ssl, cbb.get(), &body,
759
+ SSL3_MT_CERTIFICATE_STATUS) ||
760
+ !CBB_add_u8(&body, TLSEXT_STATUSTYPE_ocsp) ||
761
+ !CBB_add_u24_length_prefixed(&body, &ocsp_response) ||
762
+ !CBB_add_bytes(&ocsp_response,
763
+ CRYPTO_BUFFER_data(ssl->cert->ocsp_response),
764
+ CRYPTO_BUFFER_len(ssl->cert->ocsp_response)) ||
765
+ !ssl_add_message_cbb(ssl, cbb.get())) {
766
+ OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
767
+ return ssl_hs_error;
768
+ }
769
+ }
770
+ }
771
+
772
+ // Assemble ServerKeyExchange parameters if needed.
773
+ uint32_t alg_k = hs->new_cipher->algorithm_mkey;
774
+ uint32_t alg_a = hs->new_cipher->algorithm_auth;
775
+ if (ssl_cipher_requires_server_key_exchange(hs->new_cipher) ||
776
+ ((alg_a & SSL_aPSK) && ssl->psk_identity_hint)) {
777
+
778
+ // Pre-allocate enough room to comfortably fit an ECDHE public key. Prepend
779
+ // the client and server randoms for the signing transcript.
780
+ CBB child;
781
+ if (!CBB_init(cbb.get(), SSL3_RANDOM_SIZE * 2 + 128) ||
782
+ !CBB_add_bytes(cbb.get(), ssl->s3->client_random, SSL3_RANDOM_SIZE) ||
783
+ !CBB_add_bytes(cbb.get(), ssl->s3->server_random, SSL3_RANDOM_SIZE)) {
784
+ return ssl_hs_error;
785
+ }
786
+
787
+ // PSK ciphers begin with an identity hint.
788
+ if (alg_a & SSL_aPSK) {
789
+ size_t len =
790
+ (ssl->psk_identity_hint == NULL) ? 0 : strlen(ssl->psk_identity_hint);
791
+ if (!CBB_add_u16_length_prefixed(cbb.get(), &child) ||
792
+ !CBB_add_bytes(&child, (const uint8_t *)ssl->psk_identity_hint,
793
+ len)) {
794
+ return ssl_hs_error;
795
+ }
796
+ }
797
+
798
+ if (alg_k & SSL_kECDHE) {
799
+ // Determine the group to use.
800
+ uint16_t group_id;
801
+ if (!tls1_get_shared_group(hs, &group_id)) {
802
+ OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
803
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
804
+ return ssl_hs_error;
805
+ }
806
+ hs->new_session->group_id = group_id;
807
+
808
+ // Set up ECDH, generate a key, and emit the public half.
809
+ hs->key_share = SSLKeyShare::Create(group_id);
810
+ if (!hs->key_share ||
811
+ !CBB_add_u8(cbb.get(), NAMED_CURVE_TYPE) ||
812
+ !CBB_add_u16(cbb.get(), group_id) ||
813
+ !CBB_add_u8_length_prefixed(cbb.get(), &child) ||
814
+ !hs->key_share->Offer(&child)) {
815
+ return ssl_hs_error;
816
+ }
817
+ } else {
818
+ assert(alg_k & SSL_kPSK);
819
+ }
820
+
821
+ if (!CBBFinishArray(cbb.get(), &hs->server_params)) {
822
+ return ssl_hs_error;
823
+ }
824
+ }
825
+
826
+ hs->state = state_send_server_key_exchange;
827
+ return ssl_hs_ok;
828
+ }
829
+
830
+ static enum ssl_hs_wait_t do_send_server_key_exchange(SSL_HANDSHAKE *hs) {
831
+ SSL *const ssl = hs->ssl;
832
+
833
+ if (hs->server_params.size() == 0) {
834
+ hs->state = state_send_server_hello_done;
835
+ return ssl_hs_ok;
836
+ }
837
+
838
+ ScopedCBB cbb;
839
+ CBB body, child;
840
+ if (!ssl->method->init_message(ssl, cbb.get(), &body,
841
+ SSL3_MT_SERVER_KEY_EXCHANGE) ||
842
+ // |hs->server_params| contains a prefix for signing.
843
+ hs->server_params.size() < 2 * SSL3_RANDOM_SIZE ||
844
+ !CBB_add_bytes(&body, hs->server_params.data() + 2 * SSL3_RANDOM_SIZE,
845
+ hs->server_params.size() - 2 * SSL3_RANDOM_SIZE)) {
846
+ return ssl_hs_error;
847
+ }
848
+
849
+ // Add a signature.
850
+ if (ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
851
+ if (!ssl_has_private_key(ssl)) {
852
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
853
+ return ssl_hs_error;
854
+ }
855
+
856
+ // Determine the signature algorithm.
857
+ uint16_t signature_algorithm;
858
+ if (!tls1_choose_signature_algorithm(hs, &signature_algorithm)) {
859
+ return ssl_hs_error;
860
+ }
861
+ if (ssl_protocol_version(ssl) >= TLS1_2_VERSION) {
862
+ if (!CBB_add_u16(&body, signature_algorithm)) {
863
+ OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
864
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
865
+ return ssl_hs_error;
866
+ }
867
+ }
868
+
869
+ // Add space for the signature.
870
+ const size_t max_sig_len = EVP_PKEY_size(hs->local_pubkey.get());
871
+ uint8_t *ptr;
872
+ if (!CBB_add_u16_length_prefixed(&body, &child) ||
873
+ !CBB_reserve(&child, &ptr, max_sig_len)) {
874
+ return ssl_hs_error;
875
+ }
876
+
877
+ size_t sig_len;
878
+ switch (ssl_private_key_sign(hs, ptr, &sig_len, max_sig_len,
879
+ signature_algorithm, hs->server_params)) {
880
+ case ssl_private_key_success:
881
+ if (!CBB_did_write(&child, sig_len)) {
882
+ return ssl_hs_error;
883
+ }
884
+ break;
885
+ case ssl_private_key_failure:
886
+ return ssl_hs_error;
887
+ case ssl_private_key_retry:
888
+ return ssl_hs_private_key_operation;
889
+ }
890
+ }
891
+
892
+ if (!ssl_add_message_cbb(ssl, cbb.get())) {
893
+ return ssl_hs_error;
894
+ }
895
+
896
+ hs->server_params.Reset();
897
+
898
+ hs->state = state_send_server_hello_done;
899
+ return ssl_hs_ok;
900
+ }
901
+
902
+ static enum ssl_hs_wait_t do_send_server_hello_done(SSL_HANDSHAKE *hs) {
903
+ SSL *const ssl = hs->ssl;
904
+
905
+ ScopedCBB cbb;
906
+ CBB body;
907
+
908
+ if (hs->cert_request) {
909
+ CBB cert_types, sigalgs_cbb;
910
+ if (!ssl->method->init_message(ssl, cbb.get(), &body,
911
+ SSL3_MT_CERTIFICATE_REQUEST) ||
912
+ !CBB_add_u8_length_prefixed(&body, &cert_types) ||
913
+ !CBB_add_u8(&cert_types, SSL3_CT_RSA_SIGN) ||
914
+ (ssl_protocol_version(ssl) >= TLS1_VERSION &&
915
+ !CBB_add_u8(&cert_types, TLS_CT_ECDSA_SIGN)) ||
916
+ (ssl_protocol_version(ssl) >= TLS1_2_VERSION &&
917
+ (!CBB_add_u16_length_prefixed(&body, &sigalgs_cbb) ||
918
+ !tls12_add_verify_sigalgs(ssl, &sigalgs_cbb))) ||
919
+ !ssl_add_client_CA_list(ssl, &body) ||
920
+ !ssl_add_message_cbb(ssl, cbb.get())) {
921
+ OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
922
+ return ssl_hs_error;
923
+ }
924
+ }
925
+
926
+ if (!ssl->method->init_message(ssl, cbb.get(), &body,
927
+ SSL3_MT_SERVER_HELLO_DONE) ||
928
+ !ssl_add_message_cbb(ssl, cbb.get())) {
929
+ OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
930
+ return ssl_hs_error;
931
+ }
932
+
933
+ hs->state = state_read_client_certificate;
934
+ return ssl_hs_flush;
935
+ }
936
+
937
+ static enum ssl_hs_wait_t do_read_client_certificate(SSL_HANDSHAKE *hs) {
938
+ SSL *const ssl = hs->ssl;
939
+
940
+ if (!hs->cert_request) {
941
+ hs->state = state_verify_client_certificate;
942
+ return ssl_hs_ok;
943
+ }
944
+
945
+ SSLMessage msg;
946
+ if (!ssl->method->get_message(ssl, &msg)) {
947
+ return ssl_hs_read_message;
948
+ }
949
+
950
+ if (msg.type != SSL3_MT_CERTIFICATE) {
951
+ if (ssl->version == SSL3_VERSION &&
952
+ msg.type == SSL3_MT_CLIENT_KEY_EXCHANGE) {
953
+ // In SSL 3.0, the Certificate message is omitted to signal no
954
+ // certificate.
955
+ if (ssl->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) {
956
+ OPENSSL_PUT_ERROR(SSL, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
957
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
958
+ return ssl_hs_error;
959
+ }
960
+
961
+ // OpenSSL returns X509_V_OK when no certificates are received. This is
962
+ // classed by them as a bug, but it's assumed by at least NGINX.
963
+ hs->new_session->verify_result = X509_V_OK;
964
+ hs->state = state_verify_client_certificate;
965
+ return ssl_hs_ok;
966
+ }
967
+
968
+ OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_MESSAGE);
969
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
970
+ return ssl_hs_error;
971
+ }
972
+
973
+ if (!ssl_hash_message(hs, msg)) {
974
+ return ssl_hs_error;
975
+ }
976
+
977
+ CBS certificate_msg = msg.body;
978
+ uint8_t alert = SSL_AD_DECODE_ERROR;
979
+ UniquePtr<STACK_OF(CRYPTO_BUFFER)> chain;
980
+ if (!ssl_parse_cert_chain(&alert, &chain, &hs->peer_pubkey,
981
+ ssl->retain_only_sha256_of_client_certs
982
+ ? hs->new_session->peer_sha256
983
+ : NULL,
984
+ &certificate_msg, ssl->ctx->pool)) {
985
+ ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
986
+ return ssl_hs_error;
987
+ }
988
+ sk_CRYPTO_BUFFER_pop_free(hs->new_session->certs, CRYPTO_BUFFER_free);
989
+ hs->new_session->certs = chain.release();
990
+
991
+ if (CBS_len(&certificate_msg) != 0 ||
992
+ !ssl->ctx->x509_method->session_cache_objects(hs->new_session.get())) {
993
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
994
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
995
+ return ssl_hs_error;
996
+ }
997
+
998
+ if (sk_CRYPTO_BUFFER_num(hs->new_session->certs) == 0) {
999
+ // No client certificate so the handshake buffer may be discarded.
1000
+ hs->transcript.FreeBuffer();
1001
+
1002
+ // In SSL 3.0, sending no certificate is signaled by omitting the
1003
+ // Certificate message.
1004
+ if (ssl->version == SSL3_VERSION) {
1005
+ OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CERTIFICATES_RETURNED);
1006
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
1007
+ return ssl_hs_error;
1008
+ }
1009
+
1010
+ if (ssl->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) {
1011
+ // Fail for TLS only if we required a certificate
1012
+ OPENSSL_PUT_ERROR(SSL, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
1013
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
1014
+ return ssl_hs_error;
1015
+ }
1016
+
1017
+ // OpenSSL returns X509_V_OK when no certificates are received. This is
1018
+ // classed by them as a bug, but it's assumed by at least NGINX.
1019
+ hs->new_session->verify_result = X509_V_OK;
1020
+ } else if (ssl->retain_only_sha256_of_client_certs) {
1021
+ // The hash will have been filled in.
1022
+ hs->new_session->peer_sha256_valid = 1;
1023
+ }
1024
+
1025
+ ssl->method->next_message(ssl);
1026
+ hs->state = state_verify_client_certificate;
1027
+ return ssl_hs_ok;
1028
+ }
1029
+
1030
+ static enum ssl_hs_wait_t do_verify_client_certificate(SSL_HANDSHAKE *hs) {
1031
+ if (sk_CRYPTO_BUFFER_num(hs->new_session->certs) > 0) {
1032
+ switch (ssl_verify_peer_cert(hs)) {
1033
+ case ssl_verify_ok:
1034
+ break;
1035
+ case ssl_verify_invalid:
1036
+ return ssl_hs_error;
1037
+ case ssl_verify_retry:
1038
+ return ssl_hs_certificate_verify;
1039
+ }
1040
+ }
1041
+
1042
+ hs->state = state_read_client_key_exchange;
1043
+ return ssl_hs_ok;
1044
+ }
1045
+
1046
+ static enum ssl_hs_wait_t do_read_client_key_exchange(SSL_HANDSHAKE *hs) {
1047
+ SSL *const ssl = hs->ssl;
1048
+ SSLMessage msg;
1049
+ if (!ssl->method->get_message(ssl, &msg)) {
1050
+ return ssl_hs_read_message;
1051
+ }
1052
+
1053
+ if (!ssl_check_message_type(ssl, msg, SSL3_MT_CLIENT_KEY_EXCHANGE)) {
1054
+ return ssl_hs_error;
1055
+ }
1056
+
1057
+ CBS client_key_exchange = msg.body;
1058
+ uint32_t alg_k = hs->new_cipher->algorithm_mkey;
1059
+ uint32_t alg_a = hs->new_cipher->algorithm_auth;
1060
+
1061
+ // If using a PSK key exchange, parse the PSK identity.
1062
+ if (alg_a & SSL_aPSK) {
1063
+ CBS psk_identity;
1064
+
1065
+ // If using PSK, the ClientKeyExchange contains a psk_identity. If PSK,
1066
+ // then this is the only field in the message.
1067
+ if (!CBS_get_u16_length_prefixed(&client_key_exchange, &psk_identity) ||
1068
+ ((alg_k & SSL_kPSK) && CBS_len(&client_key_exchange) != 0)) {
1069
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
1070
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1071
+ return ssl_hs_error;
1072
+ }
1073
+
1074
+ if (CBS_len(&psk_identity) > PSK_MAX_IDENTITY_LEN ||
1075
+ CBS_contains_zero_byte(&psk_identity)) {
1076
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DATA_LENGTH_TOO_LONG);
1077
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
1078
+ return ssl_hs_error;
1079
+ }
1080
+
1081
+ if (!CBS_strdup(&psk_identity, &hs->new_session->psk_identity)) {
1082
+ OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
1083
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
1084
+ return ssl_hs_error;
1085
+ }
1086
+ }
1087
+
1088
+ // Depending on the key exchange method, compute |premaster_secret|.
1089
+ Array<uint8_t> premaster_secret;
1090
+ if (alg_k & SSL_kRSA) {
1091
+ CBS encrypted_premaster_secret;
1092
+ if (ssl->version > SSL3_VERSION) {
1093
+ if (!CBS_get_u16_length_prefixed(&client_key_exchange,
1094
+ &encrypted_premaster_secret) ||
1095
+ CBS_len(&client_key_exchange) != 0) {
1096
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
1097
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1098
+ return ssl_hs_error;
1099
+ }
1100
+ } else {
1101
+ encrypted_premaster_secret = client_key_exchange;
1102
+ }
1103
+
1104
+ // Allocate a buffer large enough for an RSA decryption.
1105
+ Array<uint8_t> decrypt_buf;
1106
+ if (!decrypt_buf.Init(EVP_PKEY_size(hs->local_pubkey.get()))) {
1107
+ return ssl_hs_error;
1108
+ }
1109
+
1110
+ // Decrypt with no padding. PKCS#1 padding will be removed as part of the
1111
+ // timing-sensitive code below.
1112
+ size_t decrypt_len;
1113
+ switch (ssl_private_key_decrypt(hs, decrypt_buf.data(), &decrypt_len,
1114
+ decrypt_buf.size(),
1115
+ encrypted_premaster_secret)) {
1116
+ case ssl_private_key_success:
1117
+ break;
1118
+ case ssl_private_key_failure:
1119
+ return ssl_hs_error;
1120
+ case ssl_private_key_retry:
1121
+ return ssl_hs_private_key_operation;
1122
+ }
1123
+
1124
+ if (decrypt_len != decrypt_buf.size()) {
1125
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECRYPTION_FAILED);
1126
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
1127
+ return ssl_hs_error;
1128
+ }
1129
+
1130
+ // Prepare a random premaster, to be used on invalid padding. See RFC 5246,
1131
+ // section 7.4.7.1.
1132
+ if (!premaster_secret.Init(SSL_MAX_MASTER_KEY_LENGTH) ||
1133
+ !RAND_bytes(premaster_secret.data(), premaster_secret.size())) {
1134
+ return ssl_hs_error;
1135
+ }
1136
+
1137
+ // The smallest padded premaster is 11 bytes of overhead. Small keys are
1138
+ // publicly invalid.
1139
+ if (decrypt_len < 11 + premaster_secret.size()) {
1140
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECRYPTION_FAILED);
1141
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
1142
+ return ssl_hs_error;
1143
+ }
1144
+
1145
+ // Check the padding. See RFC 3447, section 7.2.2.
1146
+ size_t padding_len = decrypt_len - premaster_secret.size();
1147
+ uint8_t good = constant_time_eq_int_8(decrypt_buf[0], 0) &
1148
+ constant_time_eq_int_8(decrypt_buf[1], 2);
1149
+ for (size_t i = 2; i < padding_len - 1; i++) {
1150
+ good &= ~constant_time_is_zero_8(decrypt_buf[i]);
1151
+ }
1152
+ good &= constant_time_is_zero_8(decrypt_buf[padding_len - 1]);
1153
+
1154
+ // The premaster secret must begin with |client_version|. This too must be
1155
+ // checked in constant time (http://eprint.iacr.org/2003/052/).
1156
+ good &= constant_time_eq_8(decrypt_buf[padding_len],
1157
+ (unsigned)(hs->client_version >> 8));
1158
+ good &= constant_time_eq_8(decrypt_buf[padding_len + 1],
1159
+ (unsigned)(hs->client_version & 0xff));
1160
+
1161
+ // Select, in constant time, either the decrypted premaster or the random
1162
+ // premaster based on |good|.
1163
+ for (size_t i = 0; i < premaster_secret.size(); i++) {
1164
+ premaster_secret[i] = constant_time_select_8(
1165
+ good, decrypt_buf[padding_len + i], premaster_secret[i]);
1166
+ }
1167
+ } else if (alg_k & SSL_kECDHE) {
1168
+ // Parse the ClientKeyExchange.
1169
+ CBS peer_key;
1170
+ if (!CBS_get_u8_length_prefixed(&client_key_exchange, &peer_key) ||
1171
+ CBS_len(&client_key_exchange) != 0) {
1172
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
1173
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1174
+ return ssl_hs_error;
1175
+ }
1176
+
1177
+ // Compute the premaster.
1178
+ uint8_t alert = SSL_AD_DECODE_ERROR;
1179
+ if (!hs->key_share->Finish(&premaster_secret, &alert, peer_key)) {
1180
+ ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
1181
+ return ssl_hs_error;
1182
+ }
1183
+
1184
+ // The key exchange state may now be discarded.
1185
+ hs->key_share.reset();
1186
+ } else if (!(alg_k & SSL_kPSK)) {
1187
+ OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
1188
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
1189
+ return ssl_hs_error;
1190
+ }
1191
+
1192
+ // For a PSK cipher suite, the actual pre-master secret is combined with the
1193
+ // pre-shared key.
1194
+ if (alg_a & SSL_aPSK) {
1195
+ if (ssl->psk_server_callback == NULL) {
1196
+ OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
1197
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
1198
+ return ssl_hs_error;
1199
+ }
1200
+
1201
+ // Look up the key for the identity.
1202
+ uint8_t psk[PSK_MAX_PSK_LEN];
1203
+ unsigned psk_len = ssl->psk_server_callback(
1204
+ ssl, hs->new_session->psk_identity, psk, sizeof(psk));
1205
+ if (psk_len > PSK_MAX_PSK_LEN) {
1206
+ OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
1207
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
1208
+ return ssl_hs_error;
1209
+ } else if (psk_len == 0) {
1210
+ // PSK related to the given identity not found.
1211
+ OPENSSL_PUT_ERROR(SSL, SSL_R_PSK_IDENTITY_NOT_FOUND);
1212
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNKNOWN_PSK_IDENTITY);
1213
+ return ssl_hs_error;
1214
+ }
1215
+
1216
+ if (alg_k & SSL_kPSK) {
1217
+ // In plain PSK, other_secret is a block of 0s with the same length as the
1218
+ // pre-shared key.
1219
+ if (!premaster_secret.Init(psk_len)) {
1220
+ return ssl_hs_error;
1221
+ }
1222
+ OPENSSL_memset(premaster_secret.data(), 0, premaster_secret.size());
1223
+ }
1224
+
1225
+ ScopedCBB new_premaster;
1226
+ CBB child;
1227
+ if (!CBB_init(new_premaster.get(),
1228
+ 2 + psk_len + 2 + premaster_secret.size()) ||
1229
+ !CBB_add_u16_length_prefixed(new_premaster.get(), &child) ||
1230
+ !CBB_add_bytes(&child, premaster_secret.data(),
1231
+ premaster_secret.size()) ||
1232
+ !CBB_add_u16_length_prefixed(new_premaster.get(), &child) ||
1233
+ !CBB_add_bytes(&child, psk, psk_len) ||
1234
+ !CBBFinishArray(new_premaster.get(), &premaster_secret)) {
1235
+ OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
1236
+ return ssl_hs_error;
1237
+ }
1238
+ }
1239
+
1240
+ if (!ssl_hash_message(hs, msg)) {
1241
+ return ssl_hs_error;
1242
+ }
1243
+
1244
+ // Compute the master secret.
1245
+ hs->new_session->master_key_length = tls1_generate_master_secret(
1246
+ hs, hs->new_session->master_key, premaster_secret);
1247
+ if (hs->new_session->master_key_length == 0) {
1248
+ return ssl_hs_error;
1249
+ }
1250
+ hs->new_session->extended_master_secret = hs->extended_master_secret;
1251
+
1252
+ ssl->method->next_message(ssl);
1253
+ hs->state = state_read_client_certificate_verify;
1254
+ return ssl_hs_ok;
1255
+ }
1256
+
1257
+ static enum ssl_hs_wait_t do_read_client_certificate_verify(SSL_HANDSHAKE *hs) {
1258
+ SSL *const ssl = hs->ssl;
1259
+
1260
+ // Only RSA and ECDSA client certificates are supported, so a
1261
+ // CertificateVerify is required if and only if there's a client certificate.
1262
+ if (!hs->peer_pubkey) {
1263
+ hs->transcript.FreeBuffer();
1264
+ hs->state = state_read_change_cipher_spec;
1265
+ return ssl_hs_ok;
1266
+ }
1267
+
1268
+ SSLMessage msg;
1269
+ if (!ssl->method->get_message(ssl, &msg)) {
1270
+ return ssl_hs_read_message;
1271
+ }
1272
+
1273
+ if (!ssl_check_message_type(ssl, msg, SSL3_MT_CERTIFICATE_VERIFY)) {
1274
+ return ssl_hs_error;
1275
+ }
1276
+
1277
+ CBS certificate_verify = msg.body, signature;
1278
+
1279
+ // Determine the signature algorithm.
1280
+ uint16_t signature_algorithm = 0;
1281
+ if (ssl_protocol_version(ssl) >= TLS1_2_VERSION) {
1282
+ if (!CBS_get_u16(&certificate_verify, &signature_algorithm)) {
1283
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
1284
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1285
+ return ssl_hs_error;
1286
+ }
1287
+ uint8_t alert = SSL_AD_DECODE_ERROR;
1288
+ if (!tls12_check_peer_sigalg(ssl, &alert, signature_algorithm)) {
1289
+ ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
1290
+ return ssl_hs_error;
1291
+ }
1292
+ hs->new_session->peer_signature_algorithm = signature_algorithm;
1293
+ } else if (!tls1_get_legacy_signature_algorithm(&signature_algorithm,
1294
+ hs->peer_pubkey.get())) {
1295
+ OPENSSL_PUT_ERROR(SSL, SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE);
1296
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNSUPPORTED_CERTIFICATE);
1297
+ return ssl_hs_error;
1298
+ }
1299
+
1300
+ // Parse and verify the signature.
1301
+ if (!CBS_get_u16_length_prefixed(&certificate_verify, &signature) ||
1302
+ CBS_len(&certificate_verify) != 0) {
1303
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
1304
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1305
+ return ssl_hs_error;
1306
+ }
1307
+
1308
+ bool sig_ok;
1309
+ // The SSL3 construction for CertificateVerify does not decompose into a
1310
+ // single final digest and signature, and must be special-cased.
1311
+ if (ssl_protocol_version(ssl) == SSL3_VERSION) {
1312
+ uint8_t digest[EVP_MAX_MD_SIZE];
1313
+ size_t digest_len;
1314
+ if (!hs->transcript.GetSSL3CertVerifyHash(
1315
+ digest, &digest_len, hs->new_session.get(), signature_algorithm)) {
1316
+ return ssl_hs_error;
1317
+ }
1318
+
1319
+ UniquePtr<EVP_PKEY_CTX> pctx(
1320
+ EVP_PKEY_CTX_new(hs->peer_pubkey.get(), nullptr));
1321
+ sig_ok = pctx &&
1322
+ EVP_PKEY_verify_init(pctx.get()) &&
1323
+ EVP_PKEY_verify(pctx.get(), CBS_data(&signature),
1324
+ CBS_len(&signature), digest, digest_len);
1325
+ } else {
1326
+ sig_ok =
1327
+ ssl_public_key_verify(ssl, signature, signature_algorithm,
1328
+ hs->peer_pubkey.get(), hs->transcript.buffer());
1329
+ }
1330
+
1331
+ #if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
1332
+ sig_ok = true;
1333
+ ERR_clear_error();
1334
+ #endif
1335
+ if (!sig_ok) {
1336
+ OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SIGNATURE);
1337
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
1338
+ return ssl_hs_error;
1339
+ }
1340
+
1341
+ // The handshake buffer is no longer necessary, and we may hash the current
1342
+ // message.
1343
+ hs->transcript.FreeBuffer();
1344
+ if (!ssl_hash_message(hs, msg)) {
1345
+ return ssl_hs_error;
1346
+ }
1347
+
1348
+ ssl->method->next_message(ssl);
1349
+ hs->state = state_read_change_cipher_spec;
1350
+ return ssl_hs_ok;
1351
+ }
1352
+
1353
+ static enum ssl_hs_wait_t do_read_change_cipher_spec(SSL_HANDSHAKE *hs) {
1354
+ hs->state = state_process_change_cipher_spec;
1355
+ return ssl_hs_read_change_cipher_spec;
1356
+ }
1357
+
1358
+ static enum ssl_hs_wait_t do_process_change_cipher_spec(SSL_HANDSHAKE *hs) {
1359
+ if (!tls1_change_cipher_state(hs, evp_aead_open)) {
1360
+ return ssl_hs_error;
1361
+ }
1362
+
1363
+ hs->state = state_read_next_proto;
1364
+ return ssl_hs_ok;
1365
+ }
1366
+
1367
+ static enum ssl_hs_wait_t do_read_next_proto(SSL_HANDSHAKE *hs) {
1368
+ SSL *const ssl = hs->ssl;
1369
+
1370
+ if (!hs->next_proto_neg_seen) {
1371
+ hs->state = state_read_channel_id;
1372
+ return ssl_hs_ok;
1373
+ }
1374
+
1375
+ SSLMessage msg;
1376
+ if (!ssl->method->get_message(ssl, &msg)) {
1377
+ return ssl_hs_read_message;
1378
+ }
1379
+
1380
+ if (!ssl_check_message_type(ssl, msg, SSL3_MT_NEXT_PROTO) ||
1381
+ !ssl_hash_message(hs, msg)) {
1382
+ return ssl_hs_error;
1383
+ }
1384
+
1385
+ CBS next_protocol = msg.body, selected_protocol, padding;
1386
+ if (!CBS_get_u8_length_prefixed(&next_protocol, &selected_protocol) ||
1387
+ !CBS_get_u8_length_prefixed(&next_protocol, &padding) ||
1388
+ CBS_len(&next_protocol) != 0) {
1389
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
1390
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1391
+ return ssl_hs_error;
1392
+ }
1393
+
1394
+ if (!ssl->s3->next_proto_negotiated.CopyFrom(selected_protocol)) {
1395
+ return ssl_hs_error;
1396
+ }
1397
+
1398
+ ssl->method->next_message(ssl);
1399
+ hs->state = state_read_channel_id;
1400
+ return ssl_hs_ok;
1401
+ }
1402
+
1403
+ static enum ssl_hs_wait_t do_read_channel_id(SSL_HANDSHAKE *hs) {
1404
+ SSL *const ssl = hs->ssl;
1405
+
1406
+ if (!ssl->s3->tlsext_channel_id_valid) {
1407
+ hs->state = state_read_client_finished;
1408
+ return ssl_hs_ok;
1409
+ }
1410
+
1411
+ SSLMessage msg;
1412
+ if (!ssl->method->get_message(ssl, &msg)) {
1413
+ return ssl_hs_read_message;
1414
+ }
1415
+
1416
+ if (!ssl_check_message_type(ssl, msg, SSL3_MT_CHANNEL_ID) ||
1417
+ !tls1_verify_channel_id(hs, msg) ||
1418
+ !ssl_hash_message(hs, msg)) {
1419
+ return ssl_hs_error;
1420
+ }
1421
+
1422
+ ssl->method->next_message(ssl);
1423
+ hs->state = state_read_client_finished;
1424
+ return ssl_hs_ok;
1425
+ }
1426
+
1427
+ static enum ssl_hs_wait_t do_read_client_finished(SSL_HANDSHAKE *hs) {
1428
+ SSL *const ssl = hs->ssl;
1429
+ enum ssl_hs_wait_t wait = ssl_get_finished(hs);
1430
+ if (wait != ssl_hs_ok) {
1431
+ return wait;
1432
+ }
1433
+
1434
+ if (ssl->session != NULL) {
1435
+ hs->state = state_finish_server_handshake;
1436
+ } else {
1437
+ hs->state = state_send_server_finished;
1438
+ }
1439
+
1440
+ // If this is a full handshake with ChannelID then record the handshake
1441
+ // hashes in |hs->new_session| in case we need them to verify a
1442
+ // ChannelID signature on a resumption of this session in the future.
1443
+ if (ssl->session == NULL && ssl->s3->tlsext_channel_id_valid &&
1444
+ !tls1_record_handshake_hashes_for_channel_id(hs)) {
1445
+ return ssl_hs_error;
1446
+ }
1447
+
1448
+ return ssl_hs_ok;
1449
+ }
1450
+
1451
+ static enum ssl_hs_wait_t do_send_server_finished(SSL_HANDSHAKE *hs) {
1452
+ SSL *const ssl = hs->ssl;
1453
+
1454
+ if (hs->ticket_expected) {
1455
+ const SSL_SESSION *session;
1456
+ UniquePtr<SSL_SESSION> session_copy;
1457
+ if (ssl->session == NULL) {
1458
+ // Fix the timeout to measure from the ticket issuance time.
1459
+ ssl_session_rebase_time(ssl, hs->new_session.get());
1460
+ session = hs->new_session.get();
1461
+ } else {
1462
+ // We are renewing an existing session. Duplicate the session to adjust
1463
+ // the timeout.
1464
+ session_copy = SSL_SESSION_dup(ssl->session, SSL_SESSION_INCLUDE_NONAUTH);
1465
+ if (!session_copy) {
1466
+ return ssl_hs_error;
1467
+ }
1468
+
1469
+ ssl_session_rebase_time(ssl, session_copy.get());
1470
+ session = session_copy.get();
1471
+ }
1472
+
1473
+ ScopedCBB cbb;
1474
+ CBB body, ticket;
1475
+ if (!ssl->method->init_message(ssl, cbb.get(), &body,
1476
+ SSL3_MT_NEW_SESSION_TICKET) ||
1477
+ !CBB_add_u32(&body, session->timeout) ||
1478
+ !CBB_add_u16_length_prefixed(&body, &ticket) ||
1479
+ !ssl_encrypt_ticket(ssl, &ticket, session) ||
1480
+ !ssl_add_message_cbb(ssl, cbb.get())) {
1481
+ return ssl_hs_error;
1482
+ }
1483
+ }
1484
+
1485
+ if (!ssl->method->add_change_cipher_spec(ssl) ||
1486
+ !tls1_change_cipher_state(hs, evp_aead_seal) ||
1487
+ !ssl_send_finished(hs)) {
1488
+ return ssl_hs_error;
1489
+ }
1490
+
1491
+ if (ssl->session != NULL) {
1492
+ hs->state = state_read_change_cipher_spec;
1493
+ } else {
1494
+ hs->state = state_finish_server_handshake;
1495
+ }
1496
+ return ssl_hs_flush;
1497
+ }
1498
+
1499
+ static enum ssl_hs_wait_t do_finish_server_handshake(SSL_HANDSHAKE *hs) {
1500
+ SSL *const ssl = hs->ssl;
1501
+
1502
+ ssl->method->on_handshake_complete(ssl);
1503
+
1504
+ // If we aren't retaining peer certificates then we can discard it now.
1505
+ if (hs->new_session != NULL && ssl->retain_only_sha256_of_client_certs) {
1506
+ sk_CRYPTO_BUFFER_pop_free(hs->new_session->certs, CRYPTO_BUFFER_free);
1507
+ hs->new_session->certs = NULL;
1508
+ ssl->ctx->x509_method->session_clear(hs->new_session.get());
1509
+ }
1510
+
1511
+ if (ssl->session != NULL) {
1512
+ SSL_SESSION_up_ref(ssl->session);
1513
+ ssl->s3->established_session.reset(ssl->session);
1514
+ } else {
1515
+ ssl->s3->established_session = std::move(hs->new_session);
1516
+ ssl->s3->established_session->not_resumable = 0;
1517
+ }
1518
+
1519
+ hs->handshake_finalized = true;
1520
+ ssl->s3->initial_handshake_complete = true;
1521
+ ssl_update_cache(hs, SSL_SESS_CACHE_SERVER);
1522
+
1523
+ hs->state = state_done;
1524
+ return ssl_hs_ok;
1525
+ }
1526
+
1527
+ enum ssl_hs_wait_t ssl_server_handshake(SSL_HANDSHAKE *hs) {
1528
+ while (hs->state != state_done) {
1529
+ enum ssl_hs_wait_t ret = ssl_hs_error;
1530
+ enum ssl_server_hs_state_t state =
1531
+ static_cast<enum ssl_server_hs_state_t>(hs->state);
1532
+ switch (state) {
1533
+ case state_start_accept:
1534
+ ret = do_start_accept(hs);
1535
+ break;
1536
+ case state_read_client_hello:
1537
+ ret = do_read_client_hello(hs);
1538
+ break;
1539
+ case state_select_certificate:
1540
+ ret = do_select_certificate(hs);
1541
+ break;
1542
+ case state_tls13:
1543
+ ret = do_tls13(hs);
1544
+ break;
1545
+ case state_select_parameters:
1546
+ ret = do_select_parameters(hs);
1547
+ break;
1548
+ case state_send_server_hello:
1549
+ ret = do_send_server_hello(hs);
1550
+ break;
1551
+ case state_send_server_certificate:
1552
+ ret = do_send_server_certificate(hs);
1553
+ break;
1554
+ case state_send_server_key_exchange:
1555
+ ret = do_send_server_key_exchange(hs);
1556
+ break;
1557
+ case state_send_server_hello_done:
1558
+ ret = do_send_server_hello_done(hs);
1559
+ break;
1560
+ case state_read_client_certificate:
1561
+ ret = do_read_client_certificate(hs);
1562
+ break;
1563
+ case state_verify_client_certificate:
1564
+ ret = do_verify_client_certificate(hs);
1565
+ break;
1566
+ case state_read_client_key_exchange:
1567
+ ret = do_read_client_key_exchange(hs);
1568
+ break;
1569
+ case state_read_client_certificate_verify:
1570
+ ret = do_read_client_certificate_verify(hs);
1571
+ break;
1572
+ case state_read_change_cipher_spec:
1573
+ ret = do_read_change_cipher_spec(hs);
1574
+ break;
1575
+ case state_process_change_cipher_spec:
1576
+ ret = do_process_change_cipher_spec(hs);
1577
+ break;
1578
+ case state_read_next_proto:
1579
+ ret = do_read_next_proto(hs);
1580
+ break;
1581
+ case state_read_channel_id:
1582
+ ret = do_read_channel_id(hs);
1583
+ break;
1584
+ case state_read_client_finished:
1585
+ ret = do_read_client_finished(hs);
1586
+ break;
1587
+ case state_send_server_finished:
1588
+ ret = do_send_server_finished(hs);
1589
+ break;
1590
+ case state_finish_server_handshake:
1591
+ ret = do_finish_server_handshake(hs);
1592
+ break;
1593
+ case state_done:
1594
+ ret = ssl_hs_ok;
1595
+ break;
1596
+ }
1597
+
1598
+ if (hs->state != state) {
1599
+ ssl_do_info_callback(hs->ssl, SSL_CB_ACCEPT_LOOP, 1);
1600
+ }
1601
+
1602
+ if (ret != ssl_hs_ok) {
1603
+ return ret;
1604
+ }
1605
+ }
1606
+
1607
+ ssl_do_info_callback(hs->ssl, SSL_CB_HANDSHAKE_DONE, 1);
1608
+ return ssl_hs_ok;
1609
+ }
1610
+
1611
+ const char *ssl_server_handshake_state(SSL_HANDSHAKE *hs) {
1612
+ enum ssl_server_hs_state_t state =
1613
+ static_cast<enum ssl_server_hs_state_t>(hs->state);
1614
+ switch (state) {
1615
+ case state_start_accept:
1616
+ return "TLS server start_accept";
1617
+ case state_read_client_hello:
1618
+ return "TLS server read_client_hello";
1619
+ case state_select_certificate:
1620
+ return "TLS server select_certificate";
1621
+ case state_tls13:
1622
+ return tls13_server_handshake_state(hs);
1623
+ case state_select_parameters:
1624
+ return "TLS server select_parameters";
1625
+ case state_send_server_hello:
1626
+ return "TLS server send_server_hello";
1627
+ case state_send_server_certificate:
1628
+ return "TLS server send_server_certificate";
1629
+ case state_send_server_key_exchange:
1630
+ return "TLS server send_server_key_exchange";
1631
+ case state_send_server_hello_done:
1632
+ return "TLS server send_server_hello_done";
1633
+ case state_read_client_certificate:
1634
+ return "TLS server read_client_certificate";
1635
+ case state_verify_client_certificate:
1636
+ return "TLS server verify_client_certificate";
1637
+ case state_read_client_key_exchange:
1638
+ return "TLS server read_client_key_exchange";
1639
+ case state_read_client_certificate_verify:
1640
+ return "TLS server read_client_certificate_verify";
1641
+ case state_read_change_cipher_spec:
1642
+ return "TLS server read_change_cipher_spec";
1643
+ case state_process_change_cipher_spec:
1644
+ return "TLS server process_change_cipher_spec";
1645
+ case state_read_next_proto:
1646
+ return "TLS server read_next_proto";
1647
+ case state_read_channel_id:
1648
+ return "TLS server read_channel_id";
1649
+ case state_read_client_finished:
1650
+ return "TLS server read_client_finished";
1651
+ case state_send_server_finished:
1652
+ return "TLS server send_server_finished";
1653
+ case state_finish_server_handshake:
1654
+ return "TLS server finish_server_handshake";
1655
+ case state_done:
1656
+ return "TLS server done";
1657
+ }
1658
+
1659
+ return "TLS server unknown";
1660
+ }
1661
+
1662
+ }