grpc-flamingo 1.11.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (1318) hide show
  1. checksums.yaml +7 -0
  2. data/.yardopts +1 -0
  3. data/Makefile +23896 -0
  4. data/etc/roots.pem +4475 -0
  5. data/include/grpc/byte_buffer.h +27 -0
  6. data/include/grpc/byte_buffer_reader.h +26 -0
  7. data/include/grpc/census.h +40 -0
  8. data/include/grpc/compression.h +75 -0
  9. data/include/grpc/fork.h +26 -0
  10. data/include/grpc/grpc.h +469 -0
  11. data/include/grpc/grpc_cronet.h +38 -0
  12. data/include/grpc/grpc_posix.h +67 -0
  13. data/include/grpc/grpc_security.h +495 -0
  14. data/include/grpc/grpc_security_constants.h +107 -0
  15. data/include/grpc/impl/codegen/atm.h +95 -0
  16. data/include/grpc/impl/codegen/atm_gcc_atomic.h +91 -0
  17. data/include/grpc/impl/codegen/atm_gcc_sync.h +83 -0
  18. data/include/grpc/impl/codegen/atm_windows.h +126 -0
  19. data/include/grpc/impl/codegen/byte_buffer.h +88 -0
  20. data/include/grpc/impl/codegen/byte_buffer_reader.h +42 -0
  21. data/include/grpc/impl/codegen/compression_types.h +107 -0
  22. data/include/grpc/impl/codegen/connectivity_state.h +44 -0
  23. data/include/grpc/impl/codegen/fork.h +48 -0
  24. data/include/grpc/impl/codegen/gpr_slice.h +69 -0
  25. data/include/grpc/impl/codegen/gpr_types.h +59 -0
  26. data/include/grpc/impl/codegen/grpc_types.h +669 -0
  27. data/include/grpc/impl/codegen/port_platform.h +507 -0
  28. data/include/grpc/impl/codegen/propagation_bits.h +52 -0
  29. data/include/grpc/impl/codegen/slice.h +147 -0
  30. data/include/grpc/impl/codegen/status.h +153 -0
  31. data/include/grpc/impl/codegen/sync.h +63 -0
  32. data/include/grpc/impl/codegen/sync_custom.h +38 -0
  33. data/include/grpc/impl/codegen/sync_generic.h +48 -0
  34. data/include/grpc/impl/codegen/sync_posix.h +34 -0
  35. data/include/grpc/impl/codegen/sync_windows.h +36 -0
  36. data/include/grpc/load_reporting.h +48 -0
  37. data/include/grpc/module.modulemap +74 -0
  38. data/include/grpc/slice.h +172 -0
  39. data/include/grpc/slice_buffer.h +84 -0
  40. data/include/grpc/status.h +26 -0
  41. data/include/grpc/support/alloc.h +68 -0
  42. data/include/grpc/support/atm.h +26 -0
  43. data/include/grpc/support/atm_gcc_atomic.h +26 -0
  44. data/include/grpc/support/atm_gcc_sync.h +26 -0
  45. data/include/grpc/support/atm_windows.h +26 -0
  46. data/include/grpc/support/cpu.h +44 -0
  47. data/include/grpc/support/log.h +104 -0
  48. data/include/grpc/support/log_windows.h +38 -0
  49. data/include/grpc/support/port_platform.h +24 -0
  50. data/include/grpc/support/string_util.h +49 -0
  51. data/include/grpc/support/sync.h +298 -0
  52. data/include/grpc/support/sync_custom.h +26 -0
  53. data/include/grpc/support/sync_generic.h +26 -0
  54. data/include/grpc/support/sync_posix.h +26 -0
  55. data/include/grpc/support/sync_windows.h +26 -0
  56. data/include/grpc/support/thd_id.h +44 -0
  57. data/include/grpc/support/time.h +92 -0
  58. data/include/grpc/support/workaround_list.h +31 -0
  59. data/src/boringssl/err_data.c +1348 -0
  60. data/src/core/ext/census/grpc_context.cc +38 -0
  61. data/src/core/ext/filters/client_channel/backup_poller.cc +174 -0
  62. data/src/core/ext/filters/client_channel/backup_poller.h +35 -0
  63. data/src/core/ext/filters/client_channel/channel_connectivity.cc +248 -0
  64. data/src/core/ext/filters/client_channel/client_channel.cc +3209 -0
  65. data/src/core/ext/filters/client_channel/client_channel.h +57 -0
  66. data/src/core/ext/filters/client_channel/client_channel_factory.cc +67 -0
  67. data/src/core/ext/filters/client_channel/client_channel_factory.h +74 -0
  68. data/src/core/ext/filters/client_channel/client_channel_plugin.cc +62 -0
  69. data/src/core/ext/filters/client_channel/connector.cc +41 -0
  70. data/src/core/ext/filters/client_channel/connector.h +73 -0
  71. data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +370 -0
  72. data/src/core/ext/filters/client_channel/http_connect_handshaker.h +34 -0
  73. data/src/core/ext/filters/client_channel/http_proxy.cc +195 -0
  74. data/src/core/ext/filters/client_channel/http_proxy.h +24 -0
  75. data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +138 -0
  76. data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.h +29 -0
  77. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +1906 -0
  78. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +36 -0
  79. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +108 -0
  80. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +152 -0
  81. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +67 -0
  82. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +304 -0
  83. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +88 -0
  84. data/src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.c +102 -0
  85. data/src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.h +190 -0
  86. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +591 -0
  87. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +687 -0
  88. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.cc +253 -0
  89. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +136 -0
  90. data/src/core/ext/filters/client_channel/lb_policy.cc +59 -0
  91. data/src/core/ext/filters/client_channel/lb_policy.h +201 -0
  92. data/src/core/ext/filters/client_channel/lb_policy_factory.cc +155 -0
  93. data/src/core/ext/filters/client_channel/lb_policy_factory.h +127 -0
  94. data/src/core/ext/filters/client_channel/lb_policy_registry.cc +97 -0
  95. data/src/core/ext/filters/client_channel/lb_policy_registry.h +54 -0
  96. data/src/core/ext/filters/client_channel/method_params.cc +178 -0
  97. data/src/core/ext/filters/client_channel/method_params.h +74 -0
  98. data/src/core/ext/filters/client_channel/parse_address.cc +192 -0
  99. data/src/core/ext/filters/client_channel/parse_address.h +50 -0
  100. data/src/core/ext/filters/client_channel/proxy_mapper.cc +48 -0
  101. data/src/core/ext/filters/client_channel/proxy_mapper.h +74 -0
  102. data/src/core/ext/filters/client_channel/proxy_mapper_registry.cc +122 -0
  103. data/src/core/ext/filters/client_channel/proxy_mapper_registry.h +44 -0
  104. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +493 -0
  105. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +53 -0
  106. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +351 -0
  107. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +593 -0
  108. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +74 -0
  109. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +59 -0
  110. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +340 -0
  111. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +297 -0
  112. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +83 -0
  113. data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +214 -0
  114. data/src/core/ext/filters/client_channel/resolver.cc +35 -0
  115. data/src/core/ext/filters/client_channel/resolver.h +134 -0
  116. data/src/core/ext/filters/client_channel/resolver_factory.h +71 -0
  117. data/src/core/ext/filters/client_channel/resolver_registry.cc +178 -0
  118. data/src/core/ext/filters/client_channel/resolver_registry.h +83 -0
  119. data/src/core/ext/filters/client_channel/retry_throttle.cc +191 -0
  120. data/src/core/ext/filters/client_channel/retry_throttle.h +77 -0
  121. data/src/core/ext/filters/client_channel/subchannel.cc +815 -0
  122. data/src/core/ext/filters/client_channel/subchannel.h +183 -0
  123. data/src/core/ext/filters/client_channel/subchannel_index.cc +254 -0
  124. data/src/core/ext/filters/client_channel/subchannel_index.h +79 -0
  125. data/src/core/ext/filters/client_channel/uri_parser.cc +314 -0
  126. data/src/core/ext/filters/client_channel/uri_parser.h +50 -0
  127. data/src/core/ext/filters/deadline/deadline_filter.cc +386 -0
  128. data/src/core/ext/filters/deadline/deadline_filter.h +93 -0
  129. data/src/core/ext/filters/http/client/http_client_filter.cc +558 -0
  130. data/src/core/ext/filters/http/client/http_client_filter.h +31 -0
  131. data/src/core/ext/filters/http/client_authority_filter.cc +156 -0
  132. data/src/core/ext/filters/http/client_authority_filter.h +34 -0
  133. data/src/core/ext/filters/http/http_filters_plugin.cc +89 -0
  134. data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +499 -0
  135. data/src/core/ext/filters/http/message_compress/message_compress_filter.h +53 -0
  136. data/src/core/ext/filters/http/server/http_server_filter.cc +434 -0
  137. data/src/core/ext/filters/http/server/http_server_filter.h +29 -0
  138. data/src/core/ext/filters/load_reporting/server_load_reporting_filter.cc +222 -0
  139. data/src/core/ext/filters/load_reporting/server_load_reporting_filter.h +30 -0
  140. data/src/core/ext/filters/load_reporting/server_load_reporting_plugin.cc +71 -0
  141. data/src/core/ext/filters/load_reporting/server_load_reporting_plugin.h +61 -0
  142. data/src/core/ext/filters/max_age/max_age_filter.cc +543 -0
  143. data/src/core/ext/filters/max_age/max_age_filter.h +26 -0
  144. data/src/core/ext/filters/message_size/message_size_filter.cc +324 -0
  145. data/src/core/ext/filters/message_size/message_size_filter.h +26 -0
  146. data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +208 -0
  147. data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.h +27 -0
  148. data/src/core/ext/filters/workarounds/workaround_utils.cc +53 -0
  149. data/src/core/ext/filters/workarounds/workaround_utils.h +39 -0
  150. data/src/core/ext/transport/chttp2/alpn/alpn.cc +44 -0
  151. data/src/core/ext/transport/chttp2/alpn/alpn.h +36 -0
  152. data/src/core/ext/transport/chttp2/client/authority.cc +42 -0
  153. data/src/core/ext/transport/chttp2/client/authority.h +36 -0
  154. data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +229 -0
  155. data/src/core/ext/transport/chttp2/client/chttp2_connector.h +28 -0
  156. data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +110 -0
  157. data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +79 -0
  158. data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +230 -0
  159. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +353 -0
  160. data/src/core/ext/transport/chttp2/server/chttp2_server.h +33 -0
  161. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +45 -0
  162. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +74 -0
  163. data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +89 -0
  164. data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +249 -0
  165. data/src/core/ext/transport/chttp2/transport/bin_decoder.h +56 -0
  166. data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +231 -0
  167. data/src/core/ext/transport/chttp2/transport/bin_encoder.h +41 -0
  168. data/src/core/ext/transport/chttp2/transport/chttp2_plugin.cc +35 -0
  169. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +3102 -0
  170. data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +45 -0
  171. data/src/core/ext/transport/chttp2/transport/flow_control.cc +405 -0
  172. data/src/core/ext/transport/chttp2/transport/flow_control.h +482 -0
  173. data/src/core/ext/transport/chttp2/transport/frame.h +47 -0
  174. data/src/core/ext/transport/chttp2/transport/frame_data.cc +314 -0
  175. data/src/core/ext/transport/chttp2/transport/frame_data.h +84 -0
  176. data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +186 -0
  177. data/src/core/ext/transport/chttp2/transport/frame_goaway.h +62 -0
  178. data/src/core/ext/transport/chttp2/transport/frame_ping.cc +131 -0
  179. data/src/core/ext/transport/chttp2/transport/frame_ping.h +45 -0
  180. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +112 -0
  181. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +43 -0
  182. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +238 -0
  183. data/src/core/ext/transport/chttp2/transport/frame_settings.h +60 -0
  184. data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +122 -0
  185. data/src/core/ext/transport/chttp2/transport/frame_window_update.h +45 -0
  186. data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +699 -0
  187. data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +95 -0
  188. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +1680 -0
  189. data/src/core/ext/transport/chttp2/transport/hpack_parser.h +109 -0
  190. data/src/core/ext/transport/chttp2/transport/hpack_table.cc +368 -0
  191. data/src/core/ext/transport/chttp2/transport/hpack_table.h +95 -0
  192. data/src/core/ext/transport/chttp2/transport/http2_settings.cc +62 -0
  193. data/src/core/ext/transport/chttp2/transport/http2_settings.h +62 -0
  194. data/src/core/ext/transport/chttp2/transport/huffsyms.cc +92 -0
  195. data/src/core/ext/transport/chttp2/transport/huffsyms.h +33 -0
  196. data/src/core/ext/transport/chttp2/transport/incoming_metadata.cc +73 -0
  197. data/src/core/ext/transport/chttp2/transport/incoming_metadata.h +49 -0
  198. data/src/core/ext/transport/chttp2/transport/internal.h +799 -0
  199. data/src/core/ext/transport/chttp2/transport/parsing.cc +745 -0
  200. data/src/core/ext/transport/chttp2/transport/stream_lists.cc +216 -0
  201. data/src/core/ext/transport/chttp2/transport/stream_map.cc +167 -0
  202. data/src/core/ext/transport/chttp2/transport/stream_map.h +68 -0
  203. data/src/core/ext/transport/chttp2/transport/varint.cc +56 -0
  204. data/src/core/ext/transport/chttp2/transport/varint.h +60 -0
  205. data/src/core/ext/transport/chttp2/transport/writing.cc +641 -0
  206. data/src/core/ext/transport/inproc/inproc_plugin.cc +28 -0
  207. data/src/core/ext/transport/inproc/inproc_transport.cc +1240 -0
  208. data/src/core/ext/transport/inproc/inproc_transport.h +35 -0
  209. data/src/core/lib/avl/avl.cc +306 -0
  210. data/src/core/lib/avl/avl.h +94 -0
  211. data/src/core/lib/backoff/backoff.cc +78 -0
  212. data/src/core/lib/backoff/backoff.h +89 -0
  213. data/src/core/lib/channel/channel_args.cc +413 -0
  214. data/src/core/lib/channel/channel_args.h +127 -0
  215. data/src/core/lib/channel/channel_stack.cc +258 -0
  216. data/src/core/lib/channel/channel_stack.h +280 -0
  217. data/src/core/lib/channel/channel_stack_builder.cc +314 -0
  218. data/src/core/lib/channel/channel_stack_builder.h +160 -0
  219. data/src/core/lib/channel/channel_trace.cc +239 -0
  220. data/src/core/lib/channel/channel_trace.h +133 -0
  221. data/src/core/lib/channel/channel_trace_registry.cc +80 -0
  222. data/src/core/lib/channel/channel_trace_registry.h +43 -0
  223. data/src/core/lib/channel/connected_channel.cc +236 -0
  224. data/src/core/lib/channel/connected_channel.h +34 -0
  225. data/src/core/lib/channel/context.h +49 -0
  226. data/src/core/lib/channel/handshaker.cc +259 -0
  227. data/src/core/lib/channel/handshaker.h +166 -0
  228. data/src/core/lib/channel/handshaker_factory.cc +41 -0
  229. data/src/core/lib/channel/handshaker_factory.h +50 -0
  230. data/src/core/lib/channel/handshaker_registry.cc +97 -0
  231. data/src/core/lib/channel/handshaker_registry.h +48 -0
  232. data/src/core/lib/channel/status_util.cc +100 -0
  233. data/src/core/lib/channel/status_util.h +58 -0
  234. data/src/core/lib/compression/algorithm_metadata.h +61 -0
  235. data/src/core/lib/compression/compression.cc +174 -0
  236. data/src/core/lib/compression/compression_internal.cc +276 -0
  237. data/src/core/lib/compression/compression_internal.h +88 -0
  238. data/src/core/lib/compression/message_compress.cc +187 -0
  239. data/src/core/lib/compression/message_compress.h +40 -0
  240. data/src/core/lib/compression/stream_compression.cc +79 -0
  241. data/src/core/lib/compression/stream_compression.h +116 -0
  242. data/src/core/lib/compression/stream_compression_gzip.cc +230 -0
  243. data/src/core/lib/compression/stream_compression_gzip.h +28 -0
  244. data/src/core/lib/compression/stream_compression_identity.cc +94 -0
  245. data/src/core/lib/compression/stream_compression_identity.h +29 -0
  246. data/src/core/lib/debug/stats.cc +178 -0
  247. data/src/core/lib/debug/stats.h +61 -0
  248. data/src/core/lib/debug/stats_data.cc +682 -0
  249. data/src/core/lib/debug/stats_data.h +435 -0
  250. data/src/core/lib/debug/trace.cc +144 -0
  251. data/src/core/lib/debug/trace.h +104 -0
  252. data/src/core/lib/gpr/alloc.cc +99 -0
  253. data/src/core/lib/gpr/arena.cc +152 -0
  254. data/src/core/lib/gpr/arena.h +41 -0
  255. data/src/core/lib/gpr/atm.cc +35 -0
  256. data/src/core/lib/gpr/cpu_iphone.cc +36 -0
  257. data/src/core/lib/gpr/cpu_linux.cc +82 -0
  258. data/src/core/lib/gpr/cpu_posix.cc +81 -0
  259. data/src/core/lib/gpr/cpu_windows.cc +33 -0
  260. data/src/core/lib/gpr/env.h +43 -0
  261. data/src/core/lib/gpr/env_linux.cc +82 -0
  262. data/src/core/lib/gpr/env_posix.cc +47 -0
  263. data/src/core/lib/gpr/env_windows.cc +72 -0
  264. data/src/core/lib/gpr/fork.cc +78 -0
  265. data/src/core/lib/gpr/fork.h +35 -0
  266. data/src/core/lib/gpr/host_port.cc +98 -0
  267. data/src/core/lib/gpr/host_port.h +43 -0
  268. data/src/core/lib/gpr/log.cc +96 -0
  269. data/src/core/lib/gpr/log_android.cc +72 -0
  270. data/src/core/lib/gpr/log_linux.cc +93 -0
  271. data/src/core/lib/gpr/log_posix.cc +90 -0
  272. data/src/core/lib/gpr/log_windows.cc +97 -0
  273. data/src/core/lib/gpr/mpscq.cc +117 -0
  274. data/src/core/lib/gpr/mpscq.h +86 -0
  275. data/src/core/lib/gpr/murmur_hash.cc +80 -0
  276. data/src/core/lib/gpr/murmur_hash.h +29 -0
  277. data/src/core/lib/gpr/spinlock.h +46 -0
  278. data/src/core/lib/gpr/string.cc +319 -0
  279. data/src/core/lib/gpr/string.h +109 -0
  280. data/src/core/lib/gpr/string_posix.cc +72 -0
  281. data/src/core/lib/gpr/string_util_windows.cc +82 -0
  282. data/src/core/lib/gpr/string_windows.cc +69 -0
  283. data/src/core/lib/gpr/string_windows.h +32 -0
  284. data/src/core/lib/gpr/sync.cc +124 -0
  285. data/src/core/lib/gpr/sync_posix.cc +107 -0
  286. data/src/core/lib/gpr/sync_windows.cc +118 -0
  287. data/src/core/lib/gpr/time.cc +251 -0
  288. data/src/core/lib/gpr/time_posix.cc +167 -0
  289. data/src/core/lib/gpr/time_precise.cc +78 -0
  290. data/src/core/lib/gpr/time_precise.h +29 -0
  291. data/src/core/lib/gpr/time_windows.cc +98 -0
  292. data/src/core/lib/gpr/tls.h +68 -0
  293. data/src/core/lib/gpr/tls_gcc.h +52 -0
  294. data/src/core/lib/gpr/tls_msvc.h +52 -0
  295. data/src/core/lib/gpr/tls_pthread.cc +30 -0
  296. data/src/core/lib/gpr/tls_pthread.h +56 -0
  297. data/src/core/lib/gpr/tmpfile.h +32 -0
  298. data/src/core/lib/gpr/tmpfile_msys.cc +58 -0
  299. data/src/core/lib/gpr/tmpfile_posix.cc +70 -0
  300. data/src/core/lib/gpr/tmpfile_windows.cc +69 -0
  301. data/src/core/lib/gpr/useful.h +65 -0
  302. data/src/core/lib/gpr/wrap_memcpy.cc +42 -0
  303. data/src/core/lib/gprpp/abstract.h +34 -0
  304. data/src/core/lib/gprpp/atomic.h +30 -0
  305. data/src/core/lib/gprpp/atomic_with_atm.h +57 -0
  306. data/src/core/lib/gprpp/atomic_with_std.h +35 -0
  307. data/src/core/lib/gprpp/debug_location.h +52 -0
  308. data/src/core/lib/gprpp/inlined_vector.h +136 -0
  309. data/src/core/lib/gprpp/manual_constructor.h +213 -0
  310. data/src/core/lib/gprpp/memory.h +111 -0
  311. data/src/core/lib/gprpp/orphanable.h +199 -0
  312. data/src/core/lib/gprpp/ref_counted.h +169 -0
  313. data/src/core/lib/gprpp/ref_counted_ptr.h +112 -0
  314. data/src/core/lib/gprpp/thd.h +135 -0
  315. data/src/core/lib/gprpp/thd_posix.cc +209 -0
  316. data/src/core/lib/gprpp/thd_windows.cc +162 -0
  317. data/src/core/lib/http/format_request.cc +122 -0
  318. data/src/core/lib/http/format_request.h +34 -0
  319. data/src/core/lib/http/httpcli.cc +303 -0
  320. data/src/core/lib/http/httpcli.h +127 -0
  321. data/src/core/lib/http/httpcli_security_connector.cc +202 -0
  322. data/src/core/lib/http/parser.cc +371 -0
  323. data/src/core/lib/http/parser.h +113 -0
  324. data/src/core/lib/iomgr/block_annotate.h +57 -0
  325. data/src/core/lib/iomgr/call_combiner.cc +212 -0
  326. data/src/core/lib/iomgr/call_combiner.h +112 -0
  327. data/src/core/lib/iomgr/closure.h +351 -0
  328. data/src/core/lib/iomgr/combiner.cc +358 -0
  329. data/src/core/lib/iomgr/combiner.h +66 -0
  330. data/src/core/lib/iomgr/endpoint.cc +63 -0
  331. data/src/core/lib/iomgr/endpoint.h +98 -0
  332. data/src/core/lib/iomgr/endpoint_pair.h +34 -0
  333. data/src/core/lib/iomgr/endpoint_pair_posix.cc +73 -0
  334. data/src/core/lib/iomgr/endpoint_pair_uv.cc +40 -0
  335. data/src/core/lib/iomgr/endpoint_pair_windows.cc +87 -0
  336. data/src/core/lib/iomgr/error.cc +793 -0
  337. data/src/core/lib/iomgr/error.h +207 -0
  338. data/src/core/lib/iomgr/error_internal.h +63 -0
  339. data/src/core/lib/iomgr/ev_epoll1_linux.cc +1248 -0
  340. data/src/core/lib/iomgr/ev_epoll1_linux.h +31 -0
  341. data/src/core/lib/iomgr/ev_epollex_linux.cc +1494 -0
  342. data/src/core/lib/iomgr/ev_epollex_linux.h +30 -0
  343. data/src/core/lib/iomgr/ev_epollsig_linux.cc +1735 -0
  344. data/src/core/lib/iomgr/ev_epollsig_linux.h +35 -0
  345. data/src/core/lib/iomgr/ev_poll_posix.cc +1758 -0
  346. data/src/core/lib/iomgr/ev_poll_posix.h +29 -0
  347. data/src/core/lib/iomgr/ev_posix.cc +330 -0
  348. data/src/core/lib/iomgr/ev_posix.h +145 -0
  349. data/src/core/lib/iomgr/ev_windows.cc +30 -0
  350. data/src/core/lib/iomgr/exec_ctx.cc +147 -0
  351. data/src/core/lib/iomgr/exec_ctx.h +210 -0
  352. data/src/core/lib/iomgr/executor.cc +301 -0
  353. data/src/core/lib/iomgr/executor.h +50 -0
  354. data/src/core/lib/iomgr/fork_posix.cc +89 -0
  355. data/src/core/lib/iomgr/fork_windows.cc +41 -0
  356. data/src/core/lib/iomgr/gethostname.h +26 -0
  357. data/src/core/lib/iomgr/gethostname_fallback.cc +30 -0
  358. data/src/core/lib/iomgr/gethostname_host_name_max.cc +40 -0
  359. data/src/core/lib/iomgr/gethostname_sysconf.cc +40 -0
  360. data/src/core/lib/iomgr/iocp_windows.cc +152 -0
  361. data/src/core/lib/iomgr/iocp_windows.h +48 -0
  362. data/src/core/lib/iomgr/iomgr.cc +178 -0
  363. data/src/core/lib/iomgr/iomgr.h +36 -0
  364. data/src/core/lib/iomgr/iomgr_custom.cc +63 -0
  365. data/src/core/lib/iomgr/iomgr_custom.h +47 -0
  366. data/src/core/lib/iomgr/iomgr_internal.cc +43 -0
  367. data/src/core/lib/iomgr/iomgr_internal.h +57 -0
  368. data/src/core/lib/iomgr/iomgr_posix.cc +67 -0
  369. data/src/core/lib/iomgr/iomgr_posix.h +26 -0
  370. data/src/core/lib/iomgr/iomgr_uv.cc +40 -0
  371. data/src/core/lib/iomgr/iomgr_windows.cc +87 -0
  372. data/src/core/lib/iomgr/is_epollexclusive_available.cc +104 -0
  373. data/src/core/lib/iomgr/is_epollexclusive_available.h +36 -0
  374. data/src/core/lib/iomgr/load_file.cc +80 -0
  375. data/src/core/lib/iomgr/load_file.h +35 -0
  376. data/src/core/lib/iomgr/lockfree_event.cc +250 -0
  377. data/src/core/lib/iomgr/lockfree_event.h +72 -0
  378. data/src/core/lib/iomgr/nameser.h +106 -0
  379. data/src/core/lib/iomgr/network_status_tracker.cc +36 -0
  380. data/src/core/lib/iomgr/network_status_tracker.h +32 -0
  381. data/src/core/lib/iomgr/polling_entity.cc +87 -0
  382. data/src/core/lib/iomgr/polling_entity.h +68 -0
  383. data/src/core/lib/iomgr/pollset.cc +56 -0
  384. data/src/core/lib/iomgr/pollset.h +99 -0
  385. data/src/core/lib/iomgr/pollset_custom.cc +106 -0
  386. data/src/core/lib/iomgr/pollset_custom.h +35 -0
  387. data/src/core/lib/iomgr/pollset_set.cc +55 -0
  388. data/src/core/lib/iomgr/pollset_set.h +55 -0
  389. data/src/core/lib/iomgr/pollset_set_custom.cc +48 -0
  390. data/src/core/lib/iomgr/pollset_set_custom.h +26 -0
  391. data/src/core/lib/iomgr/pollset_set_windows.cc +51 -0
  392. data/src/core/lib/iomgr/pollset_set_windows.h +26 -0
  393. data/src/core/lib/iomgr/pollset_uv.cc +93 -0
  394. data/src/core/lib/iomgr/pollset_windows.cc +229 -0
  395. data/src/core/lib/iomgr/pollset_windows.h +70 -0
  396. data/src/core/lib/iomgr/port.h +147 -0
  397. data/src/core/lib/iomgr/resolve_address.cc +50 -0
  398. data/src/core/lib/iomgr/resolve_address.h +83 -0
  399. data/src/core/lib/iomgr/resolve_address_custom.cc +187 -0
  400. data/src/core/lib/iomgr/resolve_address_custom.h +43 -0
  401. data/src/core/lib/iomgr/resolve_address_posix.cc +180 -0
  402. data/src/core/lib/iomgr/resolve_address_windows.cc +165 -0
  403. data/src/core/lib/iomgr/resource_quota.cc +871 -0
  404. data/src/core/lib/iomgr/resource_quota.h +142 -0
  405. data/src/core/lib/iomgr/sockaddr.h +32 -0
  406. data/src/core/lib/iomgr/sockaddr_custom.h +54 -0
  407. data/src/core/lib/iomgr/sockaddr_posix.h +55 -0
  408. data/src/core/lib/iomgr/sockaddr_utils.cc +298 -0
  409. data/src/core/lib/iomgr/sockaddr_utils.h +84 -0
  410. data/src/core/lib/iomgr/sockaddr_windows.h +55 -0
  411. data/src/core/lib/iomgr/socket_factory_posix.cc +94 -0
  412. data/src/core/lib/iomgr/socket_factory_posix.h +69 -0
  413. data/src/core/lib/iomgr/socket_mutator.cc +83 -0
  414. data/src/core/lib/iomgr/socket_mutator.h +61 -0
  415. data/src/core/lib/iomgr/socket_utils.h +38 -0
  416. data/src/core/lib/iomgr/socket_utils_common_posix.cc +327 -0
  417. data/src/core/lib/iomgr/socket_utils_linux.cc +43 -0
  418. data/src/core/lib/iomgr/socket_utils_posix.cc +59 -0
  419. data/src/core/lib/iomgr/socket_utils_posix.h +134 -0
  420. data/src/core/lib/iomgr/socket_utils_uv.cc +45 -0
  421. data/src/core/lib/iomgr/socket_utils_windows.cc +43 -0
  422. data/src/core/lib/iomgr/socket_windows.cc +151 -0
  423. data/src/core/lib/iomgr/socket_windows.h +113 -0
  424. data/src/core/lib/iomgr/sys_epoll_wrapper.h +30 -0
  425. data/src/core/lib/iomgr/tcp_client.cc +36 -0
  426. data/src/core/lib/iomgr/tcp_client.h +52 -0
  427. data/src/core/lib/iomgr/tcp_client_custom.cc +151 -0
  428. data/src/core/lib/iomgr/tcp_client_posix.cc +359 -0
  429. data/src/core/lib/iomgr/tcp_client_posix.h +68 -0
  430. data/src/core/lib/iomgr/tcp_client_windows.cc +231 -0
  431. data/src/core/lib/iomgr/tcp_custom.cc +365 -0
  432. data/src/core/lib/iomgr/tcp_custom.h +81 -0
  433. data/src/core/lib/iomgr/tcp_posix.cc +814 -0
  434. data/src/core/lib/iomgr/tcp_posix.h +57 -0
  435. data/src/core/lib/iomgr/tcp_server.cc +73 -0
  436. data/src/core/lib/iomgr/tcp_server.h +122 -0
  437. data/src/core/lib/iomgr/tcp_server_custom.cc +472 -0
  438. data/src/core/lib/iomgr/tcp_server_posix.cc +582 -0
  439. data/src/core/lib/iomgr/tcp_server_utils_posix.h +122 -0
  440. data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +208 -0
  441. data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +184 -0
  442. data/src/core/lib/iomgr/tcp_server_utils_posix_noifaddrs.cc +36 -0
  443. data/src/core/lib/iomgr/tcp_server_windows.cc +559 -0
  444. data/src/core/lib/iomgr/tcp_uv.cc +417 -0
  445. data/src/core/lib/iomgr/tcp_windows.cc +455 -0
  446. data/src/core/lib/iomgr/tcp_windows.h +51 -0
  447. data/src/core/lib/iomgr/time_averaged_stats.cc +64 -0
  448. data/src/core/lib/iomgr/time_averaged_stats.h +73 -0
  449. data/src/core/lib/iomgr/timer.cc +45 -0
  450. data/src/core/lib/iomgr/timer.h +125 -0
  451. data/src/core/lib/iomgr/timer_custom.cc +93 -0
  452. data/src/core/lib/iomgr/timer_custom.h +43 -0
  453. data/src/core/lib/iomgr/timer_generic.cc +663 -0
  454. data/src/core/lib/iomgr/timer_heap.cc +135 -0
  455. data/src/core/lib/iomgr/timer_heap.h +44 -0
  456. data/src/core/lib/iomgr/timer_manager.cc +347 -0
  457. data/src/core/lib/iomgr/timer_manager.h +39 -0
  458. data/src/core/lib/iomgr/timer_uv.cc +63 -0
  459. data/src/core/lib/iomgr/udp_server.cc +692 -0
  460. data/src/core/lib/iomgr/udp_server.h +103 -0
  461. data/src/core/lib/iomgr/unix_sockets_posix.cc +104 -0
  462. data/src/core/lib/iomgr/unix_sockets_posix.h +43 -0
  463. data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +49 -0
  464. data/src/core/lib/iomgr/wakeup_fd_cv.cc +107 -0
  465. data/src/core/lib/iomgr/wakeup_fd_cv.h +69 -0
  466. data/src/core/lib/iomgr/wakeup_fd_eventfd.cc +83 -0
  467. data/src/core/lib/iomgr/wakeup_fd_nospecial.cc +38 -0
  468. data/src/core/lib/iomgr/wakeup_fd_pipe.cc +100 -0
  469. data/src/core/lib/iomgr/wakeup_fd_pipe.h +28 -0
  470. data/src/core/lib/iomgr/wakeup_fd_posix.cc +87 -0
  471. data/src/core/lib/iomgr/wakeup_fd_posix.h +96 -0
  472. data/src/core/lib/json/json.cc +86 -0
  473. data/src/core/lib/json/json.h +94 -0
  474. data/src/core/lib/json/json_common.h +34 -0
  475. data/src/core/lib/json/json_reader.cc +663 -0
  476. data/src/core/lib/json/json_reader.h +146 -0
  477. data/src/core/lib/json/json_string.cc +367 -0
  478. data/src/core/lib/json/json_writer.cc +245 -0
  479. data/src/core/lib/json/json_writer.h +84 -0
  480. data/src/core/lib/profiling/basic_timers.cc +286 -0
  481. data/src/core/lib/profiling/stap_timers.cc +50 -0
  482. data/src/core/lib/profiling/timers.h +94 -0
  483. data/src/core/lib/security/context/security_context.cc +348 -0
  484. data/src/core/lib/security/context/security_context.h +115 -0
  485. data/src/core/lib/security/credentials/alts/alts_credentials.cc +119 -0
  486. data/src/core/lib/security/credentials/alts/alts_credentials.h +102 -0
  487. data/src/core/lib/security/credentials/alts/check_gcp_environment.cc +72 -0
  488. data/src/core/lib/security/credentials/alts/check_gcp_environment.h +57 -0
  489. data/src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc +67 -0
  490. data/src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc +33 -0
  491. data/src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc +114 -0
  492. data/src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc +126 -0
  493. data/src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc +46 -0
  494. data/src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h +112 -0
  495. data/src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc +58 -0
  496. data/src/core/lib/security/credentials/composite/composite_credentials.cc +269 -0
  497. data/src/core/lib/security/credentials/composite/composite_credentials.h +59 -0
  498. data/src/core/lib/security/credentials/credentials.cc +286 -0
  499. data/src/core/lib/security/credentials/credentials.h +246 -0
  500. data/src/core/lib/security/credentials/credentials_metadata.cc +62 -0
  501. data/src/core/lib/security/credentials/fake/fake_credentials.cc +136 -0
  502. data/src/core/lib/security/credentials/fake/fake_credentials.h +64 -0
  503. data/src/core/lib/security/credentials/google_default/credentials_generic.cc +41 -0
  504. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +322 -0
  505. data/src/core/lib/security/credentials/google_default/google_default_credentials.h +45 -0
  506. data/src/core/lib/security/credentials/iam/iam_credentials.cc +86 -0
  507. data/src/core/lib/security/credentials/iam/iam_credentials.h +31 -0
  508. data/src/core/lib/security/credentials/jwt/json_token.cc +314 -0
  509. data/src/core/lib/security/credentials/jwt/json_token.h +75 -0
  510. data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +190 -0
  511. data/src/core/lib/security/credentials/jwt/jwt_credentials.h +49 -0
  512. data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +934 -0
  513. data/src/core/lib/security/credentials/jwt/jwt_verifier.h +123 -0
  514. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +532 -0
  515. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +106 -0
  516. data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +271 -0
  517. data/src/core/lib/security/credentials/plugin/plugin_credentials.h +46 -0
  518. data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +349 -0
  519. data/src/core/lib/security/credentials/ssl/ssl_credentials.h +54 -0
  520. data/src/core/lib/security/security_connector/alts_security_connector.cc +287 -0
  521. data/src/core/lib/security/security_connector/alts_security_connector.h +69 -0
  522. data/src/core/lib/security/security_connector/security_connector.cc +1200 -0
  523. data/src/core/lib/security/security_connector/security_connector.h +283 -0
  524. data/src/core/lib/security/transport/auth_filters.h +37 -0
  525. data/src/core/lib/security/transport/client_auth_filter.cc +418 -0
  526. data/src/core/lib/security/transport/secure_endpoint.cc +429 -0
  527. data/src/core/lib/security/transport/secure_endpoint.h +41 -0
  528. data/src/core/lib/security/transport/security_handshaker.cc +526 -0
  529. data/src/core/lib/security/transport/security_handshaker.h +34 -0
  530. data/src/core/lib/security/transport/server_auth_filter.cc +269 -0
  531. data/src/core/lib/security/transport/target_authority_table.cc +75 -0
  532. data/src/core/lib/security/transport/target_authority_table.h +40 -0
  533. data/src/core/lib/security/transport/tsi_error.cc +29 -0
  534. data/src/core/lib/security/transport/tsi_error.h +29 -0
  535. data/src/core/lib/security/util/json_util.cc +48 -0
  536. data/src/core/lib/security/util/json_util.h +42 -0
  537. data/src/core/lib/slice/b64.cc +240 -0
  538. data/src/core/lib/slice/b64.h +51 -0
  539. data/src/core/lib/slice/percent_encoding.cc +169 -0
  540. data/src/core/lib/slice/percent_encoding.h +65 -0
  541. data/src/core/lib/slice/slice.cc +489 -0
  542. data/src/core/lib/slice/slice_buffer.cc +359 -0
  543. data/src/core/lib/slice/slice_hash_table.h +201 -0
  544. data/src/core/lib/slice/slice_intern.cc +332 -0
  545. data/src/core/lib/slice/slice_internal.h +49 -0
  546. data/src/core/lib/slice/slice_string_helpers.cc +118 -0
  547. data/src/core/lib/slice/slice_string_helpers.h +47 -0
  548. data/src/core/lib/slice/slice_weak_hash_table.h +105 -0
  549. data/src/core/lib/surface/api_trace.cc +24 -0
  550. data/src/core/lib/surface/api_trace.h +52 -0
  551. data/src/core/lib/surface/byte_buffer.cc +92 -0
  552. data/src/core/lib/surface/byte_buffer_reader.cc +129 -0
  553. data/src/core/lib/surface/call.cc +2002 -0
  554. data/src/core/lib/surface/call.h +109 -0
  555. data/src/core/lib/surface/call_details.cc +42 -0
  556. data/src/core/lib/surface/call_log_batch.cc +120 -0
  557. data/src/core/lib/surface/call_test_only.h +43 -0
  558. data/src/core/lib/surface/channel.cc +450 -0
  559. data/src/core/lib/surface/channel.h +83 -0
  560. data/src/core/lib/surface/channel_init.cc +109 -0
  561. data/src/core/lib/surface/channel_init.h +73 -0
  562. data/src/core/lib/surface/channel_ping.cc +65 -0
  563. data/src/core/lib/surface/channel_stack_type.cc +58 -0
  564. data/src/core/lib/surface/channel_stack_type.h +47 -0
  565. data/src/core/lib/surface/completion_queue.cc +1262 -0
  566. data/src/core/lib/surface/completion_queue.h +93 -0
  567. data/src/core/lib/surface/completion_queue_factory.cc +79 -0
  568. data/src/core/lib/surface/completion_queue_factory.h +38 -0
  569. data/src/core/lib/surface/event_string.cc +68 -0
  570. data/src/core/lib/surface/event_string.h +29 -0
  571. data/src/core/lib/surface/init.cc +196 -0
  572. data/src/core/lib/surface/init.h +27 -0
  573. data/src/core/lib/surface/init_secure.cc +81 -0
  574. data/src/core/lib/surface/lame_client.cc +180 -0
  575. data/src/core/lib/surface/lame_client.h +28 -0
  576. data/src/core/lib/surface/metadata_array.cc +36 -0
  577. data/src/core/lib/surface/server.cc +1445 -0
  578. data/src/core/lib/surface/server.h +58 -0
  579. data/src/core/lib/surface/validate_metadata.cc +95 -0
  580. data/src/core/lib/surface/validate_metadata.h +30 -0
  581. data/src/core/lib/surface/version.cc +28 -0
  582. data/src/core/lib/transport/bdp_estimator.cc +87 -0
  583. data/src/core/lib/transport/bdp_estimator.h +94 -0
  584. data/src/core/lib/transport/byte_stream.cc +160 -0
  585. data/src/core/lib/transport/byte_stream.h +164 -0
  586. data/src/core/lib/transport/connectivity_state.cc +196 -0
  587. data/src/core/lib/transport/connectivity_state.h +87 -0
  588. data/src/core/lib/transport/error_utils.cc +118 -0
  589. data/src/core/lib/transport/error_utils.h +46 -0
  590. data/src/core/lib/transport/http2_errors.h +41 -0
  591. data/src/core/lib/transport/metadata.cc +539 -0
  592. data/src/core/lib/transport/metadata.h +165 -0
  593. data/src/core/lib/transport/metadata_batch.cc +329 -0
  594. data/src/core/lib/transport/metadata_batch.h +150 -0
  595. data/src/core/lib/transport/pid_controller.cc +51 -0
  596. data/src/core/lib/transport/pid_controller.h +116 -0
  597. data/src/core/lib/transport/service_config.cc +106 -0
  598. data/src/core/lib/transport/service_config.h +249 -0
  599. data/src/core/lib/transport/static_metadata.cc +601 -0
  600. data/src/core/lib/transport/static_metadata.h +603 -0
  601. data/src/core/lib/transport/status_conversion.cc +100 -0
  602. data/src/core/lib/transport/status_conversion.h +38 -0
  603. data/src/core/lib/transport/status_metadata.cc +54 -0
  604. data/src/core/lib/transport/status_metadata.h +30 -0
  605. data/src/core/lib/transport/timeout_encoding.cc +144 -0
  606. data/src/core/lib/transport/timeout_encoding.h +37 -0
  607. data/src/core/lib/transport/transport.cc +278 -0
  608. data/src/core/lib/transport/transport.h +378 -0
  609. data/src/core/lib/transport/transport_impl.h +71 -0
  610. data/src/core/lib/transport/transport_op_string.cc +214 -0
  611. data/src/core/plugin_registry/grpc_plugin_registry.cc +97 -0
  612. data/src/core/tsi/alts/crypt/aes_gcm.cc +687 -0
  613. data/src/core/tsi/alts/crypt/gsec.cc +189 -0
  614. data/src/core/tsi/alts/crypt/gsec.h +454 -0
  615. data/src/core/tsi/alts/frame_protector/alts_counter.cc +118 -0
  616. data/src/core/tsi/alts/frame_protector/alts_counter.h +98 -0
  617. data/src/core/tsi/alts/frame_protector/alts_crypter.cc +66 -0
  618. data/src/core/tsi/alts/frame_protector/alts_crypter.h +255 -0
  619. data/src/core/tsi/alts/frame_protector/alts_frame_protector.cc +407 -0
  620. data/src/core/tsi/alts/frame_protector/alts_frame_protector.h +55 -0
  621. data/src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc +114 -0
  622. data/src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h +114 -0
  623. data/src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc +105 -0
  624. data/src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc +103 -0
  625. data/src/core/tsi/alts/frame_protector/frame_handler.cc +218 -0
  626. data/src/core/tsi/alts/frame_protector/frame_handler.h +236 -0
  627. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +316 -0
  628. data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +137 -0
  629. data/src/core/tsi/alts/handshaker/alts_handshaker_service_api.cc +520 -0
  630. data/src/core/tsi/alts/handshaker/alts_handshaker_service_api.h +323 -0
  631. data/src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.cc +143 -0
  632. data/src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.h +149 -0
  633. data/src/core/tsi/alts/handshaker/alts_tsi_event.cc +73 -0
  634. data/src/core/tsi/alts/handshaker/alts_tsi_event.h +93 -0
  635. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +483 -0
  636. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +83 -0
  637. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h +52 -0
  638. data/src/core/tsi/alts/handshaker/alts_tsi_utils.cc +58 -0
  639. data/src/core/tsi/alts/handshaker/alts_tsi_utils.h +52 -0
  640. data/src/core/tsi/alts/handshaker/altscontext.pb.c +48 -0
  641. data/src/core/tsi/alts/handshaker/altscontext.pb.h +64 -0
  642. data/src/core/tsi/alts/handshaker/handshaker.pb.c +123 -0
  643. data/src/core/tsi/alts/handshaker/handshaker.pb.h +255 -0
  644. data/src/core/tsi/alts/handshaker/transport_security_common.pb.c +50 -0
  645. data/src/core/tsi/alts/handshaker/transport_security_common.pb.h +78 -0
  646. data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +196 -0
  647. data/src/core/tsi/alts/handshaker/transport_security_common_api.h +163 -0
  648. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc +180 -0
  649. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h +52 -0
  650. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc +144 -0
  651. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h +49 -0
  652. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h +91 -0
  653. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc +174 -0
  654. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h +100 -0
  655. data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc +476 -0
  656. data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h +199 -0
  657. data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +296 -0
  658. data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h +52 -0
  659. data/src/core/tsi/alts_transport_security.cc +63 -0
  660. data/src/core/tsi/alts_transport_security.h +47 -0
  661. data/src/core/tsi/fake_transport_security.cc +787 -0
  662. data/src/core/tsi/fake_transport_security.h +45 -0
  663. data/src/core/tsi/ssl/session_cache/ssl_session.h +73 -0
  664. data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +58 -0
  665. data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +211 -0
  666. data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +93 -0
  667. data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +76 -0
  668. data/src/core/tsi/ssl_transport_security.cc +1831 -0
  669. data/src/core/tsi/ssl_transport_security.h +314 -0
  670. data/src/core/tsi/ssl_types.h +42 -0
  671. data/src/core/tsi/transport_security.cc +326 -0
  672. data/src/core/tsi/transport_security.h +127 -0
  673. data/src/core/tsi/transport_security_adapter.cc +235 -0
  674. data/src/core/tsi/transport_security_adapter.h +41 -0
  675. data/src/core/tsi/transport_security_grpc.cc +66 -0
  676. data/src/core/tsi/transport_security_grpc.h +74 -0
  677. data/src/core/tsi/transport_security_interface.h +454 -0
  678. data/src/ruby/bin/apis/google/protobuf/empty.rb +29 -0
  679. data/src/ruby/bin/apis/pubsub_demo.rb +241 -0
  680. data/src/ruby/bin/apis/tech/pubsub/proto/pubsub.rb +159 -0
  681. data/src/ruby/bin/apis/tech/pubsub/proto/pubsub_services.rb +88 -0
  682. data/src/ruby/bin/math_client.rb +132 -0
  683. data/src/ruby/bin/math_pb.rb +32 -0
  684. data/src/ruby/bin/math_server.rb +191 -0
  685. data/src/ruby/bin/math_services_pb.rb +51 -0
  686. data/src/ruby/bin/noproto_client.rb +93 -0
  687. data/src/ruby/bin/noproto_server.rb +97 -0
  688. data/src/ruby/ext/grpc/extconf.rb +118 -0
  689. data/src/ruby/ext/grpc/rb_byte_buffer.c +64 -0
  690. data/src/ruby/ext/grpc/rb_byte_buffer.h +35 -0
  691. data/src/ruby/ext/grpc/rb_call.c +1041 -0
  692. data/src/ruby/ext/grpc/rb_call.h +53 -0
  693. data/src/ruby/ext/grpc/rb_call_credentials.c +290 -0
  694. data/src/ruby/ext/grpc/rb_call_credentials.h +31 -0
  695. data/src/ruby/ext/grpc/rb_channel.c +828 -0
  696. data/src/ruby/ext/grpc/rb_channel.h +34 -0
  697. data/src/ruby/ext/grpc/rb_channel_args.c +155 -0
  698. data/src/ruby/ext/grpc/rb_channel_args.h +38 -0
  699. data/src/ruby/ext/grpc/rb_channel_credentials.c +263 -0
  700. data/src/ruby/ext/grpc/rb_channel_credentials.h +32 -0
  701. data/src/ruby/ext/grpc/rb_completion_queue.c +100 -0
  702. data/src/ruby/ext/grpc/rb_completion_queue.h +36 -0
  703. data/src/ruby/ext/grpc/rb_compression_options.c +468 -0
  704. data/src/ruby/ext/grpc/rb_compression_options.h +29 -0
  705. data/src/ruby/ext/grpc/rb_event_thread.c +141 -0
  706. data/src/ruby/ext/grpc/rb_event_thread.h +21 -0
  707. data/src/ruby/ext/grpc/rb_grpc.c +340 -0
  708. data/src/ruby/ext/grpc/rb_grpc.h +72 -0
  709. data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +507 -0
  710. data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +766 -0
  711. data/src/ruby/ext/grpc/rb_loader.c +57 -0
  712. data/src/ruby/ext/grpc/rb_loader.h +25 -0
  713. data/src/ruby/ext/grpc/rb_server.c +366 -0
  714. data/src/ruby/ext/grpc/rb_server.h +32 -0
  715. data/src/ruby/ext/grpc/rb_server_credentials.c +243 -0
  716. data/src/ruby/ext/grpc/rb_server_credentials.h +32 -0
  717. data/src/ruby/lib/grpc/core/time_consts.rb +56 -0
  718. data/src/ruby/lib/grpc/errors.rb +201 -0
  719. data/src/ruby/lib/grpc/generic/active_call.rb +674 -0
  720. data/src/ruby/lib/grpc/generic/bidi_call.rb +233 -0
  721. data/src/ruby/lib/grpc/generic/client_stub.rb +501 -0
  722. data/src/ruby/lib/grpc/generic/interceptor_registry.rb +53 -0
  723. data/src/ruby/lib/grpc/generic/interceptors.rb +186 -0
  724. data/src/ruby/lib/grpc/generic/rpc_desc.rb +204 -0
  725. data/src/ruby/lib/grpc/generic/rpc_server.rb +490 -0
  726. data/src/ruby/lib/grpc/generic/service.rb +210 -0
  727. data/src/ruby/lib/grpc/google_rpc_status_utils.rb +35 -0
  728. data/src/ruby/lib/grpc/grpc.rb +24 -0
  729. data/src/ruby/lib/grpc/logconfig.rb +44 -0
  730. data/src/ruby/lib/grpc/notifier.rb +45 -0
  731. data/src/ruby/lib/grpc/version.rb +18 -0
  732. data/src/ruby/lib/grpc.rb +35 -0
  733. data/src/ruby/pb/README.md +42 -0
  734. data/src/ruby/pb/generate_proto_ruby.sh +43 -0
  735. data/src/ruby/pb/grpc/health/checker.rb +76 -0
  736. data/src/ruby/pb/grpc/health/v1/health_pb.rb +28 -0
  737. data/src/ruby/pb/grpc/health/v1/health_services_pb.rb +41 -0
  738. data/src/ruby/pb/grpc/testing/duplicate/echo_duplicate_services_pb.rb +44 -0
  739. data/src/ruby/pb/grpc/testing/metrics_pb.rb +28 -0
  740. data/src/ruby/pb/grpc/testing/metrics_services_pb.rb +49 -0
  741. data/src/ruby/pb/src/proto/grpc/testing/empty_pb.rb +15 -0
  742. data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +82 -0
  743. data/src/ruby/pb/src/proto/grpc/testing/test_pb.rb +14 -0
  744. data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +102 -0
  745. data/src/ruby/pb/test/client.rb +764 -0
  746. data/src/ruby/pb/test/server.rb +252 -0
  747. data/src/ruby/spec/call_credentials_spec.rb +42 -0
  748. data/src/ruby/spec/call_spec.rb +180 -0
  749. data/src/ruby/spec/channel_connection_spec.rb +126 -0
  750. data/src/ruby/spec/channel_credentials_spec.rb +82 -0
  751. data/src/ruby/spec/channel_spec.rb +190 -0
  752. data/src/ruby/spec/client_auth_spec.rb +137 -0
  753. data/src/ruby/spec/client_server_spec.rb +664 -0
  754. data/src/ruby/spec/compression_options_spec.rb +149 -0
  755. data/src/ruby/spec/error_sanity_spec.rb +49 -0
  756. data/src/ruby/spec/generic/active_call_spec.rb +672 -0
  757. data/src/ruby/spec/generic/client_interceptors_spec.rb +153 -0
  758. data/src/ruby/spec/generic/client_stub_spec.rb +1067 -0
  759. data/src/ruby/spec/generic/interceptor_registry_spec.rb +65 -0
  760. data/src/ruby/spec/generic/rpc_desc_spec.rb +374 -0
  761. data/src/ruby/spec/generic/rpc_server_pool_spec.rb +127 -0
  762. data/src/ruby/spec/generic/rpc_server_spec.rb +726 -0
  763. data/src/ruby/spec/generic/server_interceptors_spec.rb +218 -0
  764. data/src/ruby/spec/generic/service_spec.rb +261 -0
  765. data/src/ruby/spec/google_rpc_status_utils_spec.rb +293 -0
  766. data/src/ruby/spec/pb/duplicate/codegen_spec.rb +56 -0
  767. data/src/ruby/spec/pb/health/checker_spec.rb +236 -0
  768. data/src/ruby/spec/pb/package_with_underscore/checker_spec.rb +54 -0
  769. data/src/ruby/spec/pb/package_with_underscore/data.proto +23 -0
  770. data/src/ruby/spec/pb/package_with_underscore/service.proto +23 -0
  771. data/src/ruby/spec/server_credentials_spec.rb +79 -0
  772. data/src/ruby/spec/server_spec.rb +209 -0
  773. data/src/ruby/spec/spec_helper.rb +60 -0
  774. data/src/ruby/spec/support/helpers.rb +107 -0
  775. data/src/ruby/spec/support/services.rb +147 -0
  776. data/src/ruby/spec/testdata/README +1 -0
  777. data/src/ruby/spec/testdata/ca.pem +15 -0
  778. data/src/ruby/spec/testdata/client.key +16 -0
  779. data/src/ruby/spec/testdata/client.pem +14 -0
  780. data/src/ruby/spec/testdata/server1.key +16 -0
  781. data/src/ruby/spec/testdata/server1.pem +16 -0
  782. data/src/ruby/spec/time_consts_spec.rb +74 -0
  783. data/third_party/address_sorting/address_sorting.c +369 -0
  784. data/third_party/address_sorting/address_sorting_internal.h +70 -0
  785. data/third_party/address_sorting/address_sorting_posix.c +97 -0
  786. data/third_party/address_sorting/address_sorting_windows.c +55 -0
  787. data/third_party/address_sorting/include/address_sorting/address_sorting.h +110 -0
  788. data/third_party/boringssl/crypto/asn1/a_bitstr.c +271 -0
  789. data/third_party/boringssl/crypto/asn1/a_bool.c +110 -0
  790. data/third_party/boringssl/crypto/asn1/a_d2i_fp.c +297 -0
  791. data/third_party/boringssl/crypto/asn1/a_dup.c +111 -0
  792. data/third_party/boringssl/crypto/asn1/a_enum.c +195 -0
  793. data/third_party/boringssl/crypto/asn1/a_gentm.c +261 -0
  794. data/third_party/boringssl/crypto/asn1/a_i2d_fp.c +150 -0
  795. data/third_party/boringssl/crypto/asn1/a_int.c +474 -0
  796. data/third_party/boringssl/crypto/asn1/a_mbstr.c +409 -0
  797. data/third_party/boringssl/crypto/asn1/a_object.c +275 -0
  798. data/third_party/boringssl/crypto/asn1/a_octet.c +77 -0
  799. data/third_party/boringssl/crypto/asn1/a_print.c +93 -0
  800. data/third_party/boringssl/crypto/asn1/a_strnid.c +312 -0
  801. data/third_party/boringssl/crypto/asn1/a_time.c +213 -0
  802. data/third_party/boringssl/crypto/asn1/a_type.c +151 -0
  803. data/third_party/boringssl/crypto/asn1/a_utctm.c +303 -0
  804. data/third_party/boringssl/crypto/asn1/a_utf8.c +234 -0
  805. data/third_party/boringssl/crypto/asn1/asn1_lib.c +442 -0
  806. data/third_party/boringssl/crypto/asn1/asn1_locl.h +101 -0
  807. data/third_party/boringssl/crypto/asn1/asn1_par.c +80 -0
  808. data/third_party/boringssl/crypto/asn1/asn_pack.c +105 -0
  809. data/third_party/boringssl/crypto/asn1/f_enum.c +93 -0
  810. data/third_party/boringssl/crypto/asn1/f_int.c +97 -0
  811. data/third_party/boringssl/crypto/asn1/f_string.c +91 -0
  812. data/third_party/boringssl/crypto/asn1/tasn_dec.c +1223 -0
  813. data/third_party/boringssl/crypto/asn1/tasn_enc.c +662 -0
  814. data/third_party/boringssl/crypto/asn1/tasn_fre.c +244 -0
  815. data/third_party/boringssl/crypto/asn1/tasn_new.c +387 -0
  816. data/third_party/boringssl/crypto/asn1/tasn_typ.c +131 -0
  817. data/third_party/boringssl/crypto/asn1/tasn_utl.c +280 -0
  818. data/third_party/boringssl/crypto/asn1/time_support.c +206 -0
  819. data/third_party/boringssl/crypto/base64/base64.c +466 -0
  820. data/third_party/boringssl/crypto/bio/bio.c +636 -0
  821. data/third_party/boringssl/crypto/bio/bio_mem.c +330 -0
  822. data/third_party/boringssl/crypto/bio/connect.c +542 -0
  823. data/third_party/boringssl/crypto/bio/fd.c +275 -0
  824. data/third_party/boringssl/crypto/bio/file.c +313 -0
  825. data/third_party/boringssl/crypto/bio/hexdump.c +192 -0
  826. data/third_party/boringssl/crypto/bio/internal.h +111 -0
  827. data/third_party/boringssl/crypto/bio/pair.c +489 -0
  828. data/third_party/boringssl/crypto/bio/printf.c +115 -0
  829. data/third_party/boringssl/crypto/bio/socket.c +202 -0
  830. data/third_party/boringssl/crypto/bio/socket_helper.c +114 -0
  831. data/third_party/boringssl/crypto/bn_extra/bn_asn1.c +64 -0
  832. data/third_party/boringssl/crypto/bn_extra/convert.c +465 -0
  833. data/third_party/boringssl/crypto/buf/buf.c +231 -0
  834. data/third_party/boringssl/crypto/bytestring/asn1_compat.c +52 -0
  835. data/third_party/boringssl/crypto/bytestring/ber.c +264 -0
  836. data/third_party/boringssl/crypto/bytestring/cbb.c +568 -0
  837. data/third_party/boringssl/crypto/bytestring/cbs.c +487 -0
  838. data/third_party/boringssl/crypto/bytestring/internal.h +75 -0
  839. data/third_party/boringssl/crypto/chacha/chacha.c +167 -0
  840. data/third_party/boringssl/crypto/cipher_extra/cipher_extra.c +114 -0
  841. data/third_party/boringssl/crypto/cipher_extra/derive_key.c +152 -0
  842. data/third_party/boringssl/crypto/cipher_extra/e_aesctrhmac.c +281 -0
  843. data/third_party/boringssl/crypto/cipher_extra/e_aesgcmsiv.c +867 -0
  844. data/third_party/boringssl/crypto/cipher_extra/e_chacha20poly1305.c +326 -0
  845. data/third_party/boringssl/crypto/cipher_extra/e_null.c +85 -0
  846. data/third_party/boringssl/crypto/cipher_extra/e_rc2.c +460 -0
  847. data/third_party/boringssl/crypto/cipher_extra/e_rc4.c +87 -0
  848. data/third_party/boringssl/crypto/cipher_extra/e_ssl3.c +460 -0
  849. data/third_party/boringssl/crypto/cipher_extra/e_tls.c +681 -0
  850. data/third_party/boringssl/crypto/cipher_extra/internal.h +128 -0
  851. data/third_party/boringssl/crypto/cipher_extra/tls_cbc.c +482 -0
  852. data/third_party/boringssl/crypto/cmac/cmac.c +241 -0
  853. data/third_party/boringssl/crypto/conf/conf.c +803 -0
  854. data/third_party/boringssl/crypto/conf/conf_def.h +127 -0
  855. data/third_party/boringssl/crypto/conf/internal.h +31 -0
  856. data/third_party/boringssl/crypto/cpu-aarch64-linux.c +61 -0
  857. data/third_party/boringssl/crypto/cpu-arm-linux.c +363 -0
  858. data/third_party/boringssl/crypto/cpu-arm.c +38 -0
  859. data/third_party/boringssl/crypto/cpu-intel.c +288 -0
  860. data/third_party/boringssl/crypto/cpu-ppc64le.c +38 -0
  861. data/third_party/boringssl/crypto/crypto.c +198 -0
  862. data/third_party/boringssl/crypto/curve25519/spake25519.c +539 -0
  863. data/third_party/boringssl/crypto/curve25519/x25519-x86_64.c +247 -0
  864. data/third_party/boringssl/crypto/dh/check.c +217 -0
  865. data/third_party/boringssl/crypto/dh/dh.c +519 -0
  866. data/third_party/boringssl/crypto/dh/dh_asn1.c +160 -0
  867. data/third_party/boringssl/crypto/dh/params.c +93 -0
  868. data/third_party/boringssl/crypto/digest_extra/digest_extra.c +240 -0
  869. data/third_party/boringssl/crypto/dsa/dsa.c +984 -0
  870. data/third_party/boringssl/crypto/dsa/dsa_asn1.c +339 -0
  871. data/third_party/boringssl/crypto/ec_extra/ec_asn1.c +563 -0
  872. data/third_party/boringssl/crypto/ecdh/ecdh.c +161 -0
  873. data/third_party/boringssl/crypto/ecdsa_extra/ecdsa_asn1.c +275 -0
  874. data/third_party/boringssl/crypto/engine/engine.c +98 -0
  875. data/third_party/boringssl/crypto/err/err.c +847 -0
  876. data/third_party/boringssl/crypto/err/internal.h +58 -0
  877. data/third_party/boringssl/crypto/evp/digestsign.c +231 -0
  878. data/third_party/boringssl/crypto/evp/evp.c +362 -0
  879. data/third_party/boringssl/crypto/evp/evp_asn1.c +337 -0
  880. data/third_party/boringssl/crypto/evp/evp_ctx.c +446 -0
  881. data/third_party/boringssl/crypto/evp/internal.h +252 -0
  882. data/third_party/boringssl/crypto/evp/p_dsa_asn1.c +268 -0
  883. data/third_party/boringssl/crypto/evp/p_ec.c +239 -0
  884. data/third_party/boringssl/crypto/evp/p_ec_asn1.c +256 -0
  885. data/third_party/boringssl/crypto/evp/p_ed25519.c +71 -0
  886. data/third_party/boringssl/crypto/evp/p_ed25519_asn1.c +190 -0
  887. data/third_party/boringssl/crypto/evp/p_rsa.c +634 -0
  888. data/third_party/boringssl/crypto/evp/p_rsa_asn1.c +189 -0
  889. data/third_party/boringssl/crypto/evp/pbkdf.c +146 -0
  890. data/third_party/boringssl/crypto/evp/print.c +489 -0
  891. data/third_party/boringssl/crypto/evp/scrypt.c +209 -0
  892. data/third_party/boringssl/crypto/evp/sign.c +151 -0
  893. data/third_party/boringssl/crypto/ex_data.c +261 -0
  894. data/third_party/boringssl/crypto/fipsmodule/aes/aes.c +1100 -0
  895. data/third_party/boringssl/crypto/fipsmodule/aes/internal.h +100 -0
  896. data/third_party/boringssl/crypto/fipsmodule/aes/key_wrap.c +138 -0
  897. data/third_party/boringssl/crypto/fipsmodule/aes/mode_wrappers.c +112 -0
  898. data/third_party/boringssl/crypto/fipsmodule/bcm.c +679 -0
  899. data/third_party/boringssl/crypto/fipsmodule/bn/add.c +371 -0
  900. data/third_party/boringssl/crypto/fipsmodule/bn/asm/x86_64-gcc.c +540 -0
  901. data/third_party/boringssl/crypto/fipsmodule/bn/bn.c +370 -0
  902. data/third_party/boringssl/crypto/fipsmodule/bn/bytes.c +269 -0
  903. data/third_party/boringssl/crypto/fipsmodule/bn/cmp.c +254 -0
  904. data/third_party/boringssl/crypto/fipsmodule/bn/ctx.c +303 -0
  905. data/third_party/boringssl/crypto/fipsmodule/bn/div.c +733 -0
  906. data/third_party/boringssl/crypto/fipsmodule/bn/exponentiation.c +1390 -0
  907. data/third_party/boringssl/crypto/fipsmodule/bn/gcd.c +627 -0
  908. data/third_party/boringssl/crypto/fipsmodule/bn/generic.c +710 -0
  909. data/third_party/boringssl/crypto/fipsmodule/bn/internal.h +413 -0
  910. data/third_party/boringssl/crypto/fipsmodule/bn/jacobi.c +146 -0
  911. data/third_party/boringssl/crypto/fipsmodule/bn/montgomery.c +483 -0
  912. data/third_party/boringssl/crypto/fipsmodule/bn/montgomery_inv.c +207 -0
  913. data/third_party/boringssl/crypto/fipsmodule/bn/mul.c +902 -0
  914. data/third_party/boringssl/crypto/fipsmodule/bn/prime.c +894 -0
  915. data/third_party/boringssl/crypto/fipsmodule/bn/random.c +299 -0
  916. data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.c +254 -0
  917. data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.h +53 -0
  918. data/third_party/boringssl/crypto/fipsmodule/bn/shift.c +305 -0
  919. data/third_party/boringssl/crypto/fipsmodule/bn/sqrt.c +502 -0
  920. data/third_party/boringssl/crypto/fipsmodule/cipher/aead.c +284 -0
  921. data/third_party/boringssl/crypto/fipsmodule/cipher/cipher.c +615 -0
  922. data/third_party/boringssl/crypto/fipsmodule/cipher/e_aes.c +1437 -0
  923. data/third_party/boringssl/crypto/fipsmodule/cipher/e_des.c +233 -0
  924. data/third_party/boringssl/crypto/fipsmodule/cipher/internal.h +129 -0
  925. data/third_party/boringssl/crypto/fipsmodule/delocate.h +88 -0
  926. data/third_party/boringssl/crypto/fipsmodule/des/des.c +785 -0
  927. data/third_party/boringssl/crypto/fipsmodule/des/internal.h +238 -0
  928. data/third_party/boringssl/crypto/fipsmodule/digest/digest.c +256 -0
  929. data/third_party/boringssl/crypto/fipsmodule/digest/digests.c +280 -0
  930. data/third_party/boringssl/crypto/fipsmodule/digest/internal.h +112 -0
  931. data/third_party/boringssl/crypto/fipsmodule/digest/md32_common.h +268 -0
  932. data/third_party/boringssl/crypto/fipsmodule/ec/ec.c +943 -0
  933. data/third_party/boringssl/crypto/fipsmodule/ec/ec_key.c +517 -0
  934. data/third_party/boringssl/crypto/fipsmodule/ec/ec_montgomery.c +277 -0
  935. data/third_party/boringssl/crypto/fipsmodule/ec/internal.h +316 -0
  936. data/third_party/boringssl/crypto/fipsmodule/ec/oct.c +404 -0
  937. data/third_party/boringssl/crypto/fipsmodule/ec/p224-64.c +1131 -0
  938. data/third_party/boringssl/crypto/fipsmodule/ec/p256-64.c +1674 -0
  939. data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64-table.h +9543 -0
  940. data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.c +456 -0
  941. data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.h +113 -0
  942. data/third_party/boringssl/crypto/fipsmodule/ec/simple.c +1052 -0
  943. data/third_party/boringssl/crypto/fipsmodule/ec/util-64.c +109 -0
  944. data/third_party/boringssl/crypto/fipsmodule/ec/wnaf.c +474 -0
  945. data/third_party/boringssl/crypto/fipsmodule/ecdsa/ecdsa.c +442 -0
  946. data/third_party/boringssl/crypto/fipsmodule/hmac/hmac.c +228 -0
  947. data/third_party/boringssl/crypto/fipsmodule/is_fips.c +27 -0
  948. data/third_party/boringssl/crypto/fipsmodule/md4/md4.c +254 -0
  949. data/third_party/boringssl/crypto/fipsmodule/md5/md5.c +298 -0
  950. data/third_party/boringssl/crypto/fipsmodule/modes/cbc.c +211 -0
  951. data/third_party/boringssl/crypto/fipsmodule/modes/cfb.c +234 -0
  952. data/third_party/boringssl/crypto/fipsmodule/modes/ctr.c +220 -0
  953. data/third_party/boringssl/crypto/fipsmodule/modes/gcm.c +1063 -0
  954. data/third_party/boringssl/crypto/fipsmodule/modes/internal.h +384 -0
  955. data/third_party/boringssl/crypto/fipsmodule/modes/ofb.c +95 -0
  956. data/third_party/boringssl/crypto/fipsmodule/modes/polyval.c +91 -0
  957. data/third_party/boringssl/crypto/fipsmodule/rand/ctrdrbg.c +200 -0
  958. data/third_party/boringssl/crypto/fipsmodule/rand/internal.h +92 -0
  959. data/third_party/boringssl/crypto/fipsmodule/rand/rand.c +358 -0
  960. data/third_party/boringssl/crypto/fipsmodule/rand/urandom.c +302 -0
  961. data/third_party/boringssl/crypto/fipsmodule/rsa/blinding.c +263 -0
  962. data/third_party/boringssl/crypto/fipsmodule/rsa/internal.h +131 -0
  963. data/third_party/boringssl/crypto/fipsmodule/rsa/padding.c +692 -0
  964. data/third_party/boringssl/crypto/fipsmodule/rsa/rsa.c +857 -0
  965. data/third_party/boringssl/crypto/fipsmodule/rsa/rsa_impl.c +1051 -0
  966. data/third_party/boringssl/crypto/fipsmodule/sha/sha1-altivec.c +361 -0
  967. data/third_party/boringssl/crypto/fipsmodule/sha/sha1.c +375 -0
  968. data/third_party/boringssl/crypto/fipsmodule/sha/sha256.c +337 -0
  969. data/third_party/boringssl/crypto/fipsmodule/sha/sha512.c +608 -0
  970. data/third_party/boringssl/crypto/hkdf/hkdf.c +112 -0
  971. data/third_party/boringssl/crypto/internal.h +676 -0
  972. data/third_party/boringssl/crypto/lhash/lhash.c +336 -0
  973. data/third_party/boringssl/crypto/mem.c +237 -0
  974. data/third_party/boringssl/crypto/obj/obj.c +621 -0
  975. data/third_party/boringssl/crypto/obj/obj_dat.h +6244 -0
  976. data/third_party/boringssl/crypto/obj/obj_xref.c +122 -0
  977. data/third_party/boringssl/crypto/pem/pem_all.c +262 -0
  978. data/third_party/boringssl/crypto/pem/pem_info.c +379 -0
  979. data/third_party/boringssl/crypto/pem/pem_lib.c +776 -0
  980. data/third_party/boringssl/crypto/pem/pem_oth.c +88 -0
  981. data/third_party/boringssl/crypto/pem/pem_pk8.c +258 -0
  982. data/third_party/boringssl/crypto/pem/pem_pkey.c +227 -0
  983. data/third_party/boringssl/crypto/pem/pem_x509.c +65 -0
  984. data/third_party/boringssl/crypto/pem/pem_xaux.c +65 -0
  985. data/third_party/boringssl/crypto/pkcs7/internal.h +49 -0
  986. data/third_party/boringssl/crypto/pkcs7/pkcs7.c +166 -0
  987. data/third_party/boringssl/crypto/pkcs7/pkcs7_x509.c +233 -0
  988. data/third_party/boringssl/crypto/pkcs8/internal.h +120 -0
  989. data/third_party/boringssl/crypto/pkcs8/p5_pbev2.c +307 -0
  990. data/third_party/boringssl/crypto/pkcs8/pkcs8.c +513 -0
  991. data/third_party/boringssl/crypto/pkcs8/pkcs8_x509.c +789 -0
  992. data/third_party/boringssl/crypto/poly1305/internal.h +41 -0
  993. data/third_party/boringssl/crypto/poly1305/poly1305.c +318 -0
  994. data/third_party/boringssl/crypto/poly1305/poly1305_arm.c +304 -0
  995. data/third_party/boringssl/crypto/poly1305/poly1305_vec.c +839 -0
  996. data/third_party/boringssl/crypto/pool/internal.h +45 -0
  997. data/third_party/boringssl/crypto/pool/pool.c +200 -0
  998. data/third_party/boringssl/crypto/rand_extra/deterministic.c +48 -0
  999. data/third_party/boringssl/crypto/rand_extra/forkunsafe.c +46 -0
  1000. data/third_party/boringssl/crypto/rand_extra/fuchsia.c +43 -0
  1001. data/third_party/boringssl/crypto/rand_extra/rand_extra.c +70 -0
  1002. data/third_party/boringssl/crypto/rand_extra/windows.c +53 -0
  1003. data/third_party/boringssl/crypto/rc4/rc4.c +98 -0
  1004. data/third_party/boringssl/crypto/refcount_c11.c +67 -0
  1005. data/third_party/boringssl/crypto/refcount_lock.c +53 -0
  1006. data/third_party/boringssl/crypto/rsa_extra/rsa_asn1.c +325 -0
  1007. data/third_party/boringssl/crypto/stack/stack.c +380 -0
  1008. data/third_party/boringssl/crypto/thread.c +110 -0
  1009. data/third_party/boringssl/crypto/thread_none.c +59 -0
  1010. data/third_party/boringssl/crypto/thread_pthread.c +176 -0
  1011. data/third_party/boringssl/crypto/thread_win.c +237 -0
  1012. data/third_party/boringssl/crypto/x509/a_digest.c +96 -0
  1013. data/third_party/boringssl/crypto/x509/a_sign.c +128 -0
  1014. data/third_party/boringssl/crypto/x509/a_strex.c +633 -0
  1015. data/third_party/boringssl/crypto/x509/a_verify.c +115 -0
  1016. data/third_party/boringssl/crypto/x509/algorithm.c +153 -0
  1017. data/third_party/boringssl/crypto/x509/asn1_gen.c +841 -0
  1018. data/third_party/boringssl/crypto/x509/by_dir.c +451 -0
  1019. data/third_party/boringssl/crypto/x509/by_file.c +274 -0
  1020. data/third_party/boringssl/crypto/x509/charmap.h +15 -0
  1021. data/third_party/boringssl/crypto/x509/i2d_pr.c +83 -0
  1022. data/third_party/boringssl/crypto/x509/internal.h +66 -0
  1023. data/third_party/boringssl/crypto/x509/rsa_pss.c +385 -0
  1024. data/third_party/boringssl/crypto/x509/t_crl.c +128 -0
  1025. data/third_party/boringssl/crypto/x509/t_req.c +246 -0
  1026. data/third_party/boringssl/crypto/x509/t_x509.c +547 -0
  1027. data/third_party/boringssl/crypto/x509/t_x509a.c +111 -0
  1028. data/third_party/boringssl/crypto/x509/vpm_int.h +70 -0
  1029. data/third_party/boringssl/crypto/x509/x509.c +157 -0
  1030. data/third_party/boringssl/crypto/x509/x509_att.c +381 -0
  1031. data/third_party/boringssl/crypto/x509/x509_cmp.c +477 -0
  1032. data/third_party/boringssl/crypto/x509/x509_d2.c +106 -0
  1033. data/third_party/boringssl/crypto/x509/x509_def.c +103 -0
  1034. data/third_party/boringssl/crypto/x509/x509_ext.c +206 -0
  1035. data/third_party/boringssl/crypto/x509/x509_lu.c +725 -0
  1036. data/third_party/boringssl/crypto/x509/x509_obj.c +198 -0
  1037. data/third_party/boringssl/crypto/x509/x509_r2x.c +117 -0
  1038. data/third_party/boringssl/crypto/x509/x509_req.c +322 -0
  1039. data/third_party/boringssl/crypto/x509/x509_set.c +164 -0
  1040. data/third_party/boringssl/crypto/x509/x509_trs.c +326 -0
  1041. data/third_party/boringssl/crypto/x509/x509_txt.c +205 -0
  1042. data/third_party/boringssl/crypto/x509/x509_v3.c +278 -0
  1043. data/third_party/boringssl/crypto/x509/x509_vfy.c +2472 -0
  1044. data/third_party/boringssl/crypto/x509/x509_vpm.c +648 -0
  1045. data/third_party/boringssl/crypto/x509/x509cset.c +170 -0
  1046. data/third_party/boringssl/crypto/x509/x509name.c +389 -0
  1047. data/third_party/boringssl/crypto/x509/x509rset.c +81 -0
  1048. data/third_party/boringssl/crypto/x509/x509spki.c +137 -0
  1049. data/third_party/boringssl/crypto/x509/x_algor.c +151 -0
  1050. data/third_party/boringssl/crypto/x509/x_all.c +501 -0
  1051. data/third_party/boringssl/crypto/x509/x_attrib.c +111 -0
  1052. data/third_party/boringssl/crypto/x509/x_crl.c +541 -0
  1053. data/third_party/boringssl/crypto/x509/x_exten.c +75 -0
  1054. data/third_party/boringssl/crypto/x509/x_info.c +98 -0
  1055. data/third_party/boringssl/crypto/x509/x_name.c +541 -0
  1056. data/third_party/boringssl/crypto/x509/x_pkey.c +106 -0
  1057. data/third_party/boringssl/crypto/x509/x_pubkey.c +368 -0
  1058. data/third_party/boringssl/crypto/x509/x_req.c +109 -0
  1059. data/third_party/boringssl/crypto/x509/x_sig.c +69 -0
  1060. data/third_party/boringssl/crypto/x509/x_spki.c +80 -0
  1061. data/third_party/boringssl/crypto/x509/x_val.c +69 -0
  1062. data/third_party/boringssl/crypto/x509/x_x509.c +328 -0
  1063. data/third_party/boringssl/crypto/x509/x_x509a.c +198 -0
  1064. data/third_party/boringssl/crypto/x509v3/ext_dat.h +143 -0
  1065. data/third_party/boringssl/crypto/x509v3/pcy_cache.c +284 -0
  1066. data/third_party/boringssl/crypto/x509v3/pcy_data.c +130 -0
  1067. data/third_party/boringssl/crypto/x509v3/pcy_int.h +217 -0
  1068. data/third_party/boringssl/crypto/x509v3/pcy_lib.c +155 -0
  1069. data/third_party/boringssl/crypto/x509v3/pcy_map.c +130 -0
  1070. data/third_party/boringssl/crypto/x509v3/pcy_node.c +188 -0
  1071. data/third_party/boringssl/crypto/x509v3/pcy_tree.c +840 -0
  1072. data/third_party/boringssl/crypto/x509v3/v3_akey.c +204 -0
  1073. data/third_party/boringssl/crypto/x509v3/v3_akeya.c +72 -0
  1074. data/third_party/boringssl/crypto/x509v3/v3_alt.c +623 -0
  1075. data/third_party/boringssl/crypto/x509v3/v3_bcons.c +133 -0
  1076. data/third_party/boringssl/crypto/x509v3/v3_bitst.c +141 -0
  1077. data/third_party/boringssl/crypto/x509v3/v3_conf.c +462 -0
  1078. data/third_party/boringssl/crypto/x509v3/v3_cpols.c +502 -0
  1079. data/third_party/boringssl/crypto/x509v3/v3_crld.c +561 -0
  1080. data/third_party/boringssl/crypto/x509v3/v3_enum.c +100 -0
  1081. data/third_party/boringssl/crypto/x509v3/v3_extku.c +148 -0
  1082. data/third_party/boringssl/crypto/x509v3/v3_genn.c +251 -0
  1083. data/third_party/boringssl/crypto/x509v3/v3_ia5.c +122 -0
  1084. data/third_party/boringssl/crypto/x509v3/v3_info.c +219 -0
  1085. data/third_party/boringssl/crypto/x509v3/v3_int.c +91 -0
  1086. data/third_party/boringssl/crypto/x509v3/v3_lib.c +370 -0
  1087. data/third_party/boringssl/crypto/x509v3/v3_ncons.c +501 -0
  1088. data/third_party/boringssl/crypto/x509v3/v3_pci.c +287 -0
  1089. data/third_party/boringssl/crypto/x509v3/v3_pcia.c +57 -0
  1090. data/third_party/boringssl/crypto/x509v3/v3_pcons.c +139 -0
  1091. data/third_party/boringssl/crypto/x509v3/v3_pku.c +110 -0
  1092. data/third_party/boringssl/crypto/x509v3/v3_pmaps.c +154 -0
  1093. data/third_party/boringssl/crypto/x509v3/v3_prn.c +229 -0
  1094. data/third_party/boringssl/crypto/x509v3/v3_purp.c +866 -0
  1095. data/third_party/boringssl/crypto/x509v3/v3_skey.c +152 -0
  1096. data/third_party/boringssl/crypto/x509v3/v3_sxnet.c +274 -0
  1097. data/third_party/boringssl/crypto/x509v3/v3_utl.c +1352 -0
  1098. data/third_party/boringssl/include/openssl/aead.h +423 -0
  1099. data/third_party/boringssl/include/openssl/aes.h +170 -0
  1100. data/third_party/boringssl/include/openssl/arm_arch.h +121 -0
  1101. data/third_party/boringssl/include/openssl/asn1.h +982 -0
  1102. data/third_party/boringssl/include/openssl/asn1_mac.h +18 -0
  1103. data/third_party/boringssl/include/openssl/asn1t.h +892 -0
  1104. data/third_party/boringssl/include/openssl/base.h +468 -0
  1105. data/third_party/boringssl/include/openssl/base64.h +187 -0
  1106. data/third_party/boringssl/include/openssl/bio.h +902 -0
  1107. data/third_party/boringssl/include/openssl/blowfish.h +93 -0
  1108. data/third_party/boringssl/include/openssl/bn.h +975 -0
  1109. data/third_party/boringssl/include/openssl/buf.h +137 -0
  1110. data/third_party/boringssl/include/openssl/buffer.h +18 -0
  1111. data/third_party/boringssl/include/openssl/bytestring.h +480 -0
  1112. data/third_party/boringssl/include/openssl/cast.h +96 -0
  1113. data/third_party/boringssl/include/openssl/chacha.h +41 -0
  1114. data/third_party/boringssl/include/openssl/cipher.h +608 -0
  1115. data/third_party/boringssl/include/openssl/cmac.h +87 -0
  1116. data/third_party/boringssl/include/openssl/conf.h +183 -0
  1117. data/third_party/boringssl/include/openssl/cpu.h +196 -0
  1118. data/third_party/boringssl/include/openssl/crypto.h +118 -0
  1119. data/third_party/boringssl/include/openssl/curve25519.h +201 -0
  1120. data/third_party/boringssl/include/openssl/des.h +177 -0
  1121. data/third_party/boringssl/include/openssl/dh.h +298 -0
  1122. data/third_party/boringssl/include/openssl/digest.h +316 -0
  1123. data/third_party/boringssl/include/openssl/dsa.h +435 -0
  1124. data/third_party/boringssl/include/openssl/dtls1.h +16 -0
  1125. data/third_party/boringssl/include/openssl/ec.h +407 -0
  1126. data/third_party/boringssl/include/openssl/ec_key.h +341 -0
  1127. data/third_party/boringssl/include/openssl/ecdh.h +101 -0
  1128. data/third_party/boringssl/include/openssl/ecdsa.h +199 -0
  1129. data/third_party/boringssl/include/openssl/engine.h +109 -0
  1130. data/third_party/boringssl/include/openssl/err.h +458 -0
  1131. data/third_party/boringssl/include/openssl/evp.h +873 -0
  1132. data/third_party/boringssl/include/openssl/ex_data.h +203 -0
  1133. data/third_party/boringssl/include/openssl/hkdf.h +64 -0
  1134. data/third_party/boringssl/include/openssl/hmac.h +186 -0
  1135. data/third_party/boringssl/include/openssl/is_boringssl.h +16 -0
  1136. data/third_party/boringssl/include/openssl/lhash.h +174 -0
  1137. data/third_party/boringssl/include/openssl/lhash_macros.h +174 -0
  1138. data/third_party/boringssl/include/openssl/md4.h +106 -0
  1139. data/third_party/boringssl/include/openssl/md5.h +107 -0
  1140. data/third_party/boringssl/include/openssl/mem.h +156 -0
  1141. data/third_party/boringssl/include/openssl/nid.h +4242 -0
  1142. data/third_party/boringssl/include/openssl/obj.h +233 -0
  1143. data/third_party/boringssl/include/openssl/obj_mac.h +18 -0
  1144. data/third_party/boringssl/include/openssl/objects.h +18 -0
  1145. data/third_party/boringssl/include/openssl/opensslconf.h +67 -0
  1146. data/third_party/boringssl/include/openssl/opensslv.h +18 -0
  1147. data/third_party/boringssl/include/openssl/ossl_typ.h +18 -0
  1148. data/third_party/boringssl/include/openssl/pem.h +397 -0
  1149. data/third_party/boringssl/include/openssl/pkcs12.h +18 -0
  1150. data/third_party/boringssl/include/openssl/pkcs7.h +82 -0
  1151. data/third_party/boringssl/include/openssl/pkcs8.h +230 -0
  1152. data/third_party/boringssl/include/openssl/poly1305.h +51 -0
  1153. data/third_party/boringssl/include/openssl/pool.h +91 -0
  1154. data/third_party/boringssl/include/openssl/rand.h +125 -0
  1155. data/third_party/boringssl/include/openssl/rc4.h +96 -0
  1156. data/third_party/boringssl/include/openssl/ripemd.h +107 -0
  1157. data/third_party/boringssl/include/openssl/rsa.h +731 -0
  1158. data/third_party/boringssl/include/openssl/safestack.h +16 -0
  1159. data/third_party/boringssl/include/openssl/sha.h +256 -0
  1160. data/third_party/boringssl/include/openssl/span.h +191 -0
  1161. data/third_party/boringssl/include/openssl/srtp.h +18 -0
  1162. data/third_party/boringssl/include/openssl/ssl.h +4592 -0
  1163. data/third_party/boringssl/include/openssl/ssl3.h +333 -0
  1164. data/third_party/boringssl/include/openssl/stack.h +485 -0
  1165. data/third_party/boringssl/include/openssl/thread.h +191 -0
  1166. data/third_party/boringssl/include/openssl/tls1.h +610 -0
  1167. data/third_party/boringssl/include/openssl/type_check.h +91 -0
  1168. data/third_party/boringssl/include/openssl/x509.h +1176 -0
  1169. data/third_party/boringssl/include/openssl/x509_vfy.h +614 -0
  1170. data/third_party/boringssl/include/openssl/x509v3.h +826 -0
  1171. data/third_party/boringssl/ssl/bio_ssl.cc +179 -0
  1172. data/third_party/boringssl/ssl/custom_extensions.cc +265 -0
  1173. data/third_party/boringssl/ssl/d1_both.cc +837 -0
  1174. data/third_party/boringssl/ssl/d1_lib.cc +267 -0
  1175. data/third_party/boringssl/ssl/d1_pkt.cc +274 -0
  1176. data/third_party/boringssl/ssl/d1_srtp.cc +232 -0
  1177. data/third_party/boringssl/ssl/dtls_method.cc +193 -0
  1178. data/third_party/boringssl/ssl/dtls_record.cc +353 -0
  1179. data/third_party/boringssl/ssl/handshake.cc +616 -0
  1180. data/third_party/boringssl/ssl/handshake_client.cc +1836 -0
  1181. data/third_party/boringssl/ssl/handshake_server.cc +1662 -0
  1182. data/third_party/boringssl/ssl/internal.h +3011 -0
  1183. data/third_party/boringssl/ssl/s3_both.cc +585 -0
  1184. data/third_party/boringssl/ssl/s3_lib.cc +224 -0
  1185. data/third_party/boringssl/ssl/s3_pkt.cc +443 -0
  1186. data/third_party/boringssl/ssl/ssl_aead_ctx.cc +415 -0
  1187. data/third_party/boringssl/ssl/ssl_asn1.cc +840 -0
  1188. data/third_party/boringssl/ssl/ssl_buffer.cc +286 -0
  1189. data/third_party/boringssl/ssl/ssl_cert.cc +913 -0
  1190. data/third_party/boringssl/ssl/ssl_cipher.cc +1777 -0
  1191. data/third_party/boringssl/ssl/ssl_file.cc +583 -0
  1192. data/third_party/boringssl/ssl/ssl_key_share.cc +250 -0
  1193. data/third_party/boringssl/ssl/ssl_lib.cc +2650 -0
  1194. data/third_party/boringssl/ssl/ssl_privkey.cc +488 -0
  1195. data/third_party/boringssl/ssl/ssl_session.cc +1221 -0
  1196. data/third_party/boringssl/ssl/ssl_stat.cc +224 -0
  1197. data/third_party/boringssl/ssl/ssl_transcript.cc +398 -0
  1198. data/third_party/boringssl/ssl/ssl_versions.cc +472 -0
  1199. data/third_party/boringssl/ssl/ssl_x509.cc +1299 -0
  1200. data/third_party/boringssl/ssl/t1_enc.cc +503 -0
  1201. data/third_party/boringssl/ssl/t1_lib.cc +3457 -0
  1202. data/third_party/boringssl/ssl/tls13_both.cc +551 -0
  1203. data/third_party/boringssl/ssl/tls13_client.cc +977 -0
  1204. data/third_party/boringssl/ssl/tls13_enc.cc +563 -0
  1205. data/third_party/boringssl/ssl/tls13_server.cc +1068 -0
  1206. data/third_party/boringssl/ssl/tls_method.cc +291 -0
  1207. data/third_party/boringssl/ssl/tls_record.cc +712 -0
  1208. data/third_party/boringssl/third_party/fiat/curve25519.c +5062 -0
  1209. data/third_party/boringssl/third_party/fiat/internal.h +142 -0
  1210. data/third_party/cares/ares_build.h +223 -0
  1211. data/third_party/cares/cares/ares.h +658 -0
  1212. data/third_party/cares/cares/ares__close_sockets.c +61 -0
  1213. data/third_party/cares/cares/ares__get_hostent.c +261 -0
  1214. data/third_party/cares/cares/ares__read_line.c +73 -0
  1215. data/third_party/cares/cares/ares__timeval.c +111 -0
  1216. data/third_party/cares/cares/ares_cancel.c +63 -0
  1217. data/third_party/cares/cares/ares_create_query.c +202 -0
  1218. data/third_party/cares/cares/ares_data.c +221 -0
  1219. data/third_party/cares/cares/ares_data.h +72 -0
  1220. data/third_party/cares/cares/ares_destroy.c +108 -0
  1221. data/third_party/cares/cares/ares_dns.h +103 -0
  1222. data/third_party/cares/cares/ares_expand_name.c +209 -0
  1223. data/third_party/cares/cares/ares_expand_string.c +70 -0
  1224. data/third_party/cares/cares/ares_fds.c +59 -0
  1225. data/third_party/cares/cares/ares_free_hostent.c +41 -0
  1226. data/third_party/cares/cares/ares_free_string.c +25 -0
  1227. data/third_party/cares/cares/ares_getenv.c +30 -0
  1228. data/third_party/cares/cares/ares_getenv.h +26 -0
  1229. data/third_party/cares/cares/ares_gethostbyaddr.c +294 -0
  1230. data/third_party/cares/cares/ares_gethostbyname.c +518 -0
  1231. data/third_party/cares/cares/ares_getnameinfo.c +442 -0
  1232. data/third_party/cares/cares/ares_getopt.c +122 -0
  1233. data/third_party/cares/cares/ares_getopt.h +53 -0
  1234. data/third_party/cares/cares/ares_getsock.c +66 -0
  1235. data/third_party/cares/cares/ares_inet_net_pton.h +25 -0
  1236. data/third_party/cares/cares/ares_init.c +2514 -0
  1237. data/third_party/cares/cares/ares_iphlpapi.h +221 -0
  1238. data/third_party/cares/cares/ares_ipv6.h +78 -0
  1239. data/third_party/cares/cares/ares_library_init.c +177 -0
  1240. data/third_party/cares/cares/ares_library_init.h +43 -0
  1241. data/third_party/cares/cares/ares_llist.c +63 -0
  1242. data/third_party/cares/cares/ares_llist.h +39 -0
  1243. data/third_party/cares/cares/ares_mkquery.c +24 -0
  1244. data/third_party/cares/cares/ares_nowarn.c +260 -0
  1245. data/third_party/cares/cares/ares_nowarn.h +61 -0
  1246. data/third_party/cares/cares/ares_options.c +402 -0
  1247. data/third_party/cares/cares/ares_parse_a_reply.c +264 -0
  1248. data/third_party/cares/cares/ares_parse_aaaa_reply.c +264 -0
  1249. data/third_party/cares/cares/ares_parse_mx_reply.c +170 -0
  1250. data/third_party/cares/cares/ares_parse_naptr_reply.c +193 -0
  1251. data/third_party/cares/cares/ares_parse_ns_reply.c +183 -0
  1252. data/third_party/cares/cares/ares_parse_ptr_reply.c +219 -0
  1253. data/third_party/cares/cares/ares_parse_soa_reply.c +133 -0
  1254. data/third_party/cares/cares/ares_parse_srv_reply.c +179 -0
  1255. data/third_party/cares/cares/ares_parse_txt_reply.c +220 -0
  1256. data/third_party/cares/cares/ares_platform.c +11035 -0
  1257. data/third_party/cares/cares/ares_platform.h +43 -0
  1258. data/third_party/cares/cares/ares_private.h +374 -0
  1259. data/third_party/cares/cares/ares_process.c +1448 -0
  1260. data/third_party/cares/cares/ares_query.c +186 -0
  1261. data/third_party/cares/cares/ares_rules.h +125 -0
  1262. data/third_party/cares/cares/ares_search.c +316 -0
  1263. data/third_party/cares/cares/ares_send.c +131 -0
  1264. data/third_party/cares/cares/ares_setup.h +217 -0
  1265. data/third_party/cares/cares/ares_strcasecmp.c +66 -0
  1266. data/third_party/cares/cares/ares_strcasecmp.h +30 -0
  1267. data/third_party/cares/cares/ares_strdup.c +49 -0
  1268. data/third_party/cares/cares/ares_strdup.h +24 -0
  1269. data/third_party/cares/cares/ares_strerror.c +56 -0
  1270. data/third_party/cares/cares/ares_timeout.c +88 -0
  1271. data/third_party/cares/cares/ares_version.c +11 -0
  1272. data/third_party/cares/cares/ares_version.h +24 -0
  1273. data/third_party/cares/cares/ares_writev.c +79 -0
  1274. data/third_party/cares/cares/bitncmp.c +59 -0
  1275. data/third_party/cares/cares/bitncmp.h +26 -0
  1276. data/third_party/cares/cares/config-win32.h +351 -0
  1277. data/third_party/cares/cares/inet_net_pton.c +450 -0
  1278. data/third_party/cares/cares/inet_ntop.c +208 -0
  1279. data/third_party/cares/cares/setup_once.h +554 -0
  1280. data/third_party/cares/cares/windows_port.c +22 -0
  1281. data/third_party/cares/config_darwin/ares_config.h +425 -0
  1282. data/third_party/cares/config_freebsd/ares_config.h +502 -0
  1283. data/third_party/cares/config_linux/ares_config.h +458 -0
  1284. data/third_party/cares/config_openbsd/ares_config.h +502 -0
  1285. data/third_party/nanopb/pb.h +579 -0
  1286. data/third_party/nanopb/pb_common.c +97 -0
  1287. data/third_party/nanopb/pb_common.h +42 -0
  1288. data/third_party/nanopb/pb_decode.c +1347 -0
  1289. data/third_party/nanopb/pb_decode.h +149 -0
  1290. data/third_party/nanopb/pb_encode.c +696 -0
  1291. data/third_party/nanopb/pb_encode.h +154 -0
  1292. data/third_party/zlib/adler32.c +186 -0
  1293. data/third_party/zlib/compress.c +86 -0
  1294. data/third_party/zlib/crc32.c +442 -0
  1295. data/third_party/zlib/crc32.h +441 -0
  1296. data/third_party/zlib/deflate.c +2163 -0
  1297. data/third_party/zlib/deflate.h +349 -0
  1298. data/third_party/zlib/gzclose.c +25 -0
  1299. data/third_party/zlib/gzguts.h +218 -0
  1300. data/third_party/zlib/gzlib.c +637 -0
  1301. data/third_party/zlib/gzread.c +654 -0
  1302. data/third_party/zlib/gzwrite.c +665 -0
  1303. data/third_party/zlib/infback.c +640 -0
  1304. data/third_party/zlib/inffast.c +323 -0
  1305. data/third_party/zlib/inffast.h +11 -0
  1306. data/third_party/zlib/inffixed.h +94 -0
  1307. data/third_party/zlib/inflate.c +1561 -0
  1308. data/third_party/zlib/inflate.h +125 -0
  1309. data/third_party/zlib/inftrees.c +304 -0
  1310. data/third_party/zlib/inftrees.h +62 -0
  1311. data/third_party/zlib/trees.c +1203 -0
  1312. data/third_party/zlib/trees.h +128 -0
  1313. data/third_party/zlib/uncompr.c +93 -0
  1314. data/third_party/zlib/zconf.h +534 -0
  1315. data/third_party/zlib/zlib.h +1912 -0
  1316. data/third_party/zlib/zutil.c +325 -0
  1317. data/third_party/zlib/zutil.h +271 -0
  1318. metadata +1586 -0
@@ -0,0 +1,3457 @@
1
+ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2
+ * All rights reserved.
3
+ *
4
+ * This package is an SSL implementation written
5
+ * by Eric Young (eay@cryptsoft.com).
6
+ * The implementation was written so as to conform with Netscapes SSL.
7
+ *
8
+ * This library is free for commercial and non-commercial use as long as
9
+ * the following conditions are aheared to. The following conditions
10
+ * apply to all code found in this distribution, be it the RC4, RSA,
11
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12
+ * included with this distribution is covered by the same copyright terms
13
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14
+ *
15
+ * Copyright remains Eric Young's, and as such any Copyright notices in
16
+ * the code are not to be removed.
17
+ * If this package is used in a product, Eric Young should be given attribution
18
+ * as the author of the parts of the library used.
19
+ * This can be in the form of a textual message at program startup or
20
+ * in documentation (online or textual) provided with the package.
21
+ *
22
+ * Redistribution and use in source and binary forms, with or without
23
+ * modification, are permitted provided that the following conditions
24
+ * are met:
25
+ * 1. Redistributions of source code must retain the copyright
26
+ * notice, this list of conditions and the following disclaimer.
27
+ * 2. Redistributions in binary form must reproduce the above copyright
28
+ * notice, this list of conditions and the following disclaimer in the
29
+ * documentation and/or other materials provided with the distribution.
30
+ * 3. All advertising materials mentioning features or use of this software
31
+ * must display the following acknowledgement:
32
+ * "This product includes cryptographic software written by
33
+ * Eric Young (eay@cryptsoft.com)"
34
+ * The word 'cryptographic' can be left out if the rouines from the library
35
+ * being used are not cryptographic related :-).
36
+ * 4. If you include any Windows specific code (or a derivative thereof) from
37
+ * the apps directory (application code) you must include an acknowledgement:
38
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39
+ *
40
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50
+ * SUCH DAMAGE.
51
+ *
52
+ * The licence and distribution terms for any publically available version or
53
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
54
+ * copied and put under another distribution licence
55
+ * [including the GNU Public Licence.]
56
+ */
57
+ /* ====================================================================
58
+ * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
59
+ *
60
+ * Redistribution and use in source and binary forms, with or without
61
+ * modification, are permitted provided that the following conditions
62
+ * are met:
63
+ *
64
+ * 1. Redistributions of source code must retain the above copyright
65
+ * notice, this list of conditions and the following disclaimer.
66
+ *
67
+ * 2. Redistributions in binary form must reproduce the above copyright
68
+ * notice, this list of conditions and the following disclaimer in
69
+ * the documentation and/or other materials provided with the
70
+ * distribution.
71
+ *
72
+ * 3. All advertising materials mentioning features or use of this
73
+ * software must display the following acknowledgment:
74
+ * "This product includes software developed by the OpenSSL Project
75
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
76
+ *
77
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
78
+ * endorse or promote products derived from this software without
79
+ * prior written permission. For written permission, please contact
80
+ * openssl-core@openssl.org.
81
+ *
82
+ * 5. Products derived from this software may not be called "OpenSSL"
83
+ * nor may "OpenSSL" appear in their names without prior written
84
+ * permission of the OpenSSL Project.
85
+ *
86
+ * 6. Redistributions of any form whatsoever must retain the following
87
+ * acknowledgment:
88
+ * "This product includes software developed by the OpenSSL Project
89
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
90
+ *
91
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
92
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
93
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
94
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
95
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
96
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
97
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
98
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
99
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
100
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
101
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
102
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
103
+ * ====================================================================
104
+ *
105
+ * This product includes cryptographic software written by Eric Young
106
+ * (eay@cryptsoft.com). This product includes software written by Tim
107
+ * Hudson (tjh@cryptsoft.com). */
108
+
109
+ #include <openssl/ssl.h>
110
+
111
+ #include <assert.h>
112
+ #include <limits.h>
113
+ #include <stdlib.h>
114
+ #include <string.h>
115
+
116
+ #include <utility>
117
+
118
+ #include <openssl/bytestring.h>
119
+ #include <openssl/digest.h>
120
+ #include <openssl/err.h>
121
+ #include <openssl/evp.h>
122
+ #include <openssl/hmac.h>
123
+ #include <openssl/mem.h>
124
+ #include <openssl/nid.h>
125
+ #include <openssl/rand.h>
126
+
127
+ #include "internal.h"
128
+ #include "../crypto/internal.h"
129
+
130
+
131
+ namespace bssl {
132
+
133
+ static int ssl_check_clienthello_tlsext(SSL_HANDSHAKE *hs);
134
+
135
+ static int compare_uint16_t(const void *p1, const void *p2) {
136
+ uint16_t u1 = *((const uint16_t *)p1);
137
+ uint16_t u2 = *((const uint16_t *)p2);
138
+ if (u1 < u2) {
139
+ return -1;
140
+ } else if (u1 > u2) {
141
+ return 1;
142
+ } else {
143
+ return 0;
144
+ }
145
+ }
146
+
147
+ // Per http://tools.ietf.org/html/rfc5246#section-7.4.1.4, there may not be
148
+ // more than one extension of the same type in a ClientHello or ServerHello.
149
+ // This function does an initial scan over the extensions block to filter those
150
+ // out.
151
+ static int tls1_check_duplicate_extensions(const CBS *cbs) {
152
+ // First pass: count the extensions.
153
+ size_t num_extensions = 0;
154
+ CBS extensions = *cbs;
155
+ while (CBS_len(&extensions) > 0) {
156
+ uint16_t type;
157
+ CBS extension;
158
+
159
+ if (!CBS_get_u16(&extensions, &type) ||
160
+ !CBS_get_u16_length_prefixed(&extensions, &extension)) {
161
+ return 0;
162
+ }
163
+
164
+ num_extensions++;
165
+ }
166
+
167
+ if (num_extensions == 0) {
168
+ return 1;
169
+ }
170
+
171
+ Array<uint16_t> extension_types;
172
+ if (!extension_types.Init(num_extensions)) {
173
+ return 0;
174
+ }
175
+
176
+ // Second pass: gather the extension types.
177
+ extensions = *cbs;
178
+ for (size_t i = 0; i < extension_types.size(); i++) {
179
+ CBS extension;
180
+
181
+ if (!CBS_get_u16(&extensions, &extension_types[i]) ||
182
+ !CBS_get_u16_length_prefixed(&extensions, &extension)) {
183
+ // This should not happen.
184
+ return 0;
185
+ }
186
+ }
187
+ assert(CBS_len(&extensions) == 0);
188
+
189
+ // Sort the extensions and make sure there are no duplicates.
190
+ qsort(extension_types.data(), extension_types.size(), sizeof(uint16_t),
191
+ compare_uint16_t);
192
+ for (size_t i = 1; i < num_extensions; i++) {
193
+ if (extension_types[i - 1] == extension_types[i]) {
194
+ return 0;
195
+ }
196
+ }
197
+
198
+ return 1;
199
+ }
200
+
201
+ int ssl_client_hello_init(SSL *ssl, SSL_CLIENT_HELLO *out,
202
+ const SSLMessage &msg) {
203
+ OPENSSL_memset(out, 0, sizeof(*out));
204
+ out->ssl = ssl;
205
+ out->client_hello = CBS_data(&msg.body);
206
+ out->client_hello_len = CBS_len(&msg.body);
207
+
208
+ CBS client_hello, random, session_id;
209
+ CBS_init(&client_hello, out->client_hello, out->client_hello_len);
210
+ if (!CBS_get_u16(&client_hello, &out->version) ||
211
+ !CBS_get_bytes(&client_hello, &random, SSL3_RANDOM_SIZE) ||
212
+ !CBS_get_u8_length_prefixed(&client_hello, &session_id) ||
213
+ CBS_len(&session_id) > SSL_MAX_SSL_SESSION_ID_LENGTH) {
214
+ return 0;
215
+ }
216
+
217
+ out->random = CBS_data(&random);
218
+ out->random_len = CBS_len(&random);
219
+ out->session_id = CBS_data(&session_id);
220
+ out->session_id_len = CBS_len(&session_id);
221
+
222
+ // Skip past DTLS cookie
223
+ if (SSL_is_dtls(out->ssl)) {
224
+ CBS cookie;
225
+ if (!CBS_get_u8_length_prefixed(&client_hello, &cookie) ||
226
+ CBS_len(&cookie) > DTLS1_COOKIE_LENGTH) {
227
+ return 0;
228
+ }
229
+ }
230
+
231
+ CBS cipher_suites, compression_methods;
232
+ if (!CBS_get_u16_length_prefixed(&client_hello, &cipher_suites) ||
233
+ CBS_len(&cipher_suites) < 2 || (CBS_len(&cipher_suites) & 1) != 0 ||
234
+ !CBS_get_u8_length_prefixed(&client_hello, &compression_methods) ||
235
+ CBS_len(&compression_methods) < 1) {
236
+ return 0;
237
+ }
238
+
239
+ out->cipher_suites = CBS_data(&cipher_suites);
240
+ out->cipher_suites_len = CBS_len(&cipher_suites);
241
+ out->compression_methods = CBS_data(&compression_methods);
242
+ out->compression_methods_len = CBS_len(&compression_methods);
243
+
244
+ // If the ClientHello ends here then it's valid, but doesn't have any
245
+ // extensions. (E.g. SSLv3.)
246
+ if (CBS_len(&client_hello) == 0) {
247
+ out->extensions = NULL;
248
+ out->extensions_len = 0;
249
+ return 1;
250
+ }
251
+
252
+ // Extract extensions and check it is valid.
253
+ CBS extensions;
254
+ if (!CBS_get_u16_length_prefixed(&client_hello, &extensions) ||
255
+ !tls1_check_duplicate_extensions(&extensions) ||
256
+ CBS_len(&client_hello) != 0) {
257
+ return 0;
258
+ }
259
+
260
+ out->extensions = CBS_data(&extensions);
261
+ out->extensions_len = CBS_len(&extensions);
262
+
263
+ return 1;
264
+ }
265
+
266
+ int ssl_client_hello_get_extension(const SSL_CLIENT_HELLO *client_hello,
267
+ CBS *out, uint16_t extension_type) {
268
+ CBS extensions;
269
+ CBS_init(&extensions, client_hello->extensions, client_hello->extensions_len);
270
+ while (CBS_len(&extensions) != 0) {
271
+ // Decode the next extension.
272
+ uint16_t type;
273
+ CBS extension;
274
+ if (!CBS_get_u16(&extensions, &type) ||
275
+ !CBS_get_u16_length_prefixed(&extensions, &extension)) {
276
+ return 0;
277
+ }
278
+
279
+ if (type == extension_type) {
280
+ *out = extension;
281
+ return 1;
282
+ }
283
+ }
284
+
285
+ return 0;
286
+ }
287
+
288
+ static const uint16_t kDefaultGroups[] = {
289
+ SSL_CURVE_X25519,
290
+ SSL_CURVE_SECP256R1,
291
+ SSL_CURVE_SECP384R1,
292
+ };
293
+
294
+ Span<const uint16_t> tls1_get_grouplist(const SSL *ssl) {
295
+ if (ssl->supported_group_list != nullptr) {
296
+ return MakeConstSpan(ssl->supported_group_list,
297
+ ssl->supported_group_list_len);
298
+ }
299
+ return Span<const uint16_t>(kDefaultGroups);
300
+ }
301
+
302
+ int tls1_get_shared_group(SSL_HANDSHAKE *hs, uint16_t *out_group_id) {
303
+ SSL *const ssl = hs->ssl;
304
+ assert(ssl->server);
305
+
306
+ // Clients are not required to send a supported_groups extension. In this
307
+ // case, the server is free to pick any group it likes. See RFC 4492,
308
+ // section 4, paragraph 3.
309
+ //
310
+ // However, in the interests of compatibility, we will skip ECDH if the
311
+ // client didn't send an extension because we can't be sure that they'll
312
+ // support our favoured group. Thus we do not special-case an emtpy
313
+ // |peer_supported_group_list|.
314
+
315
+ Span<const uint16_t> groups = tls1_get_grouplist(ssl);
316
+ Span<const uint16_t> pref, supp;
317
+ if (ssl->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
318
+ pref = groups;
319
+ supp = hs->peer_supported_group_list;
320
+ } else {
321
+ pref = hs->peer_supported_group_list;
322
+ supp = groups;
323
+ }
324
+
325
+ for (uint16_t pref_group : pref) {
326
+ for (uint16_t supp_group : supp) {
327
+ if (pref_group == supp_group) {
328
+ *out_group_id = pref_group;
329
+ return 1;
330
+ }
331
+ }
332
+ }
333
+
334
+ return 0;
335
+ }
336
+
337
+ int tls1_set_curves(uint16_t **out_group_ids, size_t *out_group_ids_len,
338
+ const int *curves, size_t ncurves) {
339
+ uint16_t *group_ids = (uint16_t *)OPENSSL_malloc(ncurves * sizeof(uint16_t));
340
+ if (group_ids == NULL) {
341
+ return 0;
342
+ }
343
+
344
+ for (size_t i = 0; i < ncurves; i++) {
345
+ if (!ssl_nid_to_group_id(&group_ids[i], curves[i])) {
346
+ OPENSSL_free(group_ids);
347
+ return 0;
348
+ }
349
+ }
350
+
351
+ OPENSSL_free(*out_group_ids);
352
+ *out_group_ids = group_ids;
353
+ *out_group_ids_len = ncurves;
354
+
355
+ return 1;
356
+ }
357
+
358
+ int tls1_set_curves_list(uint16_t **out_group_ids, size_t *out_group_ids_len,
359
+ const char *curves) {
360
+ uint16_t *group_ids = NULL;
361
+ size_t ncurves = 0;
362
+
363
+ const char *col;
364
+ const char *ptr = curves;
365
+
366
+ do {
367
+ col = strchr(ptr, ':');
368
+
369
+ uint16_t group_id;
370
+ if (!ssl_name_to_group_id(&group_id, ptr,
371
+ col ? (size_t)(col - ptr) : strlen(ptr))) {
372
+ goto err;
373
+ }
374
+
375
+ uint16_t *new_group_ids = (uint16_t *)OPENSSL_realloc(
376
+ group_ids, (ncurves + 1) * sizeof(uint16_t));
377
+ if (new_group_ids == NULL) {
378
+ goto err;
379
+ }
380
+ group_ids = new_group_ids;
381
+
382
+ group_ids[ncurves] = group_id;
383
+ ncurves++;
384
+
385
+ if (col) {
386
+ ptr = col + 1;
387
+ }
388
+ } while (col);
389
+
390
+ OPENSSL_free(*out_group_ids);
391
+ *out_group_ids = group_ids;
392
+ *out_group_ids_len = ncurves;
393
+
394
+ return 1;
395
+
396
+ err:
397
+ OPENSSL_free(group_ids);
398
+ return 0;
399
+ }
400
+
401
+ int tls1_check_group_id(const SSL *ssl, uint16_t group_id) {
402
+ for (uint16_t supported : tls1_get_grouplist(ssl)) {
403
+ if (supported == group_id) {
404
+ return 1;
405
+ }
406
+ }
407
+
408
+ return 0;
409
+ }
410
+
411
+ // kVerifySignatureAlgorithms is the default list of accepted signature
412
+ // algorithms for verifying.
413
+ //
414
+ // For now, RSA-PSS signature algorithms are not enabled on Android's system
415
+ // BoringSSL. Once the change in Chrome has stuck and the values are finalized,
416
+ // restore them.
417
+ static const uint16_t kVerifySignatureAlgorithms[] = {
418
+ // List our preferred algorithms first.
419
+ SSL_SIGN_ED25519,
420
+ SSL_SIGN_ECDSA_SECP256R1_SHA256,
421
+ SSL_SIGN_RSA_PSS_SHA256,
422
+ SSL_SIGN_RSA_PKCS1_SHA256,
423
+
424
+ // Larger hashes are acceptable.
425
+ SSL_SIGN_ECDSA_SECP384R1_SHA384,
426
+ SSL_SIGN_RSA_PSS_SHA384,
427
+ SSL_SIGN_RSA_PKCS1_SHA384,
428
+
429
+ SSL_SIGN_RSA_PSS_SHA512,
430
+ SSL_SIGN_RSA_PKCS1_SHA512,
431
+
432
+ // For now, SHA-1 is still accepted but least preferable.
433
+ SSL_SIGN_RSA_PKCS1_SHA1,
434
+
435
+ };
436
+
437
+ // kSignSignatureAlgorithms is the default list of supported signature
438
+ // algorithms for signing.
439
+ //
440
+ // For now, RSA-PSS signature algorithms are not enabled on Android's system
441
+ // BoringSSL. Once the change in Chrome has stuck and the values are finalized,
442
+ // restore them.
443
+ static const uint16_t kSignSignatureAlgorithms[] = {
444
+ // List our preferred algorithms first.
445
+ SSL_SIGN_ED25519,
446
+ SSL_SIGN_ECDSA_SECP256R1_SHA256,
447
+ SSL_SIGN_RSA_PSS_SHA256,
448
+ SSL_SIGN_RSA_PKCS1_SHA256,
449
+
450
+ // If needed, sign larger hashes.
451
+ //
452
+ // TODO(davidben): Determine which of these may be pruned.
453
+ SSL_SIGN_ECDSA_SECP384R1_SHA384,
454
+ SSL_SIGN_RSA_PSS_SHA384,
455
+ SSL_SIGN_RSA_PKCS1_SHA384,
456
+
457
+ SSL_SIGN_ECDSA_SECP521R1_SHA512,
458
+ SSL_SIGN_RSA_PSS_SHA512,
459
+ SSL_SIGN_RSA_PKCS1_SHA512,
460
+
461
+ // If the peer supports nothing else, sign with SHA-1.
462
+ SSL_SIGN_ECDSA_SHA1,
463
+ SSL_SIGN_RSA_PKCS1_SHA1,
464
+ };
465
+
466
+ int tls12_add_verify_sigalgs(const SSL *ssl, CBB *out) {
467
+ const uint16_t *sigalgs = kVerifySignatureAlgorithms;
468
+ size_t num_sigalgs = OPENSSL_ARRAY_SIZE(kVerifySignatureAlgorithms);
469
+ if (ssl->ctx->num_verify_sigalgs != 0) {
470
+ sigalgs = ssl->ctx->verify_sigalgs;
471
+ num_sigalgs = ssl->ctx->num_verify_sigalgs;
472
+ }
473
+
474
+ for (size_t i = 0; i < num_sigalgs; i++) {
475
+ if (sigalgs == kVerifySignatureAlgorithms &&
476
+ sigalgs[i] == SSL_SIGN_ED25519 &&
477
+ !ssl->ctx->ed25519_enabled) {
478
+ continue;
479
+ }
480
+ if (!CBB_add_u16(out, sigalgs[i])) {
481
+ return 0;
482
+ }
483
+ }
484
+
485
+ return 1;
486
+ }
487
+
488
+ int tls12_check_peer_sigalg(SSL *ssl, uint8_t *out_alert, uint16_t sigalg) {
489
+ const uint16_t *sigalgs = kVerifySignatureAlgorithms;
490
+ size_t num_sigalgs = OPENSSL_ARRAY_SIZE(kVerifySignatureAlgorithms);
491
+ if (ssl->ctx->num_verify_sigalgs != 0) {
492
+ sigalgs = ssl->ctx->verify_sigalgs;
493
+ num_sigalgs = ssl->ctx->num_verify_sigalgs;
494
+ }
495
+
496
+ for (size_t i = 0; i < num_sigalgs; i++) {
497
+ if (sigalgs == kVerifySignatureAlgorithms &&
498
+ sigalgs[i] == SSL_SIGN_ED25519 &&
499
+ !ssl->ctx->ed25519_enabled) {
500
+ continue;
501
+ }
502
+ if (sigalg == sigalgs[i]) {
503
+ return 1;
504
+ }
505
+ }
506
+
507
+ OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_SIGNATURE_TYPE);
508
+ *out_alert = SSL_AD_ILLEGAL_PARAMETER;
509
+ return 0;
510
+ }
511
+
512
+ // tls_extension represents a TLS extension that is handled internally. The
513
+ // |init| function is called for each handshake, before any other functions of
514
+ // the extension. Then the add and parse callbacks are called as needed.
515
+ //
516
+ // The parse callbacks receive a |CBS| that contains the contents of the
517
+ // extension (i.e. not including the type and length bytes). If an extension is
518
+ // not received then the parse callbacks will be called with a NULL CBS so that
519
+ // they can do any processing needed to handle the absence of an extension.
520
+ //
521
+ // The add callbacks receive a |CBB| to which the extension can be appended but
522
+ // the function is responsible for appending the type and length bytes too.
523
+ //
524
+ // All callbacks return true for success and false for error. If a parse
525
+ // function returns zero then a fatal alert with value |*out_alert| will be
526
+ // sent. If |*out_alert| isn't set, then a |decode_error| alert will be sent.
527
+ struct tls_extension {
528
+ uint16_t value;
529
+ void (*init)(SSL_HANDSHAKE *hs);
530
+
531
+ bool (*add_clienthello)(SSL_HANDSHAKE *hs, CBB *out);
532
+ bool (*parse_serverhello)(SSL_HANDSHAKE *hs, uint8_t *out_alert,
533
+ CBS *contents);
534
+
535
+ bool (*parse_clienthello)(SSL_HANDSHAKE *hs, uint8_t *out_alert,
536
+ CBS *contents);
537
+ bool (*add_serverhello)(SSL_HANDSHAKE *hs, CBB *out);
538
+ };
539
+
540
+ static bool forbid_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
541
+ CBS *contents) {
542
+ if (contents != NULL) {
543
+ // Servers MUST NOT send this extension.
544
+ *out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
545
+ OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
546
+ return false;
547
+ }
548
+
549
+ return true;
550
+ }
551
+
552
+ static bool ignore_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
553
+ CBS *contents) {
554
+ // This extension from the client is handled elsewhere.
555
+ return true;
556
+ }
557
+
558
+ static bool dont_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
559
+ return true;
560
+ }
561
+
562
+ // Server name indication (SNI).
563
+ //
564
+ // https://tools.ietf.org/html/rfc6066#section-3.
565
+
566
+ static bool ext_sni_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
567
+ SSL *const ssl = hs->ssl;
568
+ if (ssl->tlsext_hostname == NULL) {
569
+ return true;
570
+ }
571
+
572
+ CBB contents, server_name_list, name;
573
+ if (!CBB_add_u16(out, TLSEXT_TYPE_server_name) ||
574
+ !CBB_add_u16_length_prefixed(out, &contents) ||
575
+ !CBB_add_u16_length_prefixed(&contents, &server_name_list) ||
576
+ !CBB_add_u8(&server_name_list, TLSEXT_NAMETYPE_host_name) ||
577
+ !CBB_add_u16_length_prefixed(&server_name_list, &name) ||
578
+ !CBB_add_bytes(&name, (const uint8_t *)ssl->tlsext_hostname,
579
+ strlen(ssl->tlsext_hostname)) ||
580
+ !CBB_flush(out)) {
581
+ return false;
582
+ }
583
+
584
+ return true;
585
+ }
586
+
587
+ static bool ext_sni_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
588
+ CBS *contents) {
589
+ // The server may acknowledge SNI with an empty extension. We check the syntax
590
+ // but otherwise ignore this signal.
591
+ return contents == NULL || CBS_len(contents) == 0;
592
+ }
593
+
594
+ static bool ext_sni_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
595
+ CBS *contents) {
596
+ SSL *const ssl = hs->ssl;
597
+ if (contents == NULL) {
598
+ return true;
599
+ }
600
+
601
+ CBS server_name_list, host_name;
602
+ uint8_t name_type;
603
+ if (!CBS_get_u16_length_prefixed(contents, &server_name_list) ||
604
+ !CBS_get_u8(&server_name_list, &name_type) ||
605
+ // Although the server_name extension was intended to be extensible to
606
+ // new name types and multiple names, OpenSSL 1.0.x had a bug which meant
607
+ // different name types will cause an error. Further, RFC 4366 originally
608
+ // defined syntax inextensibly. RFC 6066 corrected this mistake, but
609
+ // adding new name types is no longer feasible.
610
+ //
611
+ // Act as if the extensibility does not exist to simplify parsing.
612
+ !CBS_get_u16_length_prefixed(&server_name_list, &host_name) ||
613
+ CBS_len(&server_name_list) != 0 ||
614
+ CBS_len(contents) != 0) {
615
+ return false;
616
+ }
617
+
618
+ if (name_type != TLSEXT_NAMETYPE_host_name ||
619
+ CBS_len(&host_name) == 0 ||
620
+ CBS_len(&host_name) > TLSEXT_MAXLEN_host_name ||
621
+ CBS_contains_zero_byte(&host_name)) {
622
+ *out_alert = SSL_AD_UNRECOGNIZED_NAME;
623
+ return false;
624
+ }
625
+
626
+ // Copy the hostname as a string.
627
+ char *raw = nullptr;
628
+ if (!CBS_strdup(&host_name, &raw)) {
629
+ *out_alert = SSL_AD_INTERNAL_ERROR;
630
+ return false;
631
+ }
632
+ ssl->s3->hostname.reset(raw);
633
+
634
+ hs->should_ack_sni = true;
635
+ return true;
636
+ }
637
+
638
+ static bool ext_sni_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
639
+ if (hs->ssl->s3->session_reused ||
640
+ !hs->should_ack_sni) {
641
+ return true;
642
+ }
643
+
644
+ if (!CBB_add_u16(out, TLSEXT_TYPE_server_name) ||
645
+ !CBB_add_u16(out, 0 /* length */)) {
646
+ return false;
647
+ }
648
+
649
+ return true;
650
+ }
651
+
652
+
653
+ // Renegotiation indication.
654
+ //
655
+ // https://tools.ietf.org/html/rfc5746
656
+
657
+ static bool ext_ri_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
658
+ SSL *const ssl = hs->ssl;
659
+ // Renegotiation indication is not necessary in TLS 1.3.
660
+ if (hs->min_version >= TLS1_3_VERSION) {
661
+ return true;
662
+ }
663
+
664
+ assert(ssl->s3->initial_handshake_complete ==
665
+ (ssl->s3->previous_client_finished_len != 0));
666
+
667
+ CBB contents, prev_finished;
668
+ if (!CBB_add_u16(out, TLSEXT_TYPE_renegotiate) ||
669
+ !CBB_add_u16_length_prefixed(out, &contents) ||
670
+ !CBB_add_u8_length_prefixed(&contents, &prev_finished) ||
671
+ !CBB_add_bytes(&prev_finished, ssl->s3->previous_client_finished,
672
+ ssl->s3->previous_client_finished_len) ||
673
+ !CBB_flush(out)) {
674
+ return false;
675
+ }
676
+
677
+ return true;
678
+ }
679
+
680
+ static bool ext_ri_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
681
+ CBS *contents) {
682
+ SSL *const ssl = hs->ssl;
683
+ if (contents != NULL && ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
684
+ *out_alert = SSL_AD_ILLEGAL_PARAMETER;
685
+ return false;
686
+ }
687
+
688
+ // Servers may not switch between omitting the extension and supporting it.
689
+ // See RFC 5746, sections 3.5 and 4.2.
690
+ if (ssl->s3->initial_handshake_complete &&
691
+ (contents != NULL) != ssl->s3->send_connection_binding) {
692
+ *out_alert = SSL_AD_HANDSHAKE_FAILURE;
693
+ OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_MISMATCH);
694
+ return false;
695
+ }
696
+
697
+ if (contents == NULL) {
698
+ // Strictly speaking, if we want to avoid an attack we should *always* see
699
+ // RI even on initial ServerHello because the client doesn't see any
700
+ // renegotiation during an attack. However this would mean we could not
701
+ // connect to any server which doesn't support RI.
702
+ //
703
+ // OpenSSL has |SSL_OP_LEGACY_SERVER_CONNECT| to control this, but in
704
+ // practical terms every client sets it so it's just assumed here.
705
+ return true;
706
+ }
707
+
708
+ const size_t expected_len = ssl->s3->previous_client_finished_len +
709
+ ssl->s3->previous_server_finished_len;
710
+
711
+ // Check for logic errors
712
+ assert(!expected_len || ssl->s3->previous_client_finished_len);
713
+ assert(!expected_len || ssl->s3->previous_server_finished_len);
714
+ assert(ssl->s3->initial_handshake_complete ==
715
+ (ssl->s3->previous_client_finished_len != 0));
716
+ assert(ssl->s3->initial_handshake_complete ==
717
+ (ssl->s3->previous_server_finished_len != 0));
718
+
719
+ // Parse out the extension contents.
720
+ CBS renegotiated_connection;
721
+ if (!CBS_get_u8_length_prefixed(contents, &renegotiated_connection) ||
722
+ CBS_len(contents) != 0) {
723
+ OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_ENCODING_ERR);
724
+ *out_alert = SSL_AD_ILLEGAL_PARAMETER;
725
+ return false;
726
+ }
727
+
728
+ // Check that the extension matches.
729
+ if (CBS_len(&renegotiated_connection) != expected_len) {
730
+ OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_MISMATCH);
731
+ *out_alert = SSL_AD_HANDSHAKE_FAILURE;
732
+ return false;
733
+ }
734
+
735
+ const uint8_t *d = CBS_data(&renegotiated_connection);
736
+ bool ok = CRYPTO_memcmp(d, ssl->s3->previous_client_finished,
737
+ ssl->s3->previous_client_finished_len) == 0;
738
+ #if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
739
+ ok = true;
740
+ #endif
741
+ if (!ok) {
742
+ OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_MISMATCH);
743
+ *out_alert = SSL_AD_HANDSHAKE_FAILURE;
744
+ return false;
745
+ }
746
+ d += ssl->s3->previous_client_finished_len;
747
+
748
+ ok = CRYPTO_memcmp(d, ssl->s3->previous_server_finished,
749
+ ssl->s3->previous_server_finished_len) == 0;
750
+ #if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
751
+ ok = true;
752
+ #endif
753
+ if (!ok) {
754
+ OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_MISMATCH);
755
+ *out_alert = SSL_AD_HANDSHAKE_FAILURE;
756
+ return false;
757
+ }
758
+ ssl->s3->send_connection_binding = true;
759
+
760
+ return true;
761
+ }
762
+
763
+ static bool ext_ri_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
764
+ CBS *contents) {
765
+ SSL *const ssl = hs->ssl;
766
+ // Renegotiation isn't supported as a server so this function should never be
767
+ // called after the initial handshake.
768
+ assert(!ssl->s3->initial_handshake_complete);
769
+
770
+ if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
771
+ return true;
772
+ }
773
+
774
+ if (contents == NULL) {
775
+ return true;
776
+ }
777
+
778
+ CBS renegotiated_connection;
779
+ if (!CBS_get_u8_length_prefixed(contents, &renegotiated_connection) ||
780
+ CBS_len(contents) != 0) {
781
+ OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_ENCODING_ERR);
782
+ return false;
783
+ }
784
+
785
+ // Check that the extension matches. We do not support renegotiation as a
786
+ // server, so this must be empty.
787
+ if (CBS_len(&renegotiated_connection) != 0) {
788
+ OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_MISMATCH);
789
+ *out_alert = SSL_AD_HANDSHAKE_FAILURE;
790
+ return false;
791
+ }
792
+
793
+ ssl->s3->send_connection_binding = true;
794
+
795
+ return true;
796
+ }
797
+
798
+ static bool ext_ri_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
799
+ SSL *const ssl = hs->ssl;
800
+ // Renegotiation isn't supported as a server so this function should never be
801
+ // called after the initial handshake.
802
+ assert(!ssl->s3->initial_handshake_complete);
803
+
804
+ if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
805
+ return true;
806
+ }
807
+
808
+ if (!CBB_add_u16(out, TLSEXT_TYPE_renegotiate) ||
809
+ !CBB_add_u16(out, 1 /* length */) ||
810
+ !CBB_add_u8(out, 0 /* empty renegotiation info */)) {
811
+ return false;
812
+ }
813
+
814
+ return true;
815
+ }
816
+
817
+
818
+ // Extended Master Secret.
819
+ //
820
+ // https://tools.ietf.org/html/rfc7627
821
+
822
+ static bool ext_ems_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
823
+ // Extended master secret is not necessary in TLS 1.3.
824
+ if (hs->min_version >= TLS1_3_VERSION || hs->max_version <= SSL3_VERSION) {
825
+ return true;
826
+ }
827
+
828
+ if (!CBB_add_u16(out, TLSEXT_TYPE_extended_master_secret) ||
829
+ !CBB_add_u16(out, 0 /* length */)) {
830
+ return false;
831
+ }
832
+
833
+ return true;
834
+ }
835
+
836
+ static bool ext_ems_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
837
+ CBS *contents) {
838
+ SSL *const ssl = hs->ssl;
839
+
840
+ if (contents != NULL) {
841
+ if (ssl_protocol_version(ssl) >= TLS1_3_VERSION ||
842
+ ssl->version == SSL3_VERSION ||
843
+ CBS_len(contents) != 0) {
844
+ return false;
845
+ }
846
+
847
+ hs->extended_master_secret = true;
848
+ }
849
+
850
+ // Whether EMS is negotiated may not change on renegotiation.
851
+ if (ssl->s3->established_session != nullptr &&
852
+ hs->extended_master_secret !=
853
+ !!ssl->s3->established_session->extended_master_secret) {
854
+ OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_EMS_MISMATCH);
855
+ *out_alert = SSL_AD_ILLEGAL_PARAMETER;
856
+ return false;
857
+ }
858
+
859
+ return true;
860
+ }
861
+
862
+ static bool ext_ems_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
863
+ CBS *contents) {
864
+ uint16_t version = ssl_protocol_version(hs->ssl);
865
+ if (version >= TLS1_3_VERSION ||
866
+ version == SSL3_VERSION) {
867
+ return true;
868
+ }
869
+
870
+ if (contents == NULL) {
871
+ return true;
872
+ }
873
+
874
+ if (CBS_len(contents) != 0) {
875
+ return false;
876
+ }
877
+
878
+ hs->extended_master_secret = true;
879
+ return true;
880
+ }
881
+
882
+ static bool ext_ems_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
883
+ if (!hs->extended_master_secret) {
884
+ return true;
885
+ }
886
+
887
+ if (!CBB_add_u16(out, TLSEXT_TYPE_extended_master_secret) ||
888
+ !CBB_add_u16(out, 0 /* length */)) {
889
+ return false;
890
+ }
891
+
892
+ return true;
893
+ }
894
+
895
+
896
+ // Session tickets.
897
+ //
898
+ // https://tools.ietf.org/html/rfc5077
899
+
900
+ static bool ext_ticket_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
901
+ SSL *const ssl = hs->ssl;
902
+ // TLS 1.3 uses a different ticket extension.
903
+ if (hs->min_version >= TLS1_3_VERSION ||
904
+ SSL_get_options(ssl) & SSL_OP_NO_TICKET) {
905
+ return true;
906
+ }
907
+
908
+ const uint8_t *ticket_data = NULL;
909
+ int ticket_len = 0;
910
+
911
+ // Renegotiation does not participate in session resumption. However, still
912
+ // advertise the extension to avoid potentially breaking servers which carry
913
+ // over the state from the previous handshake, such as OpenSSL servers
914
+ // without upstream's 3c3f0259238594d77264a78944d409f2127642c4.
915
+ if (!ssl->s3->initial_handshake_complete &&
916
+ ssl->session != NULL &&
917
+ ssl->session->tlsext_tick != NULL &&
918
+ // Don't send TLS 1.3 session tickets in the ticket extension.
919
+ ssl_session_protocol_version(ssl->session) < TLS1_3_VERSION) {
920
+ ticket_data = ssl->session->tlsext_tick;
921
+ ticket_len = ssl->session->tlsext_ticklen;
922
+ }
923
+
924
+ CBB ticket;
925
+ if (!CBB_add_u16(out, TLSEXT_TYPE_session_ticket) ||
926
+ !CBB_add_u16_length_prefixed(out, &ticket) ||
927
+ !CBB_add_bytes(&ticket, ticket_data, ticket_len) ||
928
+ !CBB_flush(out)) {
929
+ return false;
930
+ }
931
+
932
+ return true;
933
+ }
934
+
935
+ static bool ext_ticket_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
936
+ CBS *contents) {
937
+ SSL *const ssl = hs->ssl;
938
+ if (contents == NULL) {
939
+ return true;
940
+ }
941
+
942
+ if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
943
+ return false;
944
+ }
945
+
946
+ // If |SSL_OP_NO_TICKET| is set then no extension will have been sent and
947
+ // this function should never be called, even if the server tries to send the
948
+ // extension.
949
+ assert((SSL_get_options(ssl) & SSL_OP_NO_TICKET) == 0);
950
+
951
+ if (CBS_len(contents) != 0) {
952
+ return false;
953
+ }
954
+
955
+ hs->ticket_expected = true;
956
+ return true;
957
+ }
958
+
959
+ static bool ext_ticket_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
960
+ if (!hs->ticket_expected) {
961
+ return true;
962
+ }
963
+
964
+ // If |SSL_OP_NO_TICKET| is set, |ticket_expected| should never be true.
965
+ assert((SSL_get_options(hs->ssl) & SSL_OP_NO_TICKET) == 0);
966
+
967
+ if (!CBB_add_u16(out, TLSEXT_TYPE_session_ticket) ||
968
+ !CBB_add_u16(out, 0 /* length */)) {
969
+ return false;
970
+ }
971
+
972
+ return true;
973
+ }
974
+
975
+
976
+ // Signature Algorithms.
977
+ //
978
+ // https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
979
+
980
+ static bool ext_sigalgs_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
981
+ SSL *const ssl = hs->ssl;
982
+ if (hs->max_version < TLS1_2_VERSION) {
983
+ return true;
984
+ }
985
+
986
+ CBB contents, sigalgs_cbb;
987
+ if (!CBB_add_u16(out, TLSEXT_TYPE_signature_algorithms) ||
988
+ !CBB_add_u16_length_prefixed(out, &contents) ||
989
+ !CBB_add_u16_length_prefixed(&contents, &sigalgs_cbb) ||
990
+ !tls12_add_verify_sigalgs(ssl, &sigalgs_cbb) ||
991
+ !CBB_flush(out)) {
992
+ return false;
993
+ }
994
+
995
+ return true;
996
+ }
997
+
998
+ static bool ext_sigalgs_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
999
+ CBS *contents) {
1000
+ hs->peer_sigalgs.Reset();
1001
+ if (contents == NULL) {
1002
+ return true;
1003
+ }
1004
+
1005
+ CBS supported_signature_algorithms;
1006
+ if (!CBS_get_u16_length_prefixed(contents, &supported_signature_algorithms) ||
1007
+ CBS_len(contents) != 0 ||
1008
+ CBS_len(&supported_signature_algorithms) == 0 ||
1009
+ !tls1_parse_peer_sigalgs(hs, &supported_signature_algorithms)) {
1010
+ return false;
1011
+ }
1012
+
1013
+ return true;
1014
+ }
1015
+
1016
+
1017
+ // OCSP Stapling.
1018
+ //
1019
+ // https://tools.ietf.org/html/rfc6066#section-8
1020
+
1021
+ static bool ext_ocsp_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
1022
+ SSL *const ssl = hs->ssl;
1023
+ if (!ssl->ocsp_stapling_enabled) {
1024
+ return true;
1025
+ }
1026
+
1027
+ CBB contents;
1028
+ if (!CBB_add_u16(out, TLSEXT_TYPE_status_request) ||
1029
+ !CBB_add_u16_length_prefixed(out, &contents) ||
1030
+ !CBB_add_u8(&contents, TLSEXT_STATUSTYPE_ocsp) ||
1031
+ !CBB_add_u16(&contents, 0 /* empty responder ID list */) ||
1032
+ !CBB_add_u16(&contents, 0 /* empty request extensions */) ||
1033
+ !CBB_flush(out)) {
1034
+ return false;
1035
+ }
1036
+
1037
+ return true;
1038
+ }
1039
+
1040
+ static bool ext_ocsp_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
1041
+ CBS *contents) {
1042
+ SSL *const ssl = hs->ssl;
1043
+ if (contents == NULL) {
1044
+ return true;
1045
+ }
1046
+
1047
+ // TLS 1.3 OCSP responses are included in the Certificate extensions.
1048
+ if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
1049
+ return false;
1050
+ }
1051
+
1052
+ // OCSP stapling is forbidden on non-certificate ciphers.
1053
+ if (CBS_len(contents) != 0 ||
1054
+ !ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
1055
+ return false;
1056
+ }
1057
+
1058
+ // Note this does not check for resumption in TLS 1.2. Sending
1059
+ // status_request here does not make sense, but OpenSSL does so and the
1060
+ // specification does not say anything. Tolerate it but ignore it.
1061
+
1062
+ hs->certificate_status_expected = true;
1063
+ return true;
1064
+ }
1065
+
1066
+ static bool ext_ocsp_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
1067
+ CBS *contents) {
1068
+ if (contents == NULL) {
1069
+ return true;
1070
+ }
1071
+
1072
+ uint8_t status_type;
1073
+ if (!CBS_get_u8(contents, &status_type)) {
1074
+ return false;
1075
+ }
1076
+
1077
+ // We cannot decide whether OCSP stapling will occur yet because the correct
1078
+ // SSL_CTX might not have been selected.
1079
+ hs->ocsp_stapling_requested = status_type == TLSEXT_STATUSTYPE_ocsp;
1080
+
1081
+ return true;
1082
+ }
1083
+
1084
+ static bool ext_ocsp_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
1085
+ SSL *const ssl = hs->ssl;
1086
+ if (ssl_protocol_version(ssl) >= TLS1_3_VERSION ||
1087
+ !hs->ocsp_stapling_requested ||
1088
+ ssl->cert->ocsp_response == NULL ||
1089
+ ssl->s3->session_reused ||
1090
+ !ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
1091
+ return true;
1092
+ }
1093
+
1094
+ hs->certificate_status_expected = true;
1095
+
1096
+ return CBB_add_u16(out, TLSEXT_TYPE_status_request) &&
1097
+ CBB_add_u16(out, 0 /* length */);
1098
+ }
1099
+
1100
+
1101
+ // Next protocol negotiation.
1102
+ //
1103
+ // https://htmlpreview.github.io/?https://github.com/agl/technotes/blob/master/nextprotoneg.html
1104
+
1105
+ static bool ext_npn_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
1106
+ SSL *const ssl = hs->ssl;
1107
+ if (ssl->s3->initial_handshake_complete ||
1108
+ ssl->ctx->next_proto_select_cb == NULL ||
1109
+ SSL_is_dtls(ssl)) {
1110
+ return true;
1111
+ }
1112
+
1113
+ if (!CBB_add_u16(out, TLSEXT_TYPE_next_proto_neg) ||
1114
+ !CBB_add_u16(out, 0 /* length */)) {
1115
+ return false;
1116
+ }
1117
+
1118
+ return true;
1119
+ }
1120
+
1121
+ static bool ext_npn_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
1122
+ CBS *contents) {
1123
+ SSL *const ssl = hs->ssl;
1124
+ if (contents == NULL) {
1125
+ return true;
1126
+ }
1127
+
1128
+ if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
1129
+ return false;
1130
+ }
1131
+
1132
+ // If any of these are false then we should never have sent the NPN
1133
+ // extension in the ClientHello and thus this function should never have been
1134
+ // called.
1135
+ assert(!ssl->s3->initial_handshake_complete);
1136
+ assert(!SSL_is_dtls(ssl));
1137
+ assert(ssl->ctx->next_proto_select_cb != NULL);
1138
+
1139
+ if (!ssl->s3->alpn_selected.empty()) {
1140
+ // NPN and ALPN may not be negotiated in the same connection.
1141
+ *out_alert = SSL_AD_ILLEGAL_PARAMETER;
1142
+ OPENSSL_PUT_ERROR(SSL, SSL_R_NEGOTIATED_BOTH_NPN_AND_ALPN);
1143
+ return false;
1144
+ }
1145
+
1146
+ const uint8_t *const orig_contents = CBS_data(contents);
1147
+ const size_t orig_len = CBS_len(contents);
1148
+
1149
+ while (CBS_len(contents) != 0) {
1150
+ CBS proto;
1151
+ if (!CBS_get_u8_length_prefixed(contents, &proto) ||
1152
+ CBS_len(&proto) == 0) {
1153
+ return false;
1154
+ }
1155
+ }
1156
+
1157
+ uint8_t *selected;
1158
+ uint8_t selected_len;
1159
+ if (ssl->ctx->next_proto_select_cb(
1160
+ ssl, &selected, &selected_len, orig_contents, orig_len,
1161
+ ssl->ctx->next_proto_select_cb_arg) != SSL_TLSEXT_ERR_OK ||
1162
+ !ssl->s3->next_proto_negotiated.CopyFrom(
1163
+ MakeConstSpan(selected, selected_len))) {
1164
+ *out_alert = SSL_AD_INTERNAL_ERROR;
1165
+ return false;
1166
+ }
1167
+
1168
+ hs->next_proto_neg_seen = true;
1169
+ return true;
1170
+ }
1171
+
1172
+ static bool ext_npn_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
1173
+ CBS *contents) {
1174
+ SSL *const ssl = hs->ssl;
1175
+ if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
1176
+ return true;
1177
+ }
1178
+
1179
+ if (contents != NULL && CBS_len(contents) != 0) {
1180
+ return false;
1181
+ }
1182
+
1183
+ if (contents == NULL ||
1184
+ ssl->s3->initial_handshake_complete ||
1185
+ ssl->ctx->next_protos_advertised_cb == NULL ||
1186
+ SSL_is_dtls(ssl)) {
1187
+ return true;
1188
+ }
1189
+
1190
+ hs->next_proto_neg_seen = true;
1191
+ return true;
1192
+ }
1193
+
1194
+ static bool ext_npn_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
1195
+ SSL *const ssl = hs->ssl;
1196
+ // |next_proto_neg_seen| might have been cleared when an ALPN extension was
1197
+ // parsed.
1198
+ if (!hs->next_proto_neg_seen) {
1199
+ return true;
1200
+ }
1201
+
1202
+ const uint8_t *npa;
1203
+ unsigned npa_len;
1204
+
1205
+ if (ssl->ctx->next_protos_advertised_cb(
1206
+ ssl, &npa, &npa_len, ssl->ctx->next_protos_advertised_cb_arg) !=
1207
+ SSL_TLSEXT_ERR_OK) {
1208
+ hs->next_proto_neg_seen = false;
1209
+ return true;
1210
+ }
1211
+
1212
+ CBB contents;
1213
+ if (!CBB_add_u16(out, TLSEXT_TYPE_next_proto_neg) ||
1214
+ !CBB_add_u16_length_prefixed(out, &contents) ||
1215
+ !CBB_add_bytes(&contents, npa, npa_len) ||
1216
+ !CBB_flush(out)) {
1217
+ return false;
1218
+ }
1219
+
1220
+ return true;
1221
+ }
1222
+
1223
+
1224
+ // Signed certificate timestamps.
1225
+ //
1226
+ // https://tools.ietf.org/html/rfc6962#section-3.3.1
1227
+
1228
+ static bool ext_sct_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
1229
+ SSL *const ssl = hs->ssl;
1230
+ if (!ssl->signed_cert_timestamps_enabled) {
1231
+ return true;
1232
+ }
1233
+
1234
+ if (!CBB_add_u16(out, TLSEXT_TYPE_certificate_timestamp) ||
1235
+ !CBB_add_u16(out, 0 /* length */)) {
1236
+ return false;
1237
+ }
1238
+
1239
+ return true;
1240
+ }
1241
+
1242
+ static bool ext_sct_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
1243
+ CBS *contents) {
1244
+ SSL *const ssl = hs->ssl;
1245
+ if (contents == NULL) {
1246
+ return true;
1247
+ }
1248
+
1249
+ // TLS 1.3 SCTs are included in the Certificate extensions.
1250
+ if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
1251
+ *out_alert = SSL_AD_DECODE_ERROR;
1252
+ return false;
1253
+ }
1254
+
1255
+ // If this is false then we should never have sent the SCT extension in the
1256
+ // ClientHello and thus this function should never have been called.
1257
+ assert(ssl->signed_cert_timestamps_enabled);
1258
+
1259
+ if (!ssl_is_sct_list_valid(contents)) {
1260
+ *out_alert = SSL_AD_DECODE_ERROR;
1261
+ return false;
1262
+ }
1263
+
1264
+ // Session resumption uses the original session information. The extension
1265
+ // should not be sent on resumption, but RFC 6962 did not make it a
1266
+ // requirement, so tolerate this.
1267
+ //
1268
+ // TODO(davidben): Enforce this anyway.
1269
+ if (!ssl->s3->session_reused) {
1270
+ CRYPTO_BUFFER_free(hs->new_session->signed_cert_timestamp_list);
1271
+ hs->new_session->signed_cert_timestamp_list =
1272
+ CRYPTO_BUFFER_new_from_CBS(contents, ssl->ctx->pool);
1273
+ if (hs->new_session->signed_cert_timestamp_list == nullptr) {
1274
+ *out_alert = SSL_AD_INTERNAL_ERROR;
1275
+ return false;
1276
+ }
1277
+ }
1278
+
1279
+ return true;
1280
+ }
1281
+
1282
+ static bool ext_sct_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
1283
+ CBS *contents) {
1284
+ if (contents == NULL) {
1285
+ return true;
1286
+ }
1287
+
1288
+ if (CBS_len(contents) != 0) {
1289
+ return false;
1290
+ }
1291
+
1292
+ hs->scts_requested = true;
1293
+ return true;
1294
+ }
1295
+
1296
+ static bool ext_sct_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
1297
+ SSL *const ssl = hs->ssl;
1298
+ // The extension shouldn't be sent when resuming sessions.
1299
+ if (ssl_protocol_version(ssl) >= TLS1_3_VERSION ||
1300
+ ssl->s3->session_reused ||
1301
+ ssl->cert->signed_cert_timestamp_list == NULL) {
1302
+ return true;
1303
+ }
1304
+
1305
+ CBB contents;
1306
+ return CBB_add_u16(out, TLSEXT_TYPE_certificate_timestamp) &&
1307
+ CBB_add_u16_length_prefixed(out, &contents) &&
1308
+ CBB_add_bytes(
1309
+ &contents,
1310
+ CRYPTO_BUFFER_data(ssl->cert->signed_cert_timestamp_list),
1311
+ CRYPTO_BUFFER_len(ssl->cert->signed_cert_timestamp_list)) &&
1312
+ CBB_flush(out);
1313
+ }
1314
+
1315
+
1316
+ // Application-level Protocol Negotiation.
1317
+ //
1318
+ // https://tools.ietf.org/html/rfc7301
1319
+
1320
+ static bool ext_alpn_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
1321
+ SSL *const ssl = hs->ssl;
1322
+ if (ssl->alpn_client_proto_list == NULL ||
1323
+ ssl->s3->initial_handshake_complete) {
1324
+ return true;
1325
+ }
1326
+
1327
+ CBB contents, proto_list;
1328
+ if (!CBB_add_u16(out, TLSEXT_TYPE_application_layer_protocol_negotiation) ||
1329
+ !CBB_add_u16_length_prefixed(out, &contents) ||
1330
+ !CBB_add_u16_length_prefixed(&contents, &proto_list) ||
1331
+ !CBB_add_bytes(&proto_list, ssl->alpn_client_proto_list,
1332
+ ssl->alpn_client_proto_list_len) ||
1333
+ !CBB_flush(out)) {
1334
+ return false;
1335
+ }
1336
+
1337
+ return true;
1338
+ }
1339
+
1340
+ static bool ext_alpn_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
1341
+ CBS *contents) {
1342
+ SSL *const ssl = hs->ssl;
1343
+ if (contents == NULL) {
1344
+ return true;
1345
+ }
1346
+
1347
+ assert(!ssl->s3->initial_handshake_complete);
1348
+ assert(ssl->alpn_client_proto_list != NULL);
1349
+
1350
+ if (hs->next_proto_neg_seen) {
1351
+ // NPN and ALPN may not be negotiated in the same connection.
1352
+ *out_alert = SSL_AD_ILLEGAL_PARAMETER;
1353
+ OPENSSL_PUT_ERROR(SSL, SSL_R_NEGOTIATED_BOTH_NPN_AND_ALPN);
1354
+ return false;
1355
+ }
1356
+
1357
+ // The extension data consists of a ProtocolNameList which must have
1358
+ // exactly one ProtocolName. Each of these is length-prefixed.
1359
+ CBS protocol_name_list, protocol_name;
1360
+ if (!CBS_get_u16_length_prefixed(contents, &protocol_name_list) ||
1361
+ CBS_len(contents) != 0 ||
1362
+ !CBS_get_u8_length_prefixed(&protocol_name_list, &protocol_name) ||
1363
+ // Empty protocol names are forbidden.
1364
+ CBS_len(&protocol_name) == 0 ||
1365
+ CBS_len(&protocol_name_list) != 0) {
1366
+ return false;
1367
+ }
1368
+
1369
+ if (!ssl_is_alpn_protocol_allowed(ssl, protocol_name)) {
1370
+ OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_ALPN_PROTOCOL);
1371
+ *out_alert = SSL_AD_ILLEGAL_PARAMETER;
1372
+ return false;
1373
+ }
1374
+
1375
+ if (!ssl->s3->alpn_selected.CopyFrom(protocol_name)) {
1376
+ *out_alert = SSL_AD_INTERNAL_ERROR;
1377
+ return false;
1378
+ }
1379
+
1380
+ return true;
1381
+ }
1382
+
1383
+ bool ssl_is_alpn_protocol_allowed(const SSL *ssl,
1384
+ Span<const uint8_t> protocol) {
1385
+ if (ssl->alpn_client_proto_list == nullptr) {
1386
+ return false;
1387
+ }
1388
+
1389
+ if (ssl->ctx->allow_unknown_alpn_protos) {
1390
+ return true;
1391
+ }
1392
+
1393
+ // Check that the protocol name is one of the ones we advertised.
1394
+ CBS client_protocol_name_list, client_protocol_name;
1395
+ CBS_init(&client_protocol_name_list, ssl->alpn_client_proto_list,
1396
+ ssl->alpn_client_proto_list_len);
1397
+ while (CBS_len(&client_protocol_name_list) > 0) {
1398
+ if (!CBS_get_u8_length_prefixed(&client_protocol_name_list,
1399
+ &client_protocol_name)) {
1400
+ return false;
1401
+ }
1402
+
1403
+ if (client_protocol_name == protocol) {
1404
+ return true;
1405
+ }
1406
+ }
1407
+
1408
+ return false;
1409
+ }
1410
+
1411
+ bool ssl_negotiate_alpn(SSL_HANDSHAKE *hs, uint8_t *out_alert,
1412
+ const SSL_CLIENT_HELLO *client_hello) {
1413
+ SSL *const ssl = hs->ssl;
1414
+ CBS contents;
1415
+ if (ssl->ctx->alpn_select_cb == NULL ||
1416
+ !ssl_client_hello_get_extension(
1417
+ client_hello, &contents,
1418
+ TLSEXT_TYPE_application_layer_protocol_negotiation)) {
1419
+ // Ignore ALPN if not configured or no extension was supplied.
1420
+ return true;
1421
+ }
1422
+
1423
+ // ALPN takes precedence over NPN.
1424
+ hs->next_proto_neg_seen = false;
1425
+
1426
+ CBS protocol_name_list;
1427
+ if (!CBS_get_u16_length_prefixed(&contents, &protocol_name_list) ||
1428
+ CBS_len(&contents) != 0 ||
1429
+ CBS_len(&protocol_name_list) < 2) {
1430
+ OPENSSL_PUT_ERROR(SSL, SSL_R_PARSE_TLSEXT);
1431
+ *out_alert = SSL_AD_DECODE_ERROR;
1432
+ return false;
1433
+ }
1434
+
1435
+ // Validate the protocol list.
1436
+ CBS protocol_name_list_copy = protocol_name_list;
1437
+ while (CBS_len(&protocol_name_list_copy) > 0) {
1438
+ CBS protocol_name;
1439
+
1440
+ if (!CBS_get_u8_length_prefixed(&protocol_name_list_copy, &protocol_name) ||
1441
+ // Empty protocol names are forbidden.
1442
+ CBS_len(&protocol_name) == 0) {
1443
+ OPENSSL_PUT_ERROR(SSL, SSL_R_PARSE_TLSEXT);
1444
+ *out_alert = SSL_AD_DECODE_ERROR;
1445
+ return false;
1446
+ }
1447
+ }
1448
+
1449
+ const uint8_t *selected;
1450
+ uint8_t selected_len;
1451
+ if (ssl->ctx->alpn_select_cb(
1452
+ ssl, &selected, &selected_len, CBS_data(&protocol_name_list),
1453
+ CBS_len(&protocol_name_list),
1454
+ ssl->ctx->alpn_select_cb_arg) == SSL_TLSEXT_ERR_OK) {
1455
+ if (!ssl->s3->alpn_selected.CopyFrom(
1456
+ MakeConstSpan(selected, selected_len))) {
1457
+ *out_alert = SSL_AD_INTERNAL_ERROR;
1458
+ return false;
1459
+ }
1460
+ }
1461
+
1462
+ return true;
1463
+ }
1464
+
1465
+ static bool ext_alpn_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
1466
+ SSL *const ssl = hs->ssl;
1467
+ if (ssl->s3->alpn_selected.empty()) {
1468
+ return true;
1469
+ }
1470
+
1471
+ CBB contents, proto_list, proto;
1472
+ if (!CBB_add_u16(out, TLSEXT_TYPE_application_layer_protocol_negotiation) ||
1473
+ !CBB_add_u16_length_prefixed(out, &contents) ||
1474
+ !CBB_add_u16_length_prefixed(&contents, &proto_list) ||
1475
+ !CBB_add_u8_length_prefixed(&proto_list, &proto) ||
1476
+ !CBB_add_bytes(&proto, ssl->s3->alpn_selected.data(),
1477
+ ssl->s3->alpn_selected.size()) ||
1478
+ !CBB_flush(out)) {
1479
+ return false;
1480
+ }
1481
+
1482
+ return true;
1483
+ }
1484
+
1485
+
1486
+ // Channel ID.
1487
+ //
1488
+ // https://tools.ietf.org/html/draft-balfanz-tls-channelid-01
1489
+
1490
+ static void ext_channel_id_init(SSL_HANDSHAKE *hs) {
1491
+ hs->ssl->s3->tlsext_channel_id_valid = false;
1492
+ }
1493
+
1494
+ static bool ext_channel_id_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
1495
+ SSL *const ssl = hs->ssl;
1496
+ if (!ssl->tlsext_channel_id_enabled ||
1497
+ SSL_is_dtls(ssl)) {
1498
+ return true;
1499
+ }
1500
+
1501
+ if (!CBB_add_u16(out, TLSEXT_TYPE_channel_id) ||
1502
+ !CBB_add_u16(out, 0 /* length */)) {
1503
+ return false;
1504
+ }
1505
+
1506
+ return true;
1507
+ }
1508
+
1509
+ static bool ext_channel_id_parse_serverhello(SSL_HANDSHAKE *hs,
1510
+ uint8_t *out_alert,
1511
+ CBS *contents) {
1512
+ SSL *const ssl = hs->ssl;
1513
+ if (contents == NULL) {
1514
+ return true;
1515
+ }
1516
+
1517
+ assert(!SSL_is_dtls(ssl));
1518
+ assert(ssl->tlsext_channel_id_enabled);
1519
+
1520
+ if (CBS_len(contents) != 0) {
1521
+ return false;
1522
+ }
1523
+
1524
+ ssl->s3->tlsext_channel_id_valid = true;
1525
+ return true;
1526
+ }
1527
+
1528
+ static bool ext_channel_id_parse_clienthello(SSL_HANDSHAKE *hs,
1529
+ uint8_t *out_alert,
1530
+ CBS *contents) {
1531
+ SSL *const ssl = hs->ssl;
1532
+ if (contents == NULL ||
1533
+ !ssl->tlsext_channel_id_enabled ||
1534
+ SSL_is_dtls(ssl)) {
1535
+ return true;
1536
+ }
1537
+
1538
+ if (CBS_len(contents) != 0) {
1539
+ return false;
1540
+ }
1541
+
1542
+ ssl->s3->tlsext_channel_id_valid = true;
1543
+ return true;
1544
+ }
1545
+
1546
+ static bool ext_channel_id_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
1547
+ SSL *const ssl = hs->ssl;
1548
+ if (!ssl->s3->tlsext_channel_id_valid) {
1549
+ return true;
1550
+ }
1551
+
1552
+ if (!CBB_add_u16(out, TLSEXT_TYPE_channel_id) ||
1553
+ !CBB_add_u16(out, 0 /* length */)) {
1554
+ return false;
1555
+ }
1556
+
1557
+ return true;
1558
+ }
1559
+
1560
+
1561
+ // Secure Real-time Transport Protocol (SRTP) extension.
1562
+ //
1563
+ // https://tools.ietf.org/html/rfc5764
1564
+
1565
+
1566
+ static void ext_srtp_init(SSL_HANDSHAKE *hs) {
1567
+ hs->ssl->srtp_profile = NULL;
1568
+ }
1569
+
1570
+ static bool ext_srtp_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
1571
+ SSL *const ssl = hs->ssl;
1572
+ STACK_OF(SRTP_PROTECTION_PROFILE) *profiles = SSL_get_srtp_profiles(ssl);
1573
+ if (profiles == NULL ||
1574
+ sk_SRTP_PROTECTION_PROFILE_num(profiles) == 0) {
1575
+ return true;
1576
+ }
1577
+
1578
+ CBB contents, profile_ids;
1579
+ if (!CBB_add_u16(out, TLSEXT_TYPE_srtp) ||
1580
+ !CBB_add_u16_length_prefixed(out, &contents) ||
1581
+ !CBB_add_u16_length_prefixed(&contents, &profile_ids)) {
1582
+ return false;
1583
+ }
1584
+
1585
+ for (const SRTP_PROTECTION_PROFILE *profile : profiles) {
1586
+ if (!CBB_add_u16(&profile_ids, profile->id)) {
1587
+ return false;
1588
+ }
1589
+ }
1590
+
1591
+ if (!CBB_add_u8(&contents, 0 /* empty use_mki value */) ||
1592
+ !CBB_flush(out)) {
1593
+ return false;
1594
+ }
1595
+
1596
+ return true;
1597
+ }
1598
+
1599
+ static bool ext_srtp_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
1600
+ CBS *contents) {
1601
+ SSL *const ssl = hs->ssl;
1602
+ if (contents == NULL) {
1603
+ return true;
1604
+ }
1605
+
1606
+ // The extension consists of a u16-prefixed profile ID list containing a
1607
+ // single uint16_t profile ID, then followed by a u8-prefixed srtp_mki field.
1608
+ //
1609
+ // See https://tools.ietf.org/html/rfc5764#section-4.1.1
1610
+ CBS profile_ids, srtp_mki;
1611
+ uint16_t profile_id;
1612
+ if (!CBS_get_u16_length_prefixed(contents, &profile_ids) ||
1613
+ !CBS_get_u16(&profile_ids, &profile_id) ||
1614
+ CBS_len(&profile_ids) != 0 ||
1615
+ !CBS_get_u8_length_prefixed(contents, &srtp_mki) ||
1616
+ CBS_len(contents) != 0) {
1617
+ OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
1618
+ return false;
1619
+ }
1620
+
1621
+ if (CBS_len(&srtp_mki) != 0) {
1622
+ // Must be no MKI, since we never offer one.
1623
+ OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SRTP_MKI_VALUE);
1624
+ *out_alert = SSL_AD_ILLEGAL_PARAMETER;
1625
+ return false;
1626
+ }
1627
+
1628
+ STACK_OF(SRTP_PROTECTION_PROFILE) *profiles = SSL_get_srtp_profiles(ssl);
1629
+
1630
+ // Check to see if the server gave us something we support (and presumably
1631
+ // offered).
1632
+ for (const SRTP_PROTECTION_PROFILE *profile : profiles) {
1633
+ if (profile->id == profile_id) {
1634
+ ssl->srtp_profile = profile;
1635
+ return true;
1636
+ }
1637
+ }
1638
+
1639
+ OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
1640
+ *out_alert = SSL_AD_ILLEGAL_PARAMETER;
1641
+ return false;
1642
+ }
1643
+
1644
+ static bool ext_srtp_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
1645
+ CBS *contents) {
1646
+ SSL *const ssl = hs->ssl;
1647
+ if (contents == NULL) {
1648
+ return true;
1649
+ }
1650
+
1651
+ CBS profile_ids, srtp_mki;
1652
+ if (!CBS_get_u16_length_prefixed(contents, &profile_ids) ||
1653
+ CBS_len(&profile_ids) < 2 ||
1654
+ !CBS_get_u8_length_prefixed(contents, &srtp_mki) ||
1655
+ CBS_len(contents) != 0) {
1656
+ OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
1657
+ return false;
1658
+ }
1659
+ // Discard the MKI value for now.
1660
+
1661
+ const STACK_OF(SRTP_PROTECTION_PROFILE) *server_profiles =
1662
+ SSL_get_srtp_profiles(ssl);
1663
+
1664
+ // Pick the server's most preferred profile.
1665
+ for (const SRTP_PROTECTION_PROFILE *server_profile : server_profiles) {
1666
+ CBS profile_ids_tmp;
1667
+ CBS_init(&profile_ids_tmp, CBS_data(&profile_ids), CBS_len(&profile_ids));
1668
+
1669
+ while (CBS_len(&profile_ids_tmp) > 0) {
1670
+ uint16_t profile_id;
1671
+ if (!CBS_get_u16(&profile_ids_tmp, &profile_id)) {
1672
+ return false;
1673
+ }
1674
+
1675
+ if (server_profile->id == profile_id) {
1676
+ ssl->srtp_profile = server_profile;
1677
+ return true;
1678
+ }
1679
+ }
1680
+ }
1681
+
1682
+ return true;
1683
+ }
1684
+
1685
+ static bool ext_srtp_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
1686
+ SSL *const ssl = hs->ssl;
1687
+ if (ssl->srtp_profile == NULL) {
1688
+ return true;
1689
+ }
1690
+
1691
+ CBB contents, profile_ids;
1692
+ if (!CBB_add_u16(out, TLSEXT_TYPE_srtp) ||
1693
+ !CBB_add_u16_length_prefixed(out, &contents) ||
1694
+ !CBB_add_u16_length_prefixed(&contents, &profile_ids) ||
1695
+ !CBB_add_u16(&profile_ids, ssl->srtp_profile->id) ||
1696
+ !CBB_add_u8(&contents, 0 /* empty MKI */) ||
1697
+ !CBB_flush(out)) {
1698
+ return false;
1699
+ }
1700
+
1701
+ return true;
1702
+ }
1703
+
1704
+
1705
+ // EC point formats.
1706
+ //
1707
+ // https://tools.ietf.org/html/rfc4492#section-5.1.2
1708
+
1709
+ static bool ext_ec_point_add_extension(SSL_HANDSHAKE *hs, CBB *out) {
1710
+ CBB contents, formats;
1711
+ if (!CBB_add_u16(out, TLSEXT_TYPE_ec_point_formats) ||
1712
+ !CBB_add_u16_length_prefixed(out, &contents) ||
1713
+ !CBB_add_u8_length_prefixed(&contents, &formats) ||
1714
+ !CBB_add_u8(&formats, TLSEXT_ECPOINTFORMAT_uncompressed) ||
1715
+ !CBB_flush(out)) {
1716
+ return false;
1717
+ }
1718
+
1719
+ return true;
1720
+ }
1721
+
1722
+ static bool ext_ec_point_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
1723
+ // The point format extension is unneccessary in TLS 1.3.
1724
+ if (hs->min_version >= TLS1_3_VERSION) {
1725
+ return true;
1726
+ }
1727
+
1728
+ return ext_ec_point_add_extension(hs, out);
1729
+ }
1730
+
1731
+ static bool ext_ec_point_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
1732
+ CBS *contents) {
1733
+ if (contents == NULL) {
1734
+ return true;
1735
+ }
1736
+
1737
+ if (ssl_protocol_version(hs->ssl) >= TLS1_3_VERSION) {
1738
+ return false;
1739
+ }
1740
+
1741
+ CBS ec_point_format_list;
1742
+ if (!CBS_get_u8_length_prefixed(contents, &ec_point_format_list) ||
1743
+ CBS_len(contents) != 0) {
1744
+ return false;
1745
+ }
1746
+
1747
+ // Per RFC 4492, section 5.1.2, implementations MUST support the uncompressed
1748
+ // point format.
1749
+ if (OPENSSL_memchr(CBS_data(&ec_point_format_list),
1750
+ TLSEXT_ECPOINTFORMAT_uncompressed,
1751
+ CBS_len(&ec_point_format_list)) == NULL) {
1752
+ *out_alert = SSL_AD_ILLEGAL_PARAMETER;
1753
+ return false;
1754
+ }
1755
+
1756
+ return true;
1757
+ }
1758
+
1759
+ static bool ext_ec_point_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
1760
+ CBS *contents) {
1761
+ if (ssl_protocol_version(hs->ssl) >= TLS1_3_VERSION) {
1762
+ return true;
1763
+ }
1764
+
1765
+ return ext_ec_point_parse_serverhello(hs, out_alert, contents);
1766
+ }
1767
+
1768
+ static bool ext_ec_point_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
1769
+ SSL *const ssl = hs->ssl;
1770
+ if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
1771
+ return true;
1772
+ }
1773
+
1774
+ const uint32_t alg_k = hs->new_cipher->algorithm_mkey;
1775
+ const uint32_t alg_a = hs->new_cipher->algorithm_auth;
1776
+ const bool using_ecc = (alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA);
1777
+
1778
+ if (!using_ecc) {
1779
+ return true;
1780
+ }
1781
+
1782
+ return ext_ec_point_add_extension(hs, out);
1783
+ }
1784
+
1785
+
1786
+ // Pre Shared Key
1787
+ //
1788
+ // https://tools.ietf.org/html/draft-ietf-tls-tls13-18#section-4.2.6
1789
+
1790
+ static size_t ext_pre_shared_key_clienthello_length(SSL_HANDSHAKE *hs) {
1791
+ SSL *const ssl = hs->ssl;
1792
+ if (hs->max_version < TLS1_3_VERSION || ssl->session == NULL ||
1793
+ ssl_session_protocol_version(ssl->session) < TLS1_3_VERSION) {
1794
+ return 0;
1795
+ }
1796
+
1797
+ size_t binder_len = EVP_MD_size(ssl_session_get_digest(ssl->session));
1798
+ return 15 + ssl->session->tlsext_ticklen + binder_len;
1799
+ }
1800
+
1801
+ static bool ext_pre_shared_key_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
1802
+ SSL *const ssl = hs->ssl;
1803
+ hs->needs_psk_binder = false;
1804
+ if (hs->max_version < TLS1_3_VERSION || ssl->session == NULL ||
1805
+ ssl_session_protocol_version(ssl->session) < TLS1_3_VERSION) {
1806
+ return true;
1807
+ }
1808
+
1809
+ // Per draft-ietf-tls-tls13-21 section 4.1.4, skip offering the session if the
1810
+ // selected cipher in HelloRetryRequest does not match. This avoids performing
1811
+ // the transcript hash transformation for multiple hashes.
1812
+ if (hs->received_hello_retry_request &&
1813
+ ssl_is_draft21(ssl->version) &&
1814
+ ssl->session->cipher->algorithm_prf != hs->new_cipher->algorithm_prf) {
1815
+ return true;
1816
+ }
1817
+
1818
+ struct OPENSSL_timeval now;
1819
+ ssl_get_current_time(ssl, &now);
1820
+ uint32_t ticket_age = 1000 * (now.tv_sec - ssl->session->time);
1821
+ uint32_t obfuscated_ticket_age = ticket_age + ssl->session->ticket_age_add;
1822
+
1823
+ // Fill in a placeholder zero binder of the appropriate length. It will be
1824
+ // computed and filled in later after length prefixes are computed.
1825
+ uint8_t zero_binder[EVP_MAX_MD_SIZE] = {0};
1826
+ size_t binder_len = EVP_MD_size(ssl_session_get_digest(ssl->session));
1827
+
1828
+ CBB contents, identity, ticket, binders, binder;
1829
+ if (!CBB_add_u16(out, TLSEXT_TYPE_pre_shared_key) ||
1830
+ !CBB_add_u16_length_prefixed(out, &contents) ||
1831
+ !CBB_add_u16_length_prefixed(&contents, &identity) ||
1832
+ !CBB_add_u16_length_prefixed(&identity, &ticket) ||
1833
+ !CBB_add_bytes(&ticket, ssl->session->tlsext_tick,
1834
+ ssl->session->tlsext_ticklen) ||
1835
+ !CBB_add_u32(&identity, obfuscated_ticket_age) ||
1836
+ !CBB_add_u16_length_prefixed(&contents, &binders) ||
1837
+ !CBB_add_u8_length_prefixed(&binders, &binder) ||
1838
+ !CBB_add_bytes(&binder, zero_binder, binder_len)) {
1839
+ return false;
1840
+ }
1841
+
1842
+ hs->needs_psk_binder = true;
1843
+ return CBB_flush(out);
1844
+ }
1845
+
1846
+ bool ssl_ext_pre_shared_key_parse_serverhello(SSL_HANDSHAKE *hs,
1847
+ uint8_t *out_alert,
1848
+ CBS *contents) {
1849
+ uint16_t psk_id;
1850
+ if (!CBS_get_u16(contents, &psk_id) ||
1851
+ CBS_len(contents) != 0) {
1852
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
1853
+ *out_alert = SSL_AD_DECODE_ERROR;
1854
+ return false;
1855
+ }
1856
+
1857
+ // We only advertise one PSK identity, so the only legal index is zero.
1858
+ if (psk_id != 0) {
1859
+ OPENSSL_PUT_ERROR(SSL, SSL_R_PSK_IDENTITY_NOT_FOUND);
1860
+ *out_alert = SSL_AD_UNKNOWN_PSK_IDENTITY;
1861
+ return false;
1862
+ }
1863
+
1864
+ return true;
1865
+ }
1866
+
1867
+ bool ssl_ext_pre_shared_key_parse_clienthello(
1868
+ SSL_HANDSHAKE *hs, CBS *out_ticket, CBS *out_binders,
1869
+ uint32_t *out_obfuscated_ticket_age, uint8_t *out_alert, CBS *contents) {
1870
+ // We only process the first PSK identity since we don't support pure PSK.
1871
+ CBS identities, binders;
1872
+ if (!CBS_get_u16_length_prefixed(contents, &identities) ||
1873
+ !CBS_get_u16_length_prefixed(&identities, out_ticket) ||
1874
+ !CBS_get_u32(&identities, out_obfuscated_ticket_age) ||
1875
+ !CBS_get_u16_length_prefixed(contents, &binders) ||
1876
+ CBS_len(&binders) == 0 ||
1877
+ CBS_len(contents) != 0) {
1878
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
1879
+ *out_alert = SSL_AD_DECODE_ERROR;
1880
+ return false;
1881
+ }
1882
+
1883
+ *out_binders = binders;
1884
+
1885
+ // Check the syntax of the remaining identities, but do not process them.
1886
+ size_t num_identities = 1;
1887
+ while (CBS_len(&identities) != 0) {
1888
+ CBS unused_ticket;
1889
+ uint32_t unused_obfuscated_ticket_age;
1890
+ if (!CBS_get_u16_length_prefixed(&identities, &unused_ticket) ||
1891
+ !CBS_get_u32(&identities, &unused_obfuscated_ticket_age)) {
1892
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
1893
+ *out_alert = SSL_AD_DECODE_ERROR;
1894
+ return false;
1895
+ }
1896
+
1897
+ num_identities++;
1898
+ }
1899
+
1900
+ // Check the syntax of the binders. The value will be checked later if
1901
+ // resuming.
1902
+ size_t num_binders = 0;
1903
+ while (CBS_len(&binders) != 0) {
1904
+ CBS binder;
1905
+ if (!CBS_get_u8_length_prefixed(&binders, &binder)) {
1906
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
1907
+ *out_alert = SSL_AD_DECODE_ERROR;
1908
+ return false;
1909
+ }
1910
+
1911
+ num_binders++;
1912
+ }
1913
+
1914
+ if (num_identities != num_binders) {
1915
+ OPENSSL_PUT_ERROR(SSL, SSL_R_PSK_IDENTITY_BINDER_COUNT_MISMATCH);
1916
+ *out_alert = SSL_AD_ILLEGAL_PARAMETER;
1917
+ return false;
1918
+ }
1919
+
1920
+ return true;
1921
+ }
1922
+
1923
+ bool ssl_ext_pre_shared_key_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
1924
+ if (!hs->ssl->s3->session_reused) {
1925
+ return true;
1926
+ }
1927
+
1928
+ CBB contents;
1929
+ if (!CBB_add_u16(out, TLSEXT_TYPE_pre_shared_key) ||
1930
+ !CBB_add_u16_length_prefixed(out, &contents) ||
1931
+ // We only consider the first identity for resumption
1932
+ !CBB_add_u16(&contents, 0) ||
1933
+ !CBB_flush(out)) {
1934
+ return false;
1935
+ }
1936
+
1937
+ return true;
1938
+ }
1939
+
1940
+
1941
+ // Pre-Shared Key Exchange Modes
1942
+ //
1943
+ // https://tools.ietf.org/html/draft-ietf-tls-tls13-18#section-4.2.7
1944
+
1945
+ static bool ext_psk_key_exchange_modes_add_clienthello(SSL_HANDSHAKE *hs,
1946
+ CBB *out) {
1947
+ if (hs->max_version < TLS1_3_VERSION) {
1948
+ return true;
1949
+ }
1950
+
1951
+ CBB contents, ke_modes;
1952
+ if (!CBB_add_u16(out, TLSEXT_TYPE_psk_key_exchange_modes) ||
1953
+ !CBB_add_u16_length_prefixed(out, &contents) ||
1954
+ !CBB_add_u8_length_prefixed(&contents, &ke_modes) ||
1955
+ !CBB_add_u8(&ke_modes, SSL_PSK_DHE_KE)) {
1956
+ return false;
1957
+ }
1958
+
1959
+ return CBB_flush(out);
1960
+ }
1961
+
1962
+ static bool ext_psk_key_exchange_modes_parse_clienthello(SSL_HANDSHAKE *hs,
1963
+ uint8_t *out_alert,
1964
+ CBS *contents) {
1965
+ if (contents == NULL) {
1966
+ return true;
1967
+ }
1968
+
1969
+ CBS ke_modes;
1970
+ if (!CBS_get_u8_length_prefixed(contents, &ke_modes) ||
1971
+ CBS_len(&ke_modes) == 0 ||
1972
+ CBS_len(contents) != 0) {
1973
+ *out_alert = SSL_AD_DECODE_ERROR;
1974
+ return false;
1975
+ }
1976
+
1977
+ // We only support tickets with PSK_DHE_KE.
1978
+ hs->accept_psk_mode = OPENSSL_memchr(CBS_data(&ke_modes), SSL_PSK_DHE_KE,
1979
+ CBS_len(&ke_modes)) != NULL;
1980
+
1981
+ return true;
1982
+ }
1983
+
1984
+
1985
+ // Early Data Indication
1986
+ //
1987
+ // https://tools.ietf.org/html/draft-ietf-tls-tls13-18#section-4.2.8
1988
+
1989
+ static bool ext_early_data_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
1990
+ SSL *const ssl = hs->ssl;
1991
+ if (!ssl->cert->enable_early_data ||
1992
+ // Session must be 0-RTT capable.
1993
+ ssl->session == NULL ||
1994
+ ssl_session_protocol_version(ssl->session) < TLS1_3_VERSION ||
1995
+ ssl->session->ticket_max_early_data == 0 ||
1996
+ // The second ClientHello never offers early data.
1997
+ hs->received_hello_retry_request ||
1998
+ // In case ALPN preferences changed since this session was established,
1999
+ // avoid reporting a confusing value in |SSL_get0_alpn_selected|.
2000
+ (ssl->session->early_alpn_len != 0 &&
2001
+ !ssl_is_alpn_protocol_allowed(
2002
+ ssl, MakeConstSpan(ssl->session->early_alpn,
2003
+ ssl->session->early_alpn_len)))) {
2004
+ return true;
2005
+ }
2006
+
2007
+ hs->early_data_offered = true;
2008
+
2009
+ if (!CBB_add_u16(out, TLSEXT_TYPE_early_data) ||
2010
+ !CBB_add_u16(out, 0) ||
2011
+ !CBB_flush(out)) {
2012
+ return false;
2013
+ }
2014
+
2015
+ return true;
2016
+ }
2017
+
2018
+ static bool ext_early_data_parse_serverhello(SSL_HANDSHAKE *hs,
2019
+ uint8_t *out_alert, CBS *contents) {
2020
+ SSL *const ssl = hs->ssl;
2021
+ if (contents == NULL) {
2022
+ return true;
2023
+ }
2024
+
2025
+ if (CBS_len(contents) != 0) {
2026
+ *out_alert = SSL_AD_DECODE_ERROR;
2027
+ return false;
2028
+ }
2029
+
2030
+ if (!ssl->s3->session_reused) {
2031
+ *out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
2032
+ OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
2033
+ return false;
2034
+ }
2035
+
2036
+ ssl->early_data_accepted = true;
2037
+ return true;
2038
+ }
2039
+
2040
+ static bool ext_early_data_parse_clienthello(SSL_HANDSHAKE *hs,
2041
+ uint8_t *out_alert, CBS *contents) {
2042
+ SSL *const ssl = hs->ssl;
2043
+ if (contents == NULL ||
2044
+ ssl_protocol_version(ssl) < TLS1_3_VERSION) {
2045
+ return true;
2046
+ }
2047
+
2048
+ if (CBS_len(contents) != 0) {
2049
+ *out_alert = SSL_AD_DECODE_ERROR;
2050
+ return false;
2051
+ }
2052
+
2053
+ hs->early_data_offered = true;
2054
+ return true;
2055
+ }
2056
+
2057
+ static bool ext_early_data_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
2058
+ if (!hs->ssl->early_data_accepted) {
2059
+ return true;
2060
+ }
2061
+
2062
+ if (!CBB_add_u16(out, TLSEXT_TYPE_early_data) ||
2063
+ !CBB_add_u16(out, 0) ||
2064
+ !CBB_flush(out)) {
2065
+ return false;
2066
+ }
2067
+
2068
+ return true;
2069
+ }
2070
+
2071
+
2072
+ // Key Share
2073
+ //
2074
+ // https://tools.ietf.org/html/draft-ietf-tls-tls13-16#section-4.2.5
2075
+
2076
+ static bool ext_key_share_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
2077
+ SSL *const ssl = hs->ssl;
2078
+ if (hs->max_version < TLS1_3_VERSION) {
2079
+ return true;
2080
+ }
2081
+
2082
+ CBB contents, kse_bytes;
2083
+ if (!CBB_add_u16(out, TLSEXT_TYPE_key_share) ||
2084
+ !CBB_add_u16_length_prefixed(out, &contents) ||
2085
+ !CBB_add_u16_length_prefixed(&contents, &kse_bytes)) {
2086
+ return false;
2087
+ }
2088
+
2089
+ uint16_t group_id = hs->retry_group;
2090
+ if (hs->received_hello_retry_request) {
2091
+ // We received a HelloRetryRequest without a new curve, so there is no new
2092
+ // share to append. Leave |hs->key_share| as-is.
2093
+ if (group_id == 0 &&
2094
+ !CBB_add_bytes(&kse_bytes, hs->key_share_bytes.data(),
2095
+ hs->key_share_bytes.size())) {
2096
+ return false;
2097
+ }
2098
+ hs->key_share_bytes.Reset();
2099
+ if (group_id == 0) {
2100
+ return CBB_flush(out);
2101
+ }
2102
+ } else {
2103
+ // Add a fake group. See draft-davidben-tls-grease-01.
2104
+ if (ssl->ctx->grease_enabled &&
2105
+ (!CBB_add_u16(&kse_bytes,
2106
+ ssl_get_grease_value(ssl, ssl_grease_group)) ||
2107
+ !CBB_add_u16(&kse_bytes, 1 /* length */) ||
2108
+ !CBB_add_u8(&kse_bytes, 0 /* one byte key share */))) {
2109
+ return false;
2110
+ }
2111
+
2112
+ // Predict the most preferred group.
2113
+ Span<const uint16_t> groups = tls1_get_grouplist(ssl);
2114
+ if (groups.empty()) {
2115
+ OPENSSL_PUT_ERROR(SSL, SSL_R_NO_GROUPS_SPECIFIED);
2116
+ return false;
2117
+ }
2118
+
2119
+ group_id = groups[0];
2120
+ }
2121
+
2122
+ hs->key_share = SSLKeyShare::Create(group_id);
2123
+ CBB key_exchange;
2124
+ if (!hs->key_share ||
2125
+ !CBB_add_u16(&kse_bytes, group_id) ||
2126
+ !CBB_add_u16_length_prefixed(&kse_bytes, &key_exchange) ||
2127
+ !hs->key_share->Offer(&key_exchange) ||
2128
+ !CBB_flush(&kse_bytes)) {
2129
+ return false;
2130
+ }
2131
+
2132
+ // Save the contents of the extension to repeat it in the second ClientHello.
2133
+ if (!hs->received_hello_retry_request &&
2134
+ !hs->key_share_bytes.CopyFrom(
2135
+ MakeConstSpan(CBB_data(&kse_bytes), CBB_len(&kse_bytes)))) {
2136
+ return false;
2137
+ }
2138
+
2139
+ return CBB_flush(out);
2140
+ }
2141
+
2142
+ bool ssl_ext_key_share_parse_serverhello(SSL_HANDSHAKE *hs,
2143
+ Array<uint8_t> *out_secret,
2144
+ uint8_t *out_alert, CBS *contents) {
2145
+ CBS peer_key;
2146
+ uint16_t group_id;
2147
+ if (!CBS_get_u16(contents, &group_id) ||
2148
+ !CBS_get_u16_length_prefixed(contents, &peer_key) ||
2149
+ CBS_len(contents) != 0) {
2150
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
2151
+ *out_alert = SSL_AD_DECODE_ERROR;
2152
+ return false;
2153
+ }
2154
+
2155
+ if (hs->key_share->GroupID() != group_id) {
2156
+ *out_alert = SSL_AD_ILLEGAL_PARAMETER;
2157
+ OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CURVE);
2158
+ return false;
2159
+ }
2160
+
2161
+ if (!hs->key_share->Finish(out_secret, out_alert, peer_key)) {
2162
+ *out_alert = SSL_AD_INTERNAL_ERROR;
2163
+ return false;
2164
+ }
2165
+
2166
+ hs->new_session->group_id = group_id;
2167
+ hs->key_share.reset();
2168
+ return true;
2169
+ }
2170
+
2171
+ bool ssl_ext_key_share_parse_clienthello(SSL_HANDSHAKE *hs, bool *out_found,
2172
+ Array<uint8_t> *out_secret,
2173
+ uint8_t *out_alert, CBS *contents) {
2174
+ uint16_t group_id;
2175
+ CBS key_shares;
2176
+ if (!tls1_get_shared_group(hs, &group_id)) {
2177
+ OPENSSL_PUT_ERROR(SSL, SSL_R_NO_SHARED_GROUP);
2178
+ *out_alert = SSL_AD_HANDSHAKE_FAILURE;
2179
+ return false;
2180
+ }
2181
+
2182
+ if (!CBS_get_u16_length_prefixed(contents, &key_shares) ||
2183
+ CBS_len(contents) != 0) {
2184
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
2185
+ return false;
2186
+ }
2187
+
2188
+ // Find the corresponding key share.
2189
+ CBS peer_key;
2190
+ CBS_init(&peer_key, NULL, 0);
2191
+ while (CBS_len(&key_shares) > 0) {
2192
+ uint16_t id;
2193
+ CBS peer_key_tmp;
2194
+ if (!CBS_get_u16(&key_shares, &id) ||
2195
+ !CBS_get_u16_length_prefixed(&key_shares, &peer_key_tmp) ||
2196
+ CBS_len(&peer_key_tmp) == 0) {
2197
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
2198
+ return false;
2199
+ }
2200
+
2201
+ if (id == group_id) {
2202
+ if (CBS_len(&peer_key) != 0) {
2203
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DUPLICATE_KEY_SHARE);
2204
+ *out_alert = SSL_AD_ILLEGAL_PARAMETER;
2205
+ return false;
2206
+ }
2207
+
2208
+ peer_key = peer_key_tmp;
2209
+ // Continue parsing the structure to keep peers honest.
2210
+ }
2211
+ }
2212
+
2213
+ if (CBS_len(&peer_key) == 0) {
2214
+ *out_found = false;
2215
+ out_secret->Reset();
2216
+ return true;
2217
+ }
2218
+
2219
+ // Compute the DH secret.
2220
+ Array<uint8_t> secret;
2221
+ ScopedCBB public_key;
2222
+ UniquePtr<SSLKeyShare> key_share = SSLKeyShare::Create(group_id);
2223
+ if (!key_share ||
2224
+ !CBB_init(public_key.get(), 32) ||
2225
+ !key_share->Accept(public_key.get(), &secret, out_alert, peer_key) ||
2226
+ !CBBFinishArray(public_key.get(), &hs->ecdh_public_key)) {
2227
+ *out_alert = SSL_AD_ILLEGAL_PARAMETER;
2228
+ return false;
2229
+ }
2230
+
2231
+ *out_secret = std::move(secret);
2232
+ *out_found = true;
2233
+ return true;
2234
+ }
2235
+
2236
+ bool ssl_ext_key_share_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
2237
+ uint16_t group_id;
2238
+ CBB kse_bytes, public_key;
2239
+ if (!tls1_get_shared_group(hs, &group_id) ||
2240
+ !CBB_add_u16(out, TLSEXT_TYPE_key_share) ||
2241
+ !CBB_add_u16_length_prefixed(out, &kse_bytes) ||
2242
+ !CBB_add_u16(&kse_bytes, group_id) ||
2243
+ !CBB_add_u16_length_prefixed(&kse_bytes, &public_key) ||
2244
+ !CBB_add_bytes(&public_key, hs->ecdh_public_key.data(),
2245
+ hs->ecdh_public_key.size()) ||
2246
+ !CBB_flush(out)) {
2247
+ return false;
2248
+ }
2249
+
2250
+ hs->ecdh_public_key.Reset();
2251
+
2252
+ hs->new_session->group_id = group_id;
2253
+ return true;
2254
+ }
2255
+
2256
+
2257
+ // Supported Versions
2258
+ //
2259
+ // https://tools.ietf.org/html/draft-ietf-tls-tls13-16#section-4.2.1
2260
+
2261
+ static bool ext_supported_versions_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
2262
+ SSL *const ssl = hs->ssl;
2263
+ if (hs->max_version <= TLS1_2_VERSION) {
2264
+ return true;
2265
+ }
2266
+
2267
+ CBB contents, versions;
2268
+ if (!CBB_add_u16(out, TLSEXT_TYPE_supported_versions) ||
2269
+ !CBB_add_u16_length_prefixed(out, &contents) ||
2270
+ !CBB_add_u8_length_prefixed(&contents, &versions)) {
2271
+ return false;
2272
+ }
2273
+
2274
+ // Add a fake version. See draft-davidben-tls-grease-01.
2275
+ if (ssl->ctx->grease_enabled &&
2276
+ !CBB_add_u16(&versions, ssl_get_grease_value(ssl, ssl_grease_version))) {
2277
+ return false;
2278
+ }
2279
+
2280
+ if (!ssl_add_supported_versions(hs, &versions) ||
2281
+ !CBB_flush(out)) {
2282
+ return false;
2283
+ }
2284
+
2285
+ return true;
2286
+ }
2287
+
2288
+
2289
+ // Cookie
2290
+ //
2291
+ // https://tools.ietf.org/html/draft-ietf-tls-tls13-16#section-4.2.2
2292
+
2293
+ static bool ext_cookie_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
2294
+ if (hs->cookie.empty()) {
2295
+ return true;
2296
+ }
2297
+
2298
+ CBB contents, cookie;
2299
+ if (!CBB_add_u16(out, TLSEXT_TYPE_cookie) ||
2300
+ !CBB_add_u16_length_prefixed(out, &contents) ||
2301
+ !CBB_add_u16_length_prefixed(&contents, &cookie) ||
2302
+ !CBB_add_bytes(&cookie, hs->cookie.data(), hs->cookie.size()) ||
2303
+ !CBB_flush(out)) {
2304
+ return false;
2305
+ }
2306
+
2307
+ // The cookie is no longer needed in memory.
2308
+ hs->cookie.Reset();
2309
+ return true;
2310
+ }
2311
+
2312
+
2313
+ // Negotiated Groups
2314
+ //
2315
+ // https://tools.ietf.org/html/rfc4492#section-5.1.2
2316
+ // https://tools.ietf.org/html/draft-ietf-tls-tls13-16#section-4.2.4
2317
+
2318
+ static bool ext_supported_groups_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
2319
+ SSL *const ssl = hs->ssl;
2320
+ CBB contents, groups_bytes;
2321
+ if (!CBB_add_u16(out, TLSEXT_TYPE_supported_groups) ||
2322
+ !CBB_add_u16_length_prefixed(out, &contents) ||
2323
+ !CBB_add_u16_length_prefixed(&contents, &groups_bytes)) {
2324
+ return false;
2325
+ }
2326
+
2327
+ // Add a fake group. See draft-davidben-tls-grease-01.
2328
+ if (ssl->ctx->grease_enabled &&
2329
+ !CBB_add_u16(&groups_bytes,
2330
+ ssl_get_grease_value(ssl, ssl_grease_group))) {
2331
+ return false;
2332
+ }
2333
+
2334
+ for (uint16_t group : tls1_get_grouplist(ssl)) {
2335
+ if (!CBB_add_u16(&groups_bytes, group)) {
2336
+ return false;
2337
+ }
2338
+ }
2339
+
2340
+ return CBB_flush(out);
2341
+ }
2342
+
2343
+ static bool ext_supported_groups_parse_serverhello(SSL_HANDSHAKE *hs,
2344
+ uint8_t *out_alert,
2345
+ CBS *contents) {
2346
+ // This extension is not expected to be echoed by servers in TLS 1.2, but some
2347
+ // BigIP servers send it nonetheless, so do not enforce this.
2348
+ return true;
2349
+ }
2350
+
2351
+ static bool parse_u16_array(const CBS *cbs, Array<uint16_t> *out) {
2352
+ CBS copy = *cbs;
2353
+ if ((CBS_len(&copy) & 1) != 0) {
2354
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
2355
+ return false;
2356
+ }
2357
+
2358
+ Array<uint16_t> ret;
2359
+ if (!ret.Init(CBS_len(&copy) / 2)) {
2360
+ return false;
2361
+ }
2362
+ for (size_t i = 0; i < ret.size(); i++) {
2363
+ if (!CBS_get_u16(&copy, &ret[i])) {
2364
+ OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
2365
+ return false;
2366
+ }
2367
+ }
2368
+
2369
+ assert(CBS_len(&copy) == 0);
2370
+ *out = std::move(ret);
2371
+ return 1;
2372
+ }
2373
+
2374
+ static bool ext_supported_groups_parse_clienthello(SSL_HANDSHAKE *hs,
2375
+ uint8_t *out_alert,
2376
+ CBS *contents) {
2377
+ if (contents == NULL) {
2378
+ return true;
2379
+ }
2380
+
2381
+ CBS supported_group_list;
2382
+ if (!CBS_get_u16_length_prefixed(contents, &supported_group_list) ||
2383
+ CBS_len(&supported_group_list) == 0 ||
2384
+ CBS_len(contents) != 0 ||
2385
+ !parse_u16_array(&supported_group_list, &hs->peer_supported_group_list)) {
2386
+ return false;
2387
+ }
2388
+
2389
+ return true;
2390
+ }
2391
+
2392
+
2393
+ // kExtensions contains all the supported extensions.
2394
+ static const struct tls_extension kExtensions[] = {
2395
+ {
2396
+ TLSEXT_TYPE_renegotiate,
2397
+ NULL,
2398
+ ext_ri_add_clienthello,
2399
+ ext_ri_parse_serverhello,
2400
+ ext_ri_parse_clienthello,
2401
+ ext_ri_add_serverhello,
2402
+ },
2403
+ {
2404
+ TLSEXT_TYPE_server_name,
2405
+ NULL,
2406
+ ext_sni_add_clienthello,
2407
+ ext_sni_parse_serverhello,
2408
+ ext_sni_parse_clienthello,
2409
+ ext_sni_add_serverhello,
2410
+ },
2411
+ {
2412
+ TLSEXT_TYPE_extended_master_secret,
2413
+ NULL,
2414
+ ext_ems_add_clienthello,
2415
+ ext_ems_parse_serverhello,
2416
+ ext_ems_parse_clienthello,
2417
+ ext_ems_add_serverhello,
2418
+ },
2419
+ {
2420
+ TLSEXT_TYPE_session_ticket,
2421
+ NULL,
2422
+ ext_ticket_add_clienthello,
2423
+ ext_ticket_parse_serverhello,
2424
+ // Ticket extension client parsing is handled in ssl_session.c
2425
+ ignore_parse_clienthello,
2426
+ ext_ticket_add_serverhello,
2427
+ },
2428
+ {
2429
+ TLSEXT_TYPE_signature_algorithms,
2430
+ NULL,
2431
+ ext_sigalgs_add_clienthello,
2432
+ forbid_parse_serverhello,
2433
+ ext_sigalgs_parse_clienthello,
2434
+ dont_add_serverhello,
2435
+ },
2436
+ {
2437
+ TLSEXT_TYPE_status_request,
2438
+ NULL,
2439
+ ext_ocsp_add_clienthello,
2440
+ ext_ocsp_parse_serverhello,
2441
+ ext_ocsp_parse_clienthello,
2442
+ ext_ocsp_add_serverhello,
2443
+ },
2444
+ {
2445
+ TLSEXT_TYPE_next_proto_neg,
2446
+ NULL,
2447
+ ext_npn_add_clienthello,
2448
+ ext_npn_parse_serverhello,
2449
+ ext_npn_parse_clienthello,
2450
+ ext_npn_add_serverhello,
2451
+ },
2452
+ {
2453
+ TLSEXT_TYPE_certificate_timestamp,
2454
+ NULL,
2455
+ ext_sct_add_clienthello,
2456
+ ext_sct_parse_serverhello,
2457
+ ext_sct_parse_clienthello,
2458
+ ext_sct_add_serverhello,
2459
+ },
2460
+ {
2461
+ TLSEXT_TYPE_application_layer_protocol_negotiation,
2462
+ NULL,
2463
+ ext_alpn_add_clienthello,
2464
+ ext_alpn_parse_serverhello,
2465
+ // ALPN is negotiated late in |ssl_negotiate_alpn|.
2466
+ ignore_parse_clienthello,
2467
+ ext_alpn_add_serverhello,
2468
+ },
2469
+ {
2470
+ TLSEXT_TYPE_channel_id,
2471
+ ext_channel_id_init,
2472
+ ext_channel_id_add_clienthello,
2473
+ ext_channel_id_parse_serverhello,
2474
+ ext_channel_id_parse_clienthello,
2475
+ ext_channel_id_add_serverhello,
2476
+ },
2477
+ {
2478
+ TLSEXT_TYPE_srtp,
2479
+ ext_srtp_init,
2480
+ ext_srtp_add_clienthello,
2481
+ ext_srtp_parse_serverhello,
2482
+ ext_srtp_parse_clienthello,
2483
+ ext_srtp_add_serverhello,
2484
+ },
2485
+ {
2486
+ TLSEXT_TYPE_ec_point_formats,
2487
+ NULL,
2488
+ ext_ec_point_add_clienthello,
2489
+ ext_ec_point_parse_serverhello,
2490
+ ext_ec_point_parse_clienthello,
2491
+ ext_ec_point_add_serverhello,
2492
+ },
2493
+ {
2494
+ TLSEXT_TYPE_key_share,
2495
+ NULL,
2496
+ ext_key_share_add_clienthello,
2497
+ forbid_parse_serverhello,
2498
+ ignore_parse_clienthello,
2499
+ dont_add_serverhello,
2500
+ },
2501
+ {
2502
+ TLSEXT_TYPE_psk_key_exchange_modes,
2503
+ NULL,
2504
+ ext_psk_key_exchange_modes_add_clienthello,
2505
+ forbid_parse_serverhello,
2506
+ ext_psk_key_exchange_modes_parse_clienthello,
2507
+ dont_add_serverhello,
2508
+ },
2509
+ {
2510
+ TLSEXT_TYPE_early_data,
2511
+ NULL,
2512
+ ext_early_data_add_clienthello,
2513
+ ext_early_data_parse_serverhello,
2514
+ ext_early_data_parse_clienthello,
2515
+ ext_early_data_add_serverhello,
2516
+ },
2517
+ {
2518
+ TLSEXT_TYPE_supported_versions,
2519
+ NULL,
2520
+ ext_supported_versions_add_clienthello,
2521
+ forbid_parse_serverhello,
2522
+ ignore_parse_clienthello,
2523
+ dont_add_serverhello,
2524
+ },
2525
+ {
2526
+ TLSEXT_TYPE_cookie,
2527
+ NULL,
2528
+ ext_cookie_add_clienthello,
2529
+ forbid_parse_serverhello,
2530
+ ignore_parse_clienthello,
2531
+ dont_add_serverhello,
2532
+ },
2533
+ // The final extension must be non-empty. WebSphere Application Server 7.0 is
2534
+ // intolerant to the last extension being zero-length. See
2535
+ // https://crbug.com/363583.
2536
+ {
2537
+ TLSEXT_TYPE_supported_groups,
2538
+ NULL,
2539
+ ext_supported_groups_add_clienthello,
2540
+ ext_supported_groups_parse_serverhello,
2541
+ ext_supported_groups_parse_clienthello,
2542
+ dont_add_serverhello,
2543
+ },
2544
+ };
2545
+
2546
+ #define kNumExtensions (sizeof(kExtensions) / sizeof(struct tls_extension))
2547
+
2548
+ static_assert(kNumExtensions <=
2549
+ sizeof(((SSL_HANDSHAKE *)NULL)->extensions.sent) * 8,
2550
+ "too many extensions for sent bitset");
2551
+ static_assert(kNumExtensions <=
2552
+ sizeof(((SSL_HANDSHAKE *)NULL)->extensions.received) * 8,
2553
+ "too many extensions for received bitset");
2554
+
2555
+ static const struct tls_extension *tls_extension_find(uint32_t *out_index,
2556
+ uint16_t value) {
2557
+ unsigned i;
2558
+ for (i = 0; i < kNumExtensions; i++) {
2559
+ if (kExtensions[i].value == value) {
2560
+ *out_index = i;
2561
+ return &kExtensions[i];
2562
+ }
2563
+ }
2564
+
2565
+ return NULL;
2566
+ }
2567
+
2568
+ int ssl_add_clienthello_tlsext(SSL_HANDSHAKE *hs, CBB *out, size_t header_len) {
2569
+ SSL *const ssl = hs->ssl;
2570
+ // Don't add extensions for SSLv3 unless doing secure renegotiation.
2571
+ if (hs->client_version == SSL3_VERSION &&
2572
+ !ssl->s3->send_connection_binding) {
2573
+ return 1;
2574
+ }
2575
+
2576
+ CBB extensions;
2577
+ if (!CBB_add_u16_length_prefixed(out, &extensions)) {
2578
+ OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
2579
+ return 0;
2580
+ }
2581
+
2582
+ hs->extensions.sent = 0;
2583
+ hs->custom_extensions.sent = 0;
2584
+
2585
+ for (size_t i = 0; i < kNumExtensions; i++) {
2586
+ if (kExtensions[i].init != NULL) {
2587
+ kExtensions[i].init(hs);
2588
+ }
2589
+ }
2590
+
2591
+ uint16_t grease_ext1 = 0;
2592
+ if (ssl->ctx->grease_enabled) {
2593
+ // Add a fake empty extension. See draft-davidben-tls-grease-01.
2594
+ grease_ext1 = ssl_get_grease_value(ssl, ssl_grease_extension1);
2595
+ if (!CBB_add_u16(&extensions, grease_ext1) ||
2596
+ !CBB_add_u16(&extensions, 0 /* zero length */)) {
2597
+ OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
2598
+ return 0;
2599
+ }
2600
+ }
2601
+
2602
+ for (size_t i = 0; i < kNumExtensions; i++) {
2603
+ const size_t len_before = CBB_len(&extensions);
2604
+ if (!kExtensions[i].add_clienthello(hs, &extensions)) {
2605
+ OPENSSL_PUT_ERROR(SSL, SSL_R_ERROR_ADDING_EXTENSION);
2606
+ ERR_add_error_dataf("extension %u", (unsigned)kExtensions[i].value);
2607
+ return 0;
2608
+ }
2609
+
2610
+ if (CBB_len(&extensions) != len_before) {
2611
+ hs->extensions.sent |= (1u << i);
2612
+ }
2613
+ }
2614
+
2615
+ if (!custom_ext_add_clienthello(hs, &extensions)) {
2616
+ OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
2617
+ return 0;
2618
+ }
2619
+
2620
+ if (ssl->ctx->grease_enabled) {
2621
+ // Add a fake non-empty extension. See draft-davidben-tls-grease-01.
2622
+ uint16_t grease_ext2 = ssl_get_grease_value(ssl, ssl_grease_extension2);
2623
+
2624
+ // The two fake extensions must not have the same value. GREASE values are
2625
+ // of the form 0x1a1a, 0x2a2a, 0x3a3a, etc., so XOR to generate a different
2626
+ // one.
2627
+ if (grease_ext1 == grease_ext2) {
2628
+ grease_ext2 ^= 0x1010;
2629
+ }
2630
+
2631
+ if (!CBB_add_u16(&extensions, grease_ext2) ||
2632
+ !CBB_add_u16(&extensions, 1 /* one byte length */) ||
2633
+ !CBB_add_u8(&extensions, 0 /* single zero byte as contents */)) {
2634
+ OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
2635
+ return 0;
2636
+ }
2637
+ }
2638
+
2639
+ if (!SSL_is_dtls(ssl)) {
2640
+ size_t psk_extension_len = ext_pre_shared_key_clienthello_length(hs);
2641
+ header_len += 2 + CBB_len(&extensions) + psk_extension_len;
2642
+ if (header_len > 0xff && header_len < 0x200) {
2643
+ // Add padding to workaround bugs in F5 terminators. See RFC 7685.
2644
+ //
2645
+ // NB: because this code works out the length of all existing extensions
2646
+ // it MUST always appear last.
2647
+ size_t padding_len = 0x200 - header_len;
2648
+ // Extensions take at least four bytes to encode. Always include at least
2649
+ // one byte of data if including the extension. WebSphere Application
2650
+ // Server 7.0 is intolerant to the last extension being zero-length. See
2651
+ // https://crbug.com/363583.
2652
+ if (padding_len >= 4 + 1) {
2653
+ padding_len -= 4;
2654
+ } else {
2655
+ padding_len = 1;
2656
+ }
2657
+
2658
+ uint8_t *padding_bytes;
2659
+ if (!CBB_add_u16(&extensions, TLSEXT_TYPE_padding) ||
2660
+ !CBB_add_u16(&extensions, padding_len) ||
2661
+ !CBB_add_space(&extensions, &padding_bytes, padding_len)) {
2662
+ OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
2663
+ return 0;
2664
+ }
2665
+
2666
+ OPENSSL_memset(padding_bytes, 0, padding_len);
2667
+ }
2668
+ }
2669
+
2670
+ // The PSK extension must be last, including after the padding.
2671
+ if (!ext_pre_shared_key_add_clienthello(hs, &extensions)) {
2672
+ OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
2673
+ return 0;
2674
+ }
2675
+
2676
+ // Discard empty extensions blocks.
2677
+ if (CBB_len(&extensions) == 0) {
2678
+ CBB_discard_child(out);
2679
+ }
2680
+
2681
+ return CBB_flush(out);
2682
+ }
2683
+
2684
+ int ssl_add_serverhello_tlsext(SSL_HANDSHAKE *hs, CBB *out) {
2685
+ SSL *const ssl = hs->ssl;
2686
+ CBB extensions;
2687
+ if (!CBB_add_u16_length_prefixed(out, &extensions)) {
2688
+ goto err;
2689
+ }
2690
+
2691
+ for (unsigned i = 0; i < kNumExtensions; i++) {
2692
+ if (!(hs->extensions.received & (1u << i))) {
2693
+ // Don't send extensions that were not received.
2694
+ continue;
2695
+ }
2696
+
2697
+ if (!kExtensions[i].add_serverhello(hs, &extensions)) {
2698
+ OPENSSL_PUT_ERROR(SSL, SSL_R_ERROR_ADDING_EXTENSION);
2699
+ ERR_add_error_dataf("extension %u", (unsigned)kExtensions[i].value);
2700
+ goto err;
2701
+ }
2702
+ }
2703
+
2704
+ if (!custom_ext_add_serverhello(hs, &extensions)) {
2705
+ goto err;
2706
+ }
2707
+
2708
+ // Discard empty extensions blocks before TLS 1.3.
2709
+ if (ssl_protocol_version(ssl) < TLS1_3_VERSION &&
2710
+ CBB_len(&extensions) == 0) {
2711
+ CBB_discard_child(out);
2712
+ }
2713
+
2714
+ return CBB_flush(out);
2715
+
2716
+ err:
2717
+ OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
2718
+ return 0;
2719
+ }
2720
+
2721
+ static int ssl_scan_clienthello_tlsext(SSL_HANDSHAKE *hs,
2722
+ const SSL_CLIENT_HELLO *client_hello,
2723
+ int *out_alert) {
2724
+ SSL *const ssl = hs->ssl;
2725
+ for (size_t i = 0; i < kNumExtensions; i++) {
2726
+ if (kExtensions[i].init != NULL) {
2727
+ kExtensions[i].init(hs);
2728
+ }
2729
+ }
2730
+
2731
+ hs->extensions.received = 0;
2732
+ hs->custom_extensions.received = 0;
2733
+ CBS extensions;
2734
+ CBS_init(&extensions, client_hello->extensions, client_hello->extensions_len);
2735
+ while (CBS_len(&extensions) != 0) {
2736
+ uint16_t type;
2737
+ CBS extension;
2738
+
2739
+ // Decode the next extension.
2740
+ if (!CBS_get_u16(&extensions, &type) ||
2741
+ !CBS_get_u16_length_prefixed(&extensions, &extension)) {
2742
+ *out_alert = SSL_AD_DECODE_ERROR;
2743
+ return 0;
2744
+ }
2745
+
2746
+ // RFC 5746 made the existence of extensions in SSL 3.0 somewhat
2747
+ // ambiguous. Ignore all but the renegotiation_info extension.
2748
+ if (ssl->version == SSL3_VERSION && type != TLSEXT_TYPE_renegotiate) {
2749
+ continue;
2750
+ }
2751
+
2752
+ unsigned ext_index;
2753
+ const struct tls_extension *const ext =
2754
+ tls_extension_find(&ext_index, type);
2755
+
2756
+ if (ext == NULL) {
2757
+ if (!custom_ext_parse_clienthello(hs, out_alert, type, &extension)) {
2758
+ OPENSSL_PUT_ERROR(SSL, SSL_R_ERROR_PARSING_EXTENSION);
2759
+ return 0;
2760
+ }
2761
+ continue;
2762
+ }
2763
+
2764
+ hs->extensions.received |= (1u << ext_index);
2765
+ uint8_t alert = SSL_AD_DECODE_ERROR;
2766
+ if (!ext->parse_clienthello(hs, &alert, &extension)) {
2767
+ *out_alert = alert;
2768
+ OPENSSL_PUT_ERROR(SSL, SSL_R_ERROR_PARSING_EXTENSION);
2769
+ ERR_add_error_dataf("extension %u", (unsigned)type);
2770
+ return 0;
2771
+ }
2772
+ }
2773
+
2774
+ for (size_t i = 0; i < kNumExtensions; i++) {
2775
+ if (hs->extensions.received & (1u << i)) {
2776
+ continue;
2777
+ }
2778
+
2779
+ CBS *contents = NULL, fake_contents;
2780
+ static const uint8_t kFakeRenegotiateExtension[] = {0};
2781
+ if (kExtensions[i].value == TLSEXT_TYPE_renegotiate &&
2782
+ ssl_client_cipher_list_contains_cipher(client_hello,
2783
+ SSL3_CK_SCSV & 0xffff)) {
2784
+ // The renegotiation SCSV was received so pretend that we received a
2785
+ // renegotiation extension.
2786
+ CBS_init(&fake_contents, kFakeRenegotiateExtension,
2787
+ sizeof(kFakeRenegotiateExtension));
2788
+ contents = &fake_contents;
2789
+ hs->extensions.received |= (1u << i);
2790
+ }
2791
+
2792
+ // Extension wasn't observed so call the callback with a NULL
2793
+ // parameter.
2794
+ uint8_t alert = SSL_AD_DECODE_ERROR;
2795
+ if (!kExtensions[i].parse_clienthello(hs, &alert, contents)) {
2796
+ OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_EXTENSION);
2797
+ ERR_add_error_dataf("extension %u", (unsigned)kExtensions[i].value);
2798
+ *out_alert = alert;
2799
+ return 0;
2800
+ }
2801
+ }
2802
+
2803
+ return 1;
2804
+ }
2805
+
2806
+ int ssl_parse_clienthello_tlsext(SSL_HANDSHAKE *hs,
2807
+ const SSL_CLIENT_HELLO *client_hello) {
2808
+ SSL *const ssl = hs->ssl;
2809
+ int alert = SSL_AD_DECODE_ERROR;
2810
+ if (ssl_scan_clienthello_tlsext(hs, client_hello, &alert) <= 0) {
2811
+ ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
2812
+ return 0;
2813
+ }
2814
+
2815
+ if (ssl_check_clienthello_tlsext(hs) <= 0) {
2816
+ OPENSSL_PUT_ERROR(SSL, SSL_R_CLIENTHELLO_TLSEXT);
2817
+ return 0;
2818
+ }
2819
+
2820
+ return 1;
2821
+ }
2822
+
2823
+ static int ssl_scan_serverhello_tlsext(SSL_HANDSHAKE *hs, CBS *cbs,
2824
+ int *out_alert) {
2825
+ SSL *const ssl = hs->ssl;
2826
+ // Before TLS 1.3, ServerHello extensions blocks may be omitted if empty.
2827
+ if (CBS_len(cbs) == 0 && ssl_protocol_version(ssl) < TLS1_3_VERSION) {
2828
+ return 1;
2829
+ }
2830
+
2831
+ // Decode the extensions block and check it is valid.
2832
+ CBS extensions;
2833
+ if (!CBS_get_u16_length_prefixed(cbs, &extensions) ||
2834
+ !tls1_check_duplicate_extensions(&extensions)) {
2835
+ *out_alert = SSL_AD_DECODE_ERROR;
2836
+ return 0;
2837
+ }
2838
+
2839
+ uint32_t received = 0;
2840
+ while (CBS_len(&extensions) != 0) {
2841
+ uint16_t type;
2842
+ CBS extension;
2843
+
2844
+ // Decode the next extension.
2845
+ if (!CBS_get_u16(&extensions, &type) ||
2846
+ !CBS_get_u16_length_prefixed(&extensions, &extension)) {
2847
+ *out_alert = SSL_AD_DECODE_ERROR;
2848
+ return 0;
2849
+ }
2850
+
2851
+ unsigned ext_index;
2852
+ const struct tls_extension *const ext =
2853
+ tls_extension_find(&ext_index, type);
2854
+
2855
+ if (ext == NULL) {
2856
+ hs->received_custom_extension = true;
2857
+ if (!custom_ext_parse_serverhello(hs, out_alert, type, &extension)) {
2858
+ return 0;
2859
+ }
2860
+ continue;
2861
+ }
2862
+
2863
+ static_assert(kNumExtensions <= sizeof(hs->extensions.sent) * 8,
2864
+ "too many bits");
2865
+
2866
+ if (!(hs->extensions.sent & (1u << ext_index)) &&
2867
+ type != TLSEXT_TYPE_renegotiate) {
2868
+ // If the extension was never sent then it is illegal, except for the
2869
+ // renegotiation extension which, in SSL 3.0, is signaled via SCSV.
2870
+ OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
2871
+ ERR_add_error_dataf("extension :%u", (unsigned)type);
2872
+ *out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
2873
+ return 0;
2874
+ }
2875
+
2876
+ received |= (1u << ext_index);
2877
+
2878
+ uint8_t alert = SSL_AD_DECODE_ERROR;
2879
+ if (!ext->parse_serverhello(hs, &alert, &extension)) {
2880
+ OPENSSL_PUT_ERROR(SSL, SSL_R_ERROR_PARSING_EXTENSION);
2881
+ ERR_add_error_dataf("extension %u", (unsigned)type);
2882
+ *out_alert = alert;
2883
+ return 0;
2884
+ }
2885
+ }
2886
+
2887
+ for (size_t i = 0; i < kNumExtensions; i++) {
2888
+ if (!(received & (1u << i))) {
2889
+ // Extension wasn't observed so call the callback with a NULL
2890
+ // parameter.
2891
+ uint8_t alert = SSL_AD_DECODE_ERROR;
2892
+ if (!kExtensions[i].parse_serverhello(hs, &alert, NULL)) {
2893
+ OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_EXTENSION);
2894
+ ERR_add_error_dataf("extension %u", (unsigned)kExtensions[i].value);
2895
+ *out_alert = alert;
2896
+ return 0;
2897
+ }
2898
+ }
2899
+ }
2900
+
2901
+ return 1;
2902
+ }
2903
+
2904
+ static int ssl_check_clienthello_tlsext(SSL_HANDSHAKE *hs) {
2905
+ SSL *const ssl = hs->ssl;
2906
+ int ret = SSL_TLSEXT_ERR_NOACK;
2907
+ int al = SSL_AD_UNRECOGNIZED_NAME;
2908
+
2909
+ if (ssl->ctx->tlsext_servername_callback != 0) {
2910
+ ret = ssl->ctx->tlsext_servername_callback(ssl, &al,
2911
+ ssl->ctx->tlsext_servername_arg);
2912
+ } else if (ssl->session_ctx->tlsext_servername_callback != 0) {
2913
+ ret = ssl->session_ctx->tlsext_servername_callback(
2914
+ ssl, &al, ssl->session_ctx->tlsext_servername_arg);
2915
+ }
2916
+
2917
+ switch (ret) {
2918
+ case SSL_TLSEXT_ERR_ALERT_FATAL:
2919
+ ssl_send_alert(ssl, SSL3_AL_FATAL, al);
2920
+ return -1;
2921
+
2922
+ case SSL_TLSEXT_ERR_NOACK:
2923
+ hs->should_ack_sni = false;
2924
+ return 1;
2925
+
2926
+ default:
2927
+ return 1;
2928
+ }
2929
+ }
2930
+
2931
+ int ssl_parse_serverhello_tlsext(SSL_HANDSHAKE *hs, CBS *cbs) {
2932
+ SSL *const ssl = hs->ssl;
2933
+ int alert = SSL_AD_DECODE_ERROR;
2934
+ if (ssl_scan_serverhello_tlsext(hs, cbs, &alert) <= 0) {
2935
+ ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
2936
+ return 0;
2937
+ }
2938
+
2939
+ return 1;
2940
+ }
2941
+
2942
+ static enum ssl_ticket_aead_result_t decrypt_ticket_with_cipher_ctx(
2943
+ uint8_t **out, size_t *out_len, EVP_CIPHER_CTX *cipher_ctx,
2944
+ HMAC_CTX *hmac_ctx, const uint8_t *ticket, size_t ticket_len) {
2945
+ size_t iv_len = EVP_CIPHER_CTX_iv_length(cipher_ctx);
2946
+
2947
+ // Check the MAC at the end of the ticket.
2948
+ uint8_t mac[EVP_MAX_MD_SIZE];
2949
+ size_t mac_len = HMAC_size(hmac_ctx);
2950
+ if (ticket_len < SSL_TICKET_KEY_NAME_LEN + iv_len + 1 + mac_len) {
2951
+ // The ticket must be large enough for key name, IV, data, and MAC.
2952
+ return ssl_ticket_aead_ignore_ticket;
2953
+ }
2954
+ HMAC_Update(hmac_ctx, ticket, ticket_len - mac_len);
2955
+ HMAC_Final(hmac_ctx, mac, NULL);
2956
+ int mac_ok =
2957
+ CRYPTO_memcmp(mac, ticket + (ticket_len - mac_len), mac_len) == 0;
2958
+ #if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
2959
+ mac_ok = 1;
2960
+ #endif
2961
+ if (!mac_ok) {
2962
+ return ssl_ticket_aead_ignore_ticket;
2963
+ }
2964
+
2965
+ // Decrypt the session data.
2966
+ const uint8_t *ciphertext = ticket + SSL_TICKET_KEY_NAME_LEN + iv_len;
2967
+ size_t ciphertext_len = ticket_len - SSL_TICKET_KEY_NAME_LEN - iv_len -
2968
+ mac_len;
2969
+ UniquePtr<uint8_t> plaintext((uint8_t *)OPENSSL_malloc(ciphertext_len));
2970
+ if (!plaintext) {
2971
+ return ssl_ticket_aead_error;
2972
+ }
2973
+ size_t plaintext_len;
2974
+ #if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
2975
+ OPENSSL_memcpy(plaintext.get(), ciphertext, ciphertext_len);
2976
+ plaintext_len = ciphertext_len;
2977
+ #else
2978
+ if (ciphertext_len >= INT_MAX) {
2979
+ return ssl_ticket_aead_ignore_ticket;
2980
+ }
2981
+ int len1, len2;
2982
+ if (!EVP_DecryptUpdate(cipher_ctx, plaintext.get(), &len1, ciphertext,
2983
+ (int)ciphertext_len) ||
2984
+ !EVP_DecryptFinal_ex(cipher_ctx, plaintext.get() + len1, &len2)) {
2985
+ ERR_clear_error();
2986
+ return ssl_ticket_aead_ignore_ticket;
2987
+ }
2988
+ plaintext_len = (size_t)(len1) + len2;
2989
+ #endif
2990
+
2991
+ *out = plaintext.release();
2992
+ *out_len = plaintext_len;
2993
+ return ssl_ticket_aead_success;
2994
+ }
2995
+
2996
+ static enum ssl_ticket_aead_result_t ssl_decrypt_ticket_with_cb(
2997
+ SSL *ssl, uint8_t **out, size_t *out_len, bool *out_renew_ticket,
2998
+ const uint8_t *ticket, size_t ticket_len) {
2999
+ assert(ticket_len >= SSL_TICKET_KEY_NAME_LEN + EVP_MAX_IV_LENGTH);
3000
+ ScopedEVP_CIPHER_CTX cipher_ctx;
3001
+ ScopedHMAC_CTX hmac_ctx;
3002
+ const uint8_t *iv = ticket + SSL_TICKET_KEY_NAME_LEN;
3003
+ int cb_ret = ssl->session_ctx->tlsext_ticket_key_cb(
3004
+ ssl, (uint8_t *)ticket /* name */, (uint8_t *)iv, cipher_ctx.get(),
3005
+ hmac_ctx.get(), 0 /* decrypt */);
3006
+ if (cb_ret < 0) {
3007
+ return ssl_ticket_aead_error;
3008
+ } else if (cb_ret == 0) {
3009
+ return ssl_ticket_aead_ignore_ticket;
3010
+ } else if (cb_ret == 2) {
3011
+ *out_renew_ticket = true;
3012
+ } else {
3013
+ assert(cb_ret == 1);
3014
+ }
3015
+ return decrypt_ticket_with_cipher_ctx(out, out_len, cipher_ctx.get(),
3016
+ hmac_ctx.get(), ticket, ticket_len);
3017
+ }
3018
+
3019
+ static enum ssl_ticket_aead_result_t ssl_decrypt_ticket_with_ticket_keys(
3020
+ SSL *ssl, uint8_t **out, size_t *out_len, const uint8_t *ticket,
3021
+ size_t ticket_len) {
3022
+ assert(ticket_len >= SSL_TICKET_KEY_NAME_LEN + EVP_MAX_IV_LENGTH);
3023
+ SSL_CTX *ctx = ssl->session_ctx;
3024
+
3025
+ // Rotate the ticket key if necessary.
3026
+ if (!ssl_ctx_rotate_ticket_encryption_key(ctx)) {
3027
+ return ssl_ticket_aead_error;
3028
+ }
3029
+
3030
+ // Pick the matching ticket key and decrypt.
3031
+ ScopedEVP_CIPHER_CTX cipher_ctx;
3032
+ ScopedHMAC_CTX hmac_ctx;
3033
+ {
3034
+ MutexReadLock lock(&ctx->lock);
3035
+ const tlsext_ticket_key *key;
3036
+ if (ctx->tlsext_ticket_key_current &&
3037
+ !OPENSSL_memcmp(ctx->tlsext_ticket_key_current->name, ticket,
3038
+ SSL_TICKET_KEY_NAME_LEN)) {
3039
+ key = ctx->tlsext_ticket_key_current;
3040
+ } else if (ctx->tlsext_ticket_key_prev &&
3041
+ !OPENSSL_memcmp(ctx->tlsext_ticket_key_prev->name, ticket,
3042
+ SSL_TICKET_KEY_NAME_LEN)) {
3043
+ key = ctx->tlsext_ticket_key_prev;
3044
+ } else {
3045
+ return ssl_ticket_aead_ignore_ticket;
3046
+ }
3047
+ const uint8_t *iv = ticket + SSL_TICKET_KEY_NAME_LEN;
3048
+ if (!HMAC_Init_ex(hmac_ctx.get(), key->hmac_key, sizeof(key->hmac_key),
3049
+ tlsext_tick_md(), NULL) ||
3050
+ !EVP_DecryptInit_ex(cipher_ctx.get(), EVP_aes_128_cbc(), NULL,
3051
+ key->aes_key, iv)) {
3052
+ return ssl_ticket_aead_error;
3053
+ }
3054
+ }
3055
+ return decrypt_ticket_with_cipher_ctx(out, out_len, cipher_ctx.get(),
3056
+ hmac_ctx.get(), ticket, ticket_len);
3057
+ }
3058
+
3059
+ static enum ssl_ticket_aead_result_t ssl_decrypt_ticket_with_method(
3060
+ SSL *ssl, uint8_t **out, size_t *out_len, bool *out_renew_ticket,
3061
+ const uint8_t *ticket, size_t ticket_len) {
3062
+ uint8_t *plaintext = (uint8_t *)OPENSSL_malloc(ticket_len);
3063
+ if (plaintext == NULL) {
3064
+ OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
3065
+ return ssl_ticket_aead_error;
3066
+ }
3067
+
3068
+ size_t plaintext_len;
3069
+ const enum ssl_ticket_aead_result_t result =
3070
+ ssl->session_ctx->ticket_aead_method->open(
3071
+ ssl, plaintext, &plaintext_len, ticket_len, ticket, ticket_len);
3072
+
3073
+ if (result == ssl_ticket_aead_success) {
3074
+ *out = plaintext;
3075
+ plaintext = NULL;
3076
+ *out_len = plaintext_len;
3077
+ }
3078
+
3079
+ OPENSSL_free(plaintext);
3080
+ return result;
3081
+ }
3082
+
3083
+ enum ssl_ticket_aead_result_t ssl_process_ticket(
3084
+ SSL *ssl, UniquePtr<SSL_SESSION> *out_session, bool *out_renew_ticket,
3085
+ const uint8_t *ticket, size_t ticket_len, const uint8_t *session_id,
3086
+ size_t session_id_len) {
3087
+ *out_renew_ticket = false;
3088
+ out_session->reset();
3089
+
3090
+ if ((SSL_get_options(ssl) & SSL_OP_NO_TICKET) ||
3091
+ session_id_len > SSL_MAX_SSL_SESSION_ID_LENGTH) {
3092
+ return ssl_ticket_aead_ignore_ticket;
3093
+ }
3094
+
3095
+ uint8_t *plaintext = NULL;
3096
+ size_t plaintext_len;
3097
+ enum ssl_ticket_aead_result_t result;
3098
+ if (ssl->session_ctx->ticket_aead_method != NULL) {
3099
+ result = ssl_decrypt_ticket_with_method(
3100
+ ssl, &plaintext, &plaintext_len, out_renew_ticket, ticket, ticket_len);
3101
+ } else {
3102
+ // Ensure there is room for the key name and the largest IV
3103
+ // |tlsext_ticket_key_cb| may try to consume. The real limit may be lower,
3104
+ // but the maximum IV length should be well under the minimum size for the
3105
+ // session material and HMAC.
3106
+ if (ticket_len < SSL_TICKET_KEY_NAME_LEN + EVP_MAX_IV_LENGTH) {
3107
+ return ssl_ticket_aead_ignore_ticket;
3108
+ }
3109
+ if (ssl->session_ctx->tlsext_ticket_key_cb != NULL) {
3110
+ result = ssl_decrypt_ticket_with_cb(ssl, &plaintext, &plaintext_len,
3111
+ out_renew_ticket, ticket, ticket_len);
3112
+ } else {
3113
+ result = ssl_decrypt_ticket_with_ticket_keys(
3114
+ ssl, &plaintext, &plaintext_len, ticket, ticket_len);
3115
+ }
3116
+ }
3117
+
3118
+ if (result != ssl_ticket_aead_success) {
3119
+ return result;
3120
+ }
3121
+
3122
+ // Decode the session.
3123
+ UniquePtr<SSL_SESSION> session(
3124
+ SSL_SESSION_from_bytes(plaintext, plaintext_len, ssl->ctx));
3125
+ OPENSSL_free(plaintext);
3126
+
3127
+ if (!session) {
3128
+ ERR_clear_error(); // Don't leave an error on the queue.
3129
+ return ssl_ticket_aead_ignore_ticket;
3130
+ }
3131
+
3132
+ // Copy the client's session ID into the new session, to denote the ticket has
3133
+ // been accepted.
3134
+ OPENSSL_memcpy(session->session_id, session_id, session_id_len);
3135
+ session->session_id_length = session_id_len;
3136
+
3137
+ *out_session = std::move(session);
3138
+ return ssl_ticket_aead_success;
3139
+ }
3140
+
3141
+ int tls1_parse_peer_sigalgs(SSL_HANDSHAKE *hs, const CBS *in_sigalgs) {
3142
+ // Extension ignored for inappropriate versions
3143
+ if (ssl_protocol_version(hs->ssl) < TLS1_2_VERSION) {
3144
+ return 1;
3145
+ }
3146
+
3147
+ return parse_u16_array(in_sigalgs, &hs->peer_sigalgs);
3148
+ }
3149
+
3150
+ int tls1_get_legacy_signature_algorithm(uint16_t *out, const EVP_PKEY *pkey) {
3151
+ switch (EVP_PKEY_id(pkey)) {
3152
+ case EVP_PKEY_RSA:
3153
+ *out = SSL_SIGN_RSA_PKCS1_MD5_SHA1;
3154
+ return 1;
3155
+ case EVP_PKEY_EC:
3156
+ *out = SSL_SIGN_ECDSA_SHA1;
3157
+ return 1;
3158
+ default:
3159
+ return 0;
3160
+ }
3161
+ }
3162
+
3163
+ int tls1_choose_signature_algorithm(SSL_HANDSHAKE *hs, uint16_t *out) {
3164
+ SSL *const ssl = hs->ssl;
3165
+ CERT *cert = ssl->cert;
3166
+
3167
+ // Before TLS 1.2, the signature algorithm isn't negotiated as part of the
3168
+ // handshake.
3169
+ if (ssl_protocol_version(ssl) < TLS1_2_VERSION) {
3170
+ if (!tls1_get_legacy_signature_algorithm(out, hs->local_pubkey.get())) {
3171
+ OPENSSL_PUT_ERROR(SSL, SSL_R_NO_COMMON_SIGNATURE_ALGORITHMS);
3172
+ return 0;
3173
+ }
3174
+ return 1;
3175
+ }
3176
+
3177
+ Span<const uint16_t> sigalgs = kSignSignatureAlgorithms;
3178
+ if (cert->sigalgs != nullptr) {
3179
+ sigalgs = MakeConstSpan(cert->sigalgs, cert->num_sigalgs);
3180
+ }
3181
+
3182
+ Span<const uint16_t> peer_sigalgs = hs->peer_sigalgs;
3183
+ if (peer_sigalgs.empty() && ssl_protocol_version(ssl) < TLS1_3_VERSION) {
3184
+ // If the client didn't specify any signature_algorithms extension then
3185
+ // we can assume that it supports SHA1. See
3186
+ // http://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
3187
+ static const uint16_t kDefaultPeerAlgorithms[] = {SSL_SIGN_RSA_PKCS1_SHA1,
3188
+ SSL_SIGN_ECDSA_SHA1};
3189
+ peer_sigalgs = kDefaultPeerAlgorithms;
3190
+ }
3191
+
3192
+ for (uint16_t sigalg : sigalgs) {
3193
+ // SSL_SIGN_RSA_PKCS1_MD5_SHA1 is an internal value and should never be
3194
+ // negotiated.
3195
+ if (sigalg == SSL_SIGN_RSA_PKCS1_MD5_SHA1 ||
3196
+ !ssl_private_key_supports_signature_algorithm(hs, sigalg)) {
3197
+ continue;
3198
+ }
3199
+
3200
+ for (uint16_t peer_sigalg : peer_sigalgs) {
3201
+ if (sigalg == peer_sigalg) {
3202
+ *out = sigalg;
3203
+ return 1;
3204
+ }
3205
+ }
3206
+ }
3207
+
3208
+ OPENSSL_PUT_ERROR(SSL, SSL_R_NO_COMMON_SIGNATURE_ALGORITHMS);
3209
+ return 0;
3210
+ }
3211
+
3212
+ int tls1_verify_channel_id(SSL_HANDSHAKE *hs, const SSLMessage &msg) {
3213
+ SSL *const ssl = hs->ssl;
3214
+ // A Channel ID handshake message is structured to contain multiple
3215
+ // extensions, but the only one that can be present is Channel ID.
3216
+ uint16_t extension_type;
3217
+ CBS channel_id = msg.body, extension;
3218
+ if (!CBS_get_u16(&channel_id, &extension_type) ||
3219
+ !CBS_get_u16_length_prefixed(&channel_id, &extension) ||
3220
+ CBS_len(&channel_id) != 0 ||
3221
+ extension_type != TLSEXT_TYPE_channel_id ||
3222
+ CBS_len(&extension) != TLSEXT_CHANNEL_ID_SIZE) {
3223
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
3224
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
3225
+ return 0;
3226
+ }
3227
+
3228
+ UniquePtr<EC_GROUP> p256(EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
3229
+ if (!p256) {
3230
+ OPENSSL_PUT_ERROR(SSL, SSL_R_NO_P256_SUPPORT);
3231
+ return 0;
3232
+ }
3233
+
3234
+ UniquePtr<ECDSA_SIG> sig(ECDSA_SIG_new());
3235
+ UniquePtr<BIGNUM> x(BN_new()), y(BN_new());
3236
+ if (!sig || !x || !y) {
3237
+ return 0;
3238
+ }
3239
+
3240
+ const uint8_t *p = CBS_data(&extension);
3241
+ if (BN_bin2bn(p + 0, 32, x.get()) == NULL ||
3242
+ BN_bin2bn(p + 32, 32, y.get()) == NULL ||
3243
+ BN_bin2bn(p + 64, 32, sig->r) == NULL ||
3244
+ BN_bin2bn(p + 96, 32, sig->s) == NULL) {
3245
+ return 0;
3246
+ }
3247
+
3248
+ UniquePtr<EC_KEY> key(EC_KEY_new());
3249
+ UniquePtr<EC_POINT> point(EC_POINT_new(p256.get()));
3250
+ if (!key || !point ||
3251
+ !EC_POINT_set_affine_coordinates_GFp(p256.get(), point.get(), x.get(),
3252
+ y.get(), nullptr) ||
3253
+ !EC_KEY_set_group(key.get(), p256.get()) ||
3254
+ !EC_KEY_set_public_key(key.get(), point.get())) {
3255
+ return 0;
3256
+ }
3257
+
3258
+ uint8_t digest[EVP_MAX_MD_SIZE];
3259
+ size_t digest_len;
3260
+ if (!tls1_channel_id_hash(hs, digest, &digest_len)) {
3261
+ return 0;
3262
+ }
3263
+
3264
+ int sig_ok = ECDSA_do_verify(digest, digest_len, sig.get(), key.get());
3265
+ #if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
3266
+ sig_ok = 1;
3267
+ #endif
3268
+ if (!sig_ok) {
3269
+ OPENSSL_PUT_ERROR(SSL, SSL_R_CHANNEL_ID_SIGNATURE_INVALID);
3270
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
3271
+ ssl->s3->tlsext_channel_id_valid = false;
3272
+ return 0;
3273
+ }
3274
+
3275
+ OPENSSL_memcpy(ssl->s3->tlsext_channel_id, p, 64);
3276
+ return 1;
3277
+ }
3278
+
3279
+ bool tls1_write_channel_id(SSL_HANDSHAKE *hs, CBB *cbb) {
3280
+ SSL *const ssl = hs->ssl;
3281
+ uint8_t digest[EVP_MAX_MD_SIZE];
3282
+ size_t digest_len;
3283
+ if (!tls1_channel_id_hash(hs, digest, &digest_len)) {
3284
+ return false;
3285
+ }
3286
+
3287
+ EC_KEY *ec_key = EVP_PKEY_get0_EC_KEY(ssl->tlsext_channel_id_private);
3288
+ if (ec_key == nullptr) {
3289
+ OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
3290
+ return false;
3291
+ }
3292
+
3293
+ UniquePtr<BIGNUM> x(BN_new()), y(BN_new());
3294
+ if (!x || !y ||
3295
+ !EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(ec_key),
3296
+ EC_KEY_get0_public_key(ec_key),
3297
+ x.get(), y.get(), nullptr)) {
3298
+ return false;
3299
+ }
3300
+
3301
+ UniquePtr<ECDSA_SIG> sig(ECDSA_do_sign(digest, digest_len, ec_key));
3302
+ if (!sig) {
3303
+ return false;
3304
+ }
3305
+
3306
+ CBB child;
3307
+ if (!CBB_add_u16(cbb, TLSEXT_TYPE_channel_id) ||
3308
+ !CBB_add_u16_length_prefixed(cbb, &child) ||
3309
+ !BN_bn2cbb_padded(&child, 32, x.get()) ||
3310
+ !BN_bn2cbb_padded(&child, 32, y.get()) ||
3311
+ !BN_bn2cbb_padded(&child, 32, sig->r) ||
3312
+ !BN_bn2cbb_padded(&child, 32, sig->s) ||
3313
+ !CBB_flush(cbb)) {
3314
+ return false;
3315
+ }
3316
+
3317
+ return true;
3318
+ }
3319
+
3320
+ int tls1_channel_id_hash(SSL_HANDSHAKE *hs, uint8_t *out, size_t *out_len) {
3321
+ SSL *const ssl = hs->ssl;
3322
+ if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
3323
+ Array<uint8_t> msg;
3324
+ if (!tls13_get_cert_verify_signature_input(hs, &msg,
3325
+ ssl_cert_verify_channel_id)) {
3326
+ return 0;
3327
+ }
3328
+ SHA256(msg.data(), msg.size(), out);
3329
+ *out_len = SHA256_DIGEST_LENGTH;
3330
+ return 1;
3331
+ }
3332
+
3333
+ SHA256_CTX ctx;
3334
+
3335
+ SHA256_Init(&ctx);
3336
+ static const char kClientIDMagic[] = "TLS Channel ID signature";
3337
+ SHA256_Update(&ctx, kClientIDMagic, sizeof(kClientIDMagic));
3338
+
3339
+ if (ssl->session != NULL) {
3340
+ static const char kResumptionMagic[] = "Resumption";
3341
+ SHA256_Update(&ctx, kResumptionMagic, sizeof(kResumptionMagic));
3342
+ if (ssl->session->original_handshake_hash_len == 0) {
3343
+ OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
3344
+ return 0;
3345
+ }
3346
+ SHA256_Update(&ctx, ssl->session->original_handshake_hash,
3347
+ ssl->session->original_handshake_hash_len);
3348
+ }
3349
+
3350
+ uint8_t hs_hash[EVP_MAX_MD_SIZE];
3351
+ size_t hs_hash_len;
3352
+ if (!hs->transcript.GetHash(hs_hash, &hs_hash_len)) {
3353
+ return 0;
3354
+ }
3355
+ SHA256_Update(&ctx, hs_hash, (size_t)hs_hash_len);
3356
+ SHA256_Final(out, &ctx);
3357
+ *out_len = SHA256_DIGEST_LENGTH;
3358
+ return 1;
3359
+ }
3360
+
3361
+ // tls1_record_handshake_hashes_for_channel_id records the current handshake
3362
+ // hashes in |hs->new_session| so that Channel ID resumptions can sign that
3363
+ // data.
3364
+ int tls1_record_handshake_hashes_for_channel_id(SSL_HANDSHAKE *hs) {
3365
+ SSL *const ssl = hs->ssl;
3366
+ // This function should never be called for a resumed session because the
3367
+ // handshake hashes that we wish to record are for the original, full
3368
+ // handshake.
3369
+ if (ssl->session != NULL) {
3370
+ return 0;
3371
+ }
3372
+
3373
+ static_assert(
3374
+ sizeof(hs->new_session->original_handshake_hash) == EVP_MAX_MD_SIZE,
3375
+ "original_handshake_hash is too small");
3376
+
3377
+ size_t digest_len;
3378
+ if (!hs->transcript.GetHash(hs->new_session->original_handshake_hash,
3379
+ &digest_len)) {
3380
+ return 0;
3381
+ }
3382
+
3383
+ static_assert(EVP_MAX_MD_SIZE <= 0xff,
3384
+ "EVP_MAX_MD_SIZE does not fit in uint8_t");
3385
+ hs->new_session->original_handshake_hash_len = (uint8_t)digest_len;
3386
+
3387
+ return 1;
3388
+ }
3389
+
3390
+ int ssl_do_channel_id_callback(SSL *ssl) {
3391
+ if (ssl->tlsext_channel_id_private != NULL ||
3392
+ ssl->ctx->channel_id_cb == NULL) {
3393
+ return 1;
3394
+ }
3395
+
3396
+ EVP_PKEY *key = NULL;
3397
+ ssl->ctx->channel_id_cb(ssl, &key);
3398
+ if (key == NULL) {
3399
+ // The caller should try again later.
3400
+ return 1;
3401
+ }
3402
+
3403
+ int ret = SSL_set1_tls_channel_id(ssl, key);
3404
+ EVP_PKEY_free(key);
3405
+ return ret;
3406
+ }
3407
+
3408
+ int ssl_is_sct_list_valid(const CBS *contents) {
3409
+ // Shallow parse the SCT list for sanity. By the RFC
3410
+ // (https://tools.ietf.org/html/rfc6962#section-3.3) neither the list nor any
3411
+ // of the SCTs may be empty.
3412
+ CBS copy = *contents;
3413
+ CBS sct_list;
3414
+ if (!CBS_get_u16_length_prefixed(&copy, &sct_list) ||
3415
+ CBS_len(&copy) != 0 ||
3416
+ CBS_len(&sct_list) == 0) {
3417
+ return 0;
3418
+ }
3419
+
3420
+ while (CBS_len(&sct_list) > 0) {
3421
+ CBS sct;
3422
+ if (!CBS_get_u16_length_prefixed(&sct_list, &sct) ||
3423
+ CBS_len(&sct) == 0) {
3424
+ return 0;
3425
+ }
3426
+ }
3427
+
3428
+ return 1;
3429
+ }
3430
+
3431
+ } // namespace bssl
3432
+
3433
+ using namespace bssl;
3434
+
3435
+ int SSL_early_callback_ctx_extension_get(const SSL_CLIENT_HELLO *client_hello,
3436
+ uint16_t extension_type,
3437
+ const uint8_t **out_data,
3438
+ size_t *out_len) {
3439
+ CBS cbs;
3440
+ if (!ssl_client_hello_get_extension(client_hello, &cbs, extension_type)) {
3441
+ return 0;
3442
+ }
3443
+
3444
+ *out_data = CBS_data(&cbs);
3445
+ *out_len = CBS_len(&cbs);
3446
+ return 1;
3447
+ }
3448
+
3449
+ void SSL_CTX_set_ed25519_enabled(SSL_CTX *ctx, int enabled) {
3450
+ ctx->ed25519_enabled = !!enabled;
3451
+ }
3452
+
3453
+ int SSL_extension_supported(unsigned extension_value) {
3454
+ uint32_t index;
3455
+ return extension_value == TLSEXT_TYPE_padding ||
3456
+ tls_extension_find(&index, extension_value) != NULL;
3457
+ }