grpc 1.15.0 → 1.30.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of grpc might be problematic. Click here for more details.

Files changed (1780) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +8591 -13387
  3. data/etc/roots.pem +455 -130
  4. data/include/grpc/grpc.h +39 -9
  5. data/include/grpc/grpc_posix.h +0 -8
  6. data/include/grpc/grpc_security.h +409 -14
  7. data/include/grpc/grpc_security_constants.h +55 -22
  8. data/include/grpc/impl/codegen/atm_gcc_sync.h +2 -0
  9. data/include/grpc/impl/codegen/atm_windows.h +2 -0
  10. data/include/grpc/impl/codegen/byte_buffer.h +13 -0
  11. data/include/grpc/impl/codegen/compression_types.h +2 -1
  12. data/include/grpc/impl/codegen/gpr_types.h +1 -1
  13. data/include/grpc/impl/codegen/grpc_types.h +111 -16
  14. data/include/grpc/impl/codegen/port_platform.h +171 -9
  15. data/include/grpc/impl/codegen/slice.h +2 -22
  16. data/include/grpc/impl/codegen/status.h +2 -1
  17. data/include/grpc/impl/codegen/sync.h +5 -3
  18. data/include/grpc/impl/codegen/sync_abseil.h +36 -0
  19. data/include/grpc/impl/codegen/sync_generic.h +1 -1
  20. data/include/grpc/impl/codegen/sync_posix.h +18 -0
  21. data/include/grpc/module.modulemap +25 -37
  22. data/include/grpc/slice.h +3 -3
  23. data/include/grpc/support/alloc.h +0 -16
  24. data/include/grpc/support/sync_abseil.h +26 -0
  25. data/src/core/ext/filters/client_channel/backend_metric.cc +81 -0
  26. data/src/core/ext/filters/client_channel/backend_metric.h +36 -0
  27. data/src/core/ext/filters/client_channel/backup_poller.cc +26 -19
  28. data/src/core/ext/filters/client_channel/backup_poller.h +8 -2
  29. data/src/core/ext/filters/client_channel/channel_connectivity.cc +21 -5
  30. data/src/core/ext/filters/client_channel/client_channel.cc +2888 -2206
  31. data/src/core/ext/filters/client_channel/client_channel.h +26 -6
  32. data/src/core/ext/filters/client_channel/client_channel_channelz.cc +54 -72
  33. data/src/core/ext/filters/client_channel/client_channel_channelz.h +33 -26
  34. data/src/core/ext/filters/client_channel/client_channel_factory.cc +22 -34
  35. data/src/core/ext/filters/client_channel/client_channel_factory.h +12 -39
  36. data/src/core/ext/filters/client_channel/client_channel_plugin.cc +13 -14
  37. data/src/core/ext/filters/client_channel/connector.h +43 -37
  38. data/src/core/ext/filters/client_channel/global_subchannel_pool.cc +179 -0
  39. data/src/core/ext/filters/client_channel/global_subchannel_pool.h +68 -0
  40. data/src/core/ext/filters/client_channel/health/health_check_client.cc +606 -0
  41. data/src/core/ext/filters/client_channel/health/health_check_client.h +175 -0
  42. data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +177 -158
  43. data/src/core/ext/filters/client_channel/http_connect_handshaker.h +1 -1
  44. data/src/core/ext/filters/client_channel/http_proxy.cc +125 -121
  45. data/src/core/ext/filters/client_channel/http_proxy.h +5 -1
  46. data/src/core/ext/filters/client_channel/lb_policy.cc +105 -26
  47. data/src/core/ext/filters/client_channel/lb_policy.h +352 -152
  48. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +83 -0
  49. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +99 -0
  50. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +297 -0
  51. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.h +83 -0
  52. data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +64 -47
  53. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +1010 -1155
  54. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.h +7 -0
  55. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +89 -0
  56. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.h +40 -0
  57. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +12 -3
  58. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +53 -40
  59. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +10 -5
  60. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +19 -16
  61. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +157 -271
  62. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +43 -59
  63. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +235 -384
  64. data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +871 -0
  65. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +174 -409
  66. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +157 -285
  67. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +734 -0
  68. data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +417 -0
  69. data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +938 -0
  70. data/src/core/ext/filters/client_channel/lb_policy/xds/lrs.cc +528 -0
  71. data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +32 -0
  72. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +834 -0
  73. data/src/core/ext/filters/client_channel/lb_policy_factory.h +7 -91
  74. data/src/core/ext/filters/client_channel/lb_policy_registry.cc +93 -8
  75. data/src/core/ext/filters/client_channel/lb_policy_registry.h +13 -2
  76. data/src/core/ext/filters/client_channel/local_subchannel_pool.cc +96 -0
  77. data/src/core/ext/filters/client_channel/local_subchannel_pool.h +57 -0
  78. data/src/core/ext/filters/client_channel/parse_address.cc +76 -30
  79. data/src/core/ext/filters/client_channel/parse_address.h +4 -1
  80. data/src/core/ext/filters/client_channel/proxy_mapper.h +14 -34
  81. data/src/core/ext/filters/client_channel/proxy_mapper_registry.cc +46 -79
  82. data/src/core/ext/filters/client_channel/proxy_mapper_registry.h +23 -17
  83. data/src/core/ext/filters/client_channel/resolver.cc +55 -5
  84. data/src/core/ext/filters/client_channel/resolver.h +61 -61
  85. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +251 -226
  86. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +200 -36
  87. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +18 -20
  88. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +177 -0
  89. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +8 -7
  90. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +491 -131
  91. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +434 -233
  92. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +20 -12
  93. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +15 -7
  94. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_libuv.cc +38 -0
  95. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_windows.cc +7 -2
  96. data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.cc +28 -0
  97. data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.h +29 -0
  98. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +92 -131
  99. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +220 -134
  100. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +27 -17
  101. data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +73 -99
  102. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +184 -0
  103. data/src/core/ext/filters/client_channel/resolver_factory.h +13 -11
  104. data/src/core/ext/filters/client_channel/resolver_registry.cc +33 -14
  105. data/src/core/ext/filters/client_channel/resolver_registry.h +19 -13
  106. data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +443 -0
  107. data/src/core/ext/filters/client_channel/resolver_result_parsing.h +127 -0
  108. data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +348 -0
  109. data/src/core/ext/filters/client_channel/resolving_lb_policy.h +123 -0
  110. data/src/core/ext/filters/client_channel/retry_throttle.cc +5 -5
  111. data/src/core/ext/filters/client_channel/retry_throttle.h +2 -6
  112. data/src/core/ext/filters/client_channel/server_address.cc +48 -0
  113. data/src/core/ext/filters/client_channel/server_address.h +90 -0
  114. data/src/core/ext/filters/client_channel/service_config.cc +221 -0
  115. data/src/core/ext/filters/client_channel/service_config.h +123 -0
  116. data/src/core/ext/filters/client_channel/service_config_call_data.h +68 -0
  117. data/src/core/ext/filters/client_channel/service_config_parser.cc +87 -0
  118. data/src/core/ext/filters/client_channel/service_config_parser.h +89 -0
  119. data/src/core/ext/filters/client_channel/subchannel.cc +903 -634
  120. data/src/core/ext/filters/client_channel/subchannel.h +364 -131
  121. data/src/core/ext/filters/client_channel/subchannel_interface.h +94 -0
  122. data/src/core/ext/filters/client_channel/subchannel_pool_interface.cc +97 -0
  123. data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +91 -0
  124. data/src/core/ext/filters/client_channel/xds/xds_api.cc +1906 -0
  125. data/src/core/ext/filters/client_channel/xds/xds_api.h +280 -0
  126. data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +342 -0
  127. data/src/core/ext/filters/client_channel/xds/xds_bootstrap.h +88 -0
  128. data/src/core/ext/filters/client_channel/xds/xds_channel.h +46 -0
  129. data/src/core/ext/filters/client_channel/xds/xds_channel_args.h +26 -0
  130. data/src/core/ext/filters/client_channel/xds/xds_channel_secure.cc +106 -0
  131. data/src/core/ext/filters/client_channel/xds/xds_client.cc +2367 -0
  132. data/src/core/ext/filters/client_channel/xds/xds_client.h +309 -0
  133. data/src/core/ext/filters/client_channel/xds/xds_client_stats.cc +115 -0
  134. data/src/core/ext/filters/client_channel/xds/xds_client_stats.h +211 -0
  135. data/src/core/ext/filters/client_idle/client_idle_filter.cc +440 -0
  136. data/src/core/ext/filters/deadline/deadline_filter.cc +49 -52
  137. data/src/core/ext/filters/deadline/deadline_filter.h +11 -14
  138. data/src/core/ext/filters/http/client/http_client_filter.cc +122 -85
  139. data/src/core/ext/filters/http/client/http_client_filter.h +1 -1
  140. data/src/core/ext/filters/http/client_authority_filter.cc +26 -24
  141. data/src/core/ext/filters/http/http_filters_plugin.cc +27 -12
  142. data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +342 -295
  143. data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +358 -0
  144. data/src/core/ext/filters/http/message_compress/message_decompress_filter.h +29 -0
  145. data/src/core/ext/filters/http/server/http_server_filter.cc +156 -54
  146. data/src/core/ext/filters/max_age/max_age_filter.cc +76 -63
  147. data/src/core/ext/filters/message_size/message_size_filter.cc +218 -119
  148. data/src/core/ext/filters/message_size/message_size_filter.h +33 -0
  149. data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +19 -17
  150. data/src/core/ext/transport/chttp2/alpn/alpn.h +1 -1
  151. data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +141 -164
  152. data/src/core/ext/transport/chttp2/client/chttp2_connector.h +31 -1
  153. data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +36 -34
  154. data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +1 -1
  155. data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +133 -138
  156. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +128 -30
  157. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +2 -2
  158. data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +8 -11
  159. data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +4 -4
  160. data/src/core/ext/transport/chttp2/transport/bin_decoder.h +4 -4
  161. data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +11 -12
  162. data/src/core/ext/transport/chttp2/transport/bin_encoder.h +4 -3
  163. data/src/core/ext/transport/chttp2/transport/chttp2_plugin.cc +9 -7
  164. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +911 -716
  165. data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +8 -1
  166. data/src/core/ext/transport/chttp2/transport/context_list.cc +69 -0
  167. data/src/core/ext/transport/chttp2/transport/context_list.h +53 -0
  168. data/src/core/ext/transport/chttp2/transport/flow_control.cc +5 -5
  169. data/src/core/ext/transport/chttp2/transport/flow_control.h +22 -30
  170. data/src/core/ext/transport/chttp2/transport/frame_data.cc +47 -54
  171. data/src/core/ext/transport/chttp2/transport/frame_data.h +11 -13
  172. data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +9 -8
  173. data/src/core/ext/transport/chttp2/transport/frame_goaway.h +5 -5
  174. data/src/core/ext/transport/chttp2/transport/frame_ping.cc +7 -5
  175. data/src/core/ext/transport/chttp2/transport/frame_ping.h +3 -4
  176. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +17 -7
  177. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +11 -4
  178. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +11 -7
  179. data/src/core/ext/transport/chttp2/transport/frame_settings.h +4 -4
  180. data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +7 -6
  181. data/src/core/ext/transport/chttp2/transport/frame_window_update.h +3 -4
  182. data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +548 -351
  183. data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +26 -15
  184. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +201 -120
  185. data/src/core/ext/transport/chttp2/transport/hpack_parser.h +14 -6
  186. data/src/core/ext/transport/chttp2/transport/hpack_table.cc +47 -169
  187. data/src/core/ext/transport/chttp2/transport/hpack_table.h +70 -17
  188. data/src/core/ext/transport/chttp2/transport/http2_settings.h +4 -5
  189. data/src/core/ext/transport/chttp2/transport/huffsyms.h +2 -3
  190. data/src/core/ext/transport/chttp2/transport/incoming_metadata.cc +10 -17
  191. data/src/core/ext/transport/chttp2/transport/incoming_metadata.h +19 -10
  192. data/src/core/ext/transport/chttp2/transport/internal.h +226 -161
  193. data/src/core/ext/transport/chttp2/transport/parsing.cc +166 -110
  194. data/src/core/ext/transport/chttp2/transport/stream_lists.cc +3 -3
  195. data/src/core/ext/transport/chttp2/transport/stream_map.cc +28 -18
  196. data/src/core/ext/transport/chttp2/transport/stream_map.h +2 -3
  197. data/src/core/ext/transport/chttp2/transport/writing.cc +95 -35
  198. data/src/core/ext/transport/inproc/inproc_transport.cc +406 -388
  199. data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.c +17 -0
  200. data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +30 -0
  201. data/src/core/ext/upb-generated/envoy/annotations/resource.upb.c +27 -0
  202. data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +54 -0
  203. data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.c +21 -0
  204. data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.h +35 -0
  205. data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.c +114 -0
  206. data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.h +418 -0
  207. data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.c +72 -0
  208. data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.h +197 -0
  209. data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.c +105 -0
  210. data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.h +378 -0
  211. data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.c +28 -0
  212. data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.h +53 -0
  213. data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.c +403 -0
  214. data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.h +1447 -0
  215. data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.c +74 -0
  216. data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.h +218 -0
  217. data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.c +35 -0
  218. data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.h +69 -0
  219. data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.c +55 -0
  220. data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.h +305 -0
  221. data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.c +112 -0
  222. data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.h +328 -0
  223. data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.c +35 -0
  224. data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.h +78 -0
  225. data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.c +313 -0
  226. data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.h +897 -0
  227. data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.c +96 -0
  228. data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.h +322 -0
  229. data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.c +34 -0
  230. data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.h +72 -0
  231. data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.c +197 -0
  232. data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.h +642 -0
  233. data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.c +172 -0
  234. data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.h +673 -0
  235. data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.c +36 -0
  236. data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.h +80 -0
  237. data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.c +152 -0
  238. data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.h +518 -0
  239. data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.c +34 -0
  240. data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.h +89 -0
  241. data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.c +129 -0
  242. data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.h +392 -0
  243. data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.c +31 -0
  244. data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.h +53 -0
  245. data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.c +92 -0
  246. data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.h +240 -0
  247. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.c +18 -0
  248. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.h +33 -0
  249. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.c +91 -0
  250. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.h +266 -0
  251. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.c +112 -0
  252. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.h +324 -0
  253. data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.c +31 -0
  254. data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.h +53 -0
  255. data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.c +109 -0
  256. data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.h +399 -0
  257. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.c +18 -0
  258. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.h +33 -0
  259. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.c +145 -0
  260. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.h +527 -0
  261. data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.c +43 -0
  262. data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.h +112 -0
  263. data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.c +30 -0
  264. data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.h +53 -0
  265. data/src/core/ext/upb-generated/envoy/api/v2/route.upb.c +63 -0
  266. data/src/core/ext/upb-generated/envoy/api/v2/route.upb.h +199 -0
  267. data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.c +18 -0
  268. data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.h +33 -0
  269. data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.c +815 -0
  270. data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.h +3032 -0
  271. data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.c +59 -0
  272. data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.h +134 -0
  273. data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.c +28 -0
  274. data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.h +53 -0
  275. data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.c +228 -0
  276. data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.h +725 -0
  277. data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.c +316 -0
  278. data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.h +1132 -0
  279. data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.c +33 -0
  280. data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.h +65 -0
  281. data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.c +51 -0
  282. data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.h +125 -0
  283. data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.c +24 -0
  284. data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.h +50 -0
  285. data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.c +54 -0
  286. data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.h +134 -0
  287. data/src/core/ext/upb-generated/envoy/type/http.upb.c +17 -0
  288. data/src/core/ext/upb-generated/envoy/type/http.upb.h +36 -0
  289. data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.c +63 -0
  290. data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.h +144 -0
  291. data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.c +53 -0
  292. data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.h +133 -0
  293. data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.c +88 -0
  294. data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.h +258 -0
  295. data/src/core/ext/upb-generated/envoy/type/percent.upb.c +39 -0
  296. data/src/core/ext/upb-generated/envoy/type/percent.upb.h +87 -0
  297. data/src/core/ext/upb-generated/envoy/type/range.upb.c +50 -0
  298. data/src/core/ext/upb-generated/envoy/type/range.upb.h +112 -0
  299. data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.c +29 -0
  300. data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.h +62 -0
  301. data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.c +89 -0
  302. data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.h +249 -0
  303. data/src/core/ext/upb-generated/gogoproto/gogo.upb.c +17 -0
  304. data/src/core/ext/upb-generated/gogoproto/gogo.upb.h +30 -0
  305. data/src/core/ext/upb-generated/google/api/annotations.upb.c +18 -0
  306. data/src/core/ext/upb-generated/google/api/annotations.upb.h +30 -0
  307. data/src/core/ext/upb-generated/google/api/http.upb.c +66 -0
  308. data/src/core/ext/upb-generated/google/api/http.upb.h +190 -0
  309. data/src/core/ext/upb-generated/google/protobuf/any.upb.c +27 -0
  310. data/src/core/ext/upb-generated/google/protobuf/any.upb.h +58 -0
  311. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +486 -0
  312. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +1696 -0
  313. data/src/core/ext/upb-generated/google/protobuf/duration.upb.c +27 -0
  314. data/src/core/ext/upb-generated/google/protobuf/duration.upb.h +58 -0
  315. data/src/core/ext/upb-generated/google/protobuf/empty.upb.c +22 -0
  316. data/src/core/ext/upb-generated/google/protobuf/empty.upb.h +50 -0
  317. data/src/core/ext/upb-generated/google/protobuf/struct.upb.c +79 -0
  318. data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +215 -0
  319. data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.c +27 -0
  320. data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.h +58 -0
  321. data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.c +106 -0
  322. data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.h +238 -0
  323. data/src/core/ext/upb-generated/google/rpc/status.upb.c +33 -0
  324. data/src/core/ext/upb-generated/google/rpc/status.upb.h +74 -0
  325. data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.c +49 -0
  326. data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.h +126 -0
  327. data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +212 -0
  328. data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +693 -0
  329. data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.c +42 -0
  330. data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.h +109 -0
  331. data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.c +36 -0
  332. data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.h +84 -0
  333. data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.c +141 -0
  334. data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +393 -0
  335. data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.c +48 -0
  336. data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +104 -0
  337. data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.c +17 -0
  338. data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +30 -0
  339. data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +28 -0
  340. data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +65 -0
  341. data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.c +58 -0
  342. data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h +144 -0
  343. data/src/core/ext/upb-generated/validate/validate.upb.c +448 -0
  344. data/src/core/ext/upb-generated/validate/validate.upb.h +2073 -0
  345. data/src/core/lib/avl/avl.cc +1 -1
  346. data/src/core/lib/channel/channel_args.cc +54 -115
  347. data/src/core/lib/channel/channel_args.h +44 -40
  348. data/src/core/lib/channel/channel_stack.cc +6 -5
  349. data/src/core/lib/channel/channel_stack.h +52 -28
  350. data/src/core/lib/channel/channel_stack_builder.cc +14 -2
  351. data/src/core/lib/channel/channel_stack_builder.h +8 -0
  352. data/src/core/lib/channel/channel_trace.cc +75 -85
  353. data/src/core/lib/channel/channel_trace.h +37 -32
  354. data/src/core/lib/channel/channelz.cc +496 -106
  355. data/src/core/lib/channel/channelz.h +262 -61
  356. data/src/core/lib/channel/channelz_registry.cc +191 -69
  357. data/src/core/lib/channel/channelz_registry.h +30 -53
  358. data/src/core/lib/channel/connected_channel.cc +30 -27
  359. data/src/core/lib/channel/context.h +6 -6
  360. data/src/core/lib/channel/handshaker.cc +150 -218
  361. data/src/core/lib/channel/handshaker.h +111 -102
  362. data/src/core/lib/channel/handshaker_factory.h +9 -17
  363. data/src/core/lib/channel/handshaker_registry.cc +57 -49
  364. data/src/core/lib/channel/handshaker_registry.h +21 -15
  365. data/src/core/lib/channel/status_util.cc +2 -3
  366. data/src/core/lib/compression/algorithm_metadata.h +3 -3
  367. data/src/core/lib/compression/compression.cc +17 -12
  368. data/src/core/lib/compression/compression_args.cc +134 -0
  369. data/src/core/lib/compression/compression_args.h +56 -0
  370. data/src/core/lib/compression/compression_internal.cc +17 -13
  371. data/src/core/lib/compression/compression_internal.h +9 -1
  372. data/src/core/lib/compression/message_compress.cc +8 -3
  373. data/src/core/lib/compression/stream_compression.cc +3 -2
  374. data/src/core/lib/compression/stream_compression.h +2 -2
  375. data/src/core/lib/compression/stream_compression_gzip.cc +9 -9
  376. data/src/core/lib/compression/stream_compression_identity.cc +5 -7
  377. data/src/core/lib/debug/stats.cc +21 -27
  378. data/src/core/lib/debug/stats.h +3 -1
  379. data/src/core/lib/debug/trace.cc +16 -7
  380. data/src/core/lib/debug/trace.h +20 -4
  381. data/src/core/lib/gpr/alloc.cc +4 -29
  382. data/src/core/lib/gpr/arena.h +13 -7
  383. data/src/core/lib/gpr/cpu_linux.cc +1 -1
  384. data/src/core/lib/gpr/cpu_posix.cc +5 -3
  385. data/src/core/lib/gpr/env.h +3 -6
  386. data/src/core/lib/gpr/env_linux.cc +15 -21
  387. data/src/core/lib/gpr/env_posix.cc +5 -5
  388. data/src/core/lib/gpr/env_windows.cc +7 -5
  389. data/src/core/lib/gpr/log.cc +9 -13
  390. data/src/core/lib/gpr/log_linux.cc +2 -2
  391. data/src/core/lib/gpr/log_posix.cc +4 -3
  392. data/src/core/lib/gpr/spinlock.h +2 -3
  393. data/src/core/lib/gpr/string.cc +29 -35
  394. data/src/core/lib/gpr/string.h +11 -19
  395. data/src/core/lib/gpr/sync_abseil.cc +116 -0
  396. data/src/core/lib/gpr/sync_posix.cc +78 -9
  397. data/src/core/lib/gpr/sync_windows.cc +4 -2
  398. data/src/core/lib/gpr/time.cc +12 -0
  399. data/src/core/lib/gpr/time_posix.cc +22 -3
  400. data/src/core/lib/gpr/time_precise.cc +123 -36
  401. data/src/core/lib/gpr/time_precise.h +37 -0
  402. data/src/core/lib/gprpp/arena.cc +103 -0
  403. data/src/core/lib/gprpp/arena.h +120 -0
  404. data/src/core/lib/gprpp/atomic.h +79 -5
  405. data/src/core/lib/gprpp/debug_location.h +3 -2
  406. data/src/core/lib/gprpp/fork.cc +30 -56
  407. data/src/core/lib/gprpp/fork.h +18 -3
  408. data/src/core/lib/gprpp/global_config.h +96 -0
  409. data/src/core/lib/gprpp/global_config_custom.h +29 -0
  410. data/src/core/lib/gprpp/global_config_env.cc +135 -0
  411. data/src/core/lib/gprpp/global_config_env.h +131 -0
  412. data/src/core/lib/gprpp/global_config_generic.h +44 -0
  413. data/src/core/lib/gprpp/host_port.cc +112 -0
  414. data/src/core/lib/gprpp/host_port.h +56 -0
  415. data/src/core/lib/gprpp/map.h +53 -0
  416. data/src/core/lib/gprpp/memory.h +11 -83
  417. data/src/core/lib/gprpp/mpscq.cc +108 -0
  418. data/src/core/lib/gprpp/mpscq.h +98 -0
  419. data/src/core/lib/gprpp/orphanable.h +27 -95
  420. data/src/core/lib/gprpp/ref_counted.h +228 -83
  421. data/src/core/lib/gprpp/ref_counted_ptr.h +39 -16
  422. data/src/core/lib/gprpp/sync.h +135 -0
  423. data/src/core/lib/gprpp/thd.h +54 -12
  424. data/src/core/lib/gprpp/thd_posix.cc +57 -13
  425. data/src/core/lib/gprpp/thd_windows.cc +54 -33
  426. data/src/core/lib/http/format_request.cc +46 -65
  427. data/src/core/lib/http/httpcli.cc +11 -11
  428. data/src/core/lib/http/httpcli.h +2 -3
  429. data/src/core/lib/http/httpcli_security_connector.cc +121 -107
  430. data/src/core/lib/http/parser.cc +4 -3
  431. data/src/core/lib/http/parser.h +9 -9
  432. data/src/core/lib/iomgr/buffer_list.cc +308 -0
  433. data/src/core/lib/iomgr/buffer_list.h +165 -0
  434. data/src/core/lib/iomgr/call_combiner.cc +113 -69
  435. data/src/core/lib/iomgr/call_combiner.h +96 -74
  436. data/src/core/lib/iomgr/cfstream_handle.cc +209 -0
  437. data/src/core/lib/iomgr/cfstream_handle.h +90 -0
  438. data/src/core/lib/iomgr/closure.h +44 -141
  439. data/src/core/lib/iomgr/combiner.cc +50 -86
  440. data/src/core/lib/iomgr/combiner.h +31 -9
  441. data/src/core/lib/iomgr/dualstack_socket_posix.cc +47 -0
  442. data/src/core/lib/iomgr/dynamic_annotations.h +67 -0
  443. data/src/core/lib/iomgr/endpoint.cc +8 -4
  444. data/src/core/lib/iomgr/endpoint.h +12 -4
  445. data/src/core/lib/iomgr/endpoint_cfstream.cc +376 -0
  446. data/src/core/lib/iomgr/endpoint_cfstream.h +49 -0
  447. data/src/core/lib/iomgr/endpoint_pair.h +2 -3
  448. data/src/core/lib/iomgr/endpoint_pair_posix.cc +1 -1
  449. data/src/core/lib/iomgr/endpoint_pair_windows.cc +2 -2
  450. data/src/core/lib/iomgr/error.cc +71 -64
  451. data/src/core/lib/iomgr/error.h +74 -10
  452. data/src/core/lib/iomgr/error_cfstream.cc +52 -0
  453. data/src/core/lib/iomgr/error_cfstream.h +31 -0
  454. data/src/core/lib/iomgr/error_internal.h +1 -3
  455. data/src/core/lib/iomgr/ev_apple.cc +356 -0
  456. data/src/core/lib/iomgr/ev_apple.h +43 -0
  457. data/src/core/lib/iomgr/ev_epoll1_linux.cc +99 -69
  458. data/src/core/lib/iomgr/ev_epollex_linux.cc +238 -259
  459. data/src/core/lib/iomgr/ev_poll_posix.cc +52 -504
  460. data/src/core/lib/iomgr/ev_posix.cc +54 -31
  461. data/src/core/lib/iomgr/ev_posix.h +29 -3
  462. data/src/core/lib/iomgr/ev_windows.cc +2 -2
  463. data/src/core/lib/iomgr/exec_ctx.cc +79 -8
  464. data/src/core/lib/iomgr/exec_ctx.h +163 -21
  465. data/src/core/lib/iomgr/executor.cc +137 -101
  466. data/src/core/lib/iomgr/executor.h +54 -48
  467. data/src/core/lib/iomgr/executor/mpmcqueue.cc +183 -0
  468. data/src/core/lib/iomgr/executor/mpmcqueue.h +175 -0
  469. data/src/core/lib/iomgr/executor/threadpool.cc +137 -0
  470. data/src/core/lib/iomgr/executor/threadpool.h +149 -0
  471. data/src/core/lib/iomgr/fork_posix.cc +15 -8
  472. data/src/core/lib/iomgr/grpc_if_nametoindex.h +30 -0
  473. data/src/core/lib/iomgr/grpc_if_nametoindex_posix.cc +42 -0
  474. data/src/core/lib/iomgr/grpc_if_nametoindex_unsupported.cc +38 -0
  475. data/src/core/lib/iomgr/internal_errqueue.cc +67 -0
  476. data/src/core/lib/iomgr/internal_errqueue.h +191 -0
  477. data/src/core/lib/iomgr/iocp_windows.cc +2 -2
  478. data/src/core/lib/iomgr/iomgr.cc +27 -13
  479. data/src/core/lib/iomgr/iomgr.h +19 -0
  480. data/src/core/lib/iomgr/iomgr_custom.cc +18 -2
  481. data/src/core/lib/iomgr/iomgr_custom.h +2 -0
  482. data/src/core/lib/iomgr/iomgr_internal.cc +14 -0
  483. data/src/core/lib/iomgr/iomgr_internal.h +16 -0
  484. data/src/core/lib/iomgr/iomgr_posix.cc +23 -1
  485. data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +171 -0
  486. data/src/core/lib/iomgr/iomgr_uv.cc +3 -0
  487. data/src/core/lib/iomgr/iomgr_windows.cc +20 -1
  488. data/src/core/lib/iomgr/load_file.cc +1 -0
  489. data/src/core/lib/iomgr/lockfree_event.cc +16 -15
  490. data/src/core/lib/iomgr/poller/eventmanager_libuv.cc +87 -0
  491. data/src/core/lib/iomgr/poller/eventmanager_libuv.h +88 -0
  492. data/src/core/lib/iomgr/polling_entity.h +4 -4
  493. data/src/core/lib/iomgr/pollset_custom.cc +5 -5
  494. data/src/core/lib/iomgr/pollset_set_custom.cc +10 -10
  495. data/src/core/lib/iomgr/pollset_uv.h +32 -0
  496. data/src/core/lib/iomgr/pollset_windows.cc +16 -2
  497. data/src/core/lib/iomgr/port.h +49 -2
  498. data/src/core/lib/iomgr/python_util.h +46 -0
  499. data/src/core/lib/iomgr/resolve_address.h +5 -7
  500. data/src/core/lib/iomgr/resolve_address_custom.cc +36 -50
  501. data/src/core/lib/iomgr/resolve_address_custom.h +4 -2
  502. data/src/core/lib/iomgr/resolve_address_posix.cc +22 -25
  503. data/src/core/lib/iomgr/resolve_address_windows.cc +14 -26
  504. data/src/core/lib/iomgr/resource_quota.cc +175 -110
  505. data/src/core/lib/iomgr/resource_quota.h +30 -11
  506. data/src/core/lib/iomgr/sockaddr_utils.cc +26 -31
  507. data/src/core/lib/iomgr/sockaddr_utils.h +9 -14
  508. data/src/core/lib/iomgr/socket_factory_posix.h +2 -3
  509. data/src/core/lib/iomgr/socket_mutator.h +2 -3
  510. data/src/core/lib/iomgr/socket_utils_common_posix.cc +145 -27
  511. data/src/core/lib/iomgr/socket_utils_posix.h +26 -0
  512. data/src/core/lib/iomgr/socket_windows.cc +21 -2
  513. data/src/core/lib/iomgr/socket_windows.h +9 -1
  514. data/src/core/lib/iomgr/tcp_client_cfstream.cc +215 -0
  515. data/src/core/lib/iomgr/tcp_client_custom.cc +19 -7
  516. data/src/core/lib/iomgr/tcp_client_posix.cc +40 -38
  517. data/src/core/lib/iomgr/tcp_client_posix.h +6 -6
  518. data/src/core/lib/iomgr/tcp_client_windows.cc +11 -10
  519. data/src/core/lib/iomgr/tcp_custom.cc +37 -32
  520. data/src/core/lib/iomgr/tcp_custom.h +3 -0
  521. data/src/core/lib/iomgr/tcp_posix.cc +1196 -168
  522. data/src/core/lib/iomgr/tcp_posix.h +3 -0
  523. data/src/core/lib/iomgr/tcp_server.cc +5 -0
  524. data/src/core/lib/iomgr/tcp_server.h +21 -0
  525. data/src/core/lib/iomgr/tcp_server_custom.cc +43 -30
  526. data/src/core/lib/iomgr/tcp_server_posix.cc +97 -21
  527. data/src/core/lib/iomgr/tcp_server_utils_posix.h +3 -0
  528. data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +19 -16
  529. data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +8 -11
  530. data/src/core/lib/iomgr/tcp_server_windows.cc +19 -15
  531. data/src/core/lib/iomgr/tcp_uv.cc +8 -9
  532. data/src/core/lib/iomgr/tcp_windows.cc +110 -48
  533. data/src/core/lib/iomgr/time_averaged_stats.h +2 -3
  534. data/src/core/lib/iomgr/timer.h +2 -1
  535. data/src/core/lib/iomgr/timer_custom.cc +7 -5
  536. data/src/core/lib/iomgr/timer_generic.cc +42 -40
  537. data/src/core/lib/iomgr/timer_generic.h +39 -0
  538. data/src/core/lib/iomgr/timer_heap.cc +2 -2
  539. data/src/core/lib/iomgr/timer_heap.h +5 -6
  540. data/src/core/lib/iomgr/timer_manager.cc +34 -16
  541. data/src/core/lib/iomgr/timer_manager.h +4 -2
  542. data/src/core/lib/iomgr/udp_server.cc +31 -30
  543. data/src/core/lib/iomgr/udp_server.h +6 -12
  544. data/src/core/lib/iomgr/wakeup_fd_eventfd.cc +3 -4
  545. data/src/core/lib/iomgr/wakeup_fd_posix.cc +1 -19
  546. data/src/core/lib/iomgr/work_serializer.cc +155 -0
  547. data/src/core/lib/iomgr/work_serializer.h +65 -0
  548. data/src/core/lib/json/json.h +209 -68
  549. data/src/core/lib/json/json_reader.cc +511 -319
  550. data/src/core/lib/json/json_writer.cc +202 -110
  551. data/src/core/lib/profiling/basic_timers.cc +12 -6
  552. data/src/core/lib/security/context/security_context.cc +92 -119
  553. data/src/core/lib/security/context/security_context.h +79 -48
  554. data/src/core/lib/security/credentials/alts/alts_credentials.cc +39 -48
  555. data/src/core/lib/security/credentials/alts/alts_credentials.h +37 -10
  556. data/src/core/lib/security/credentials/alts/check_gcp_environment.cc +1 -1
  557. data/src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc +2 -2
  558. data/src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc +45 -57
  559. data/src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc +2 -1
  560. data/src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc +3 -2
  561. data/src/core/lib/security/credentials/composite/composite_credentials.cc +119 -159
  562. data/src/core/lib/security/credentials/composite/composite_credentials.h +71 -24
  563. data/src/core/lib/security/credentials/credentials.cc +18 -142
  564. data/src/core/lib/security/credentials/credentials.h +141 -105
  565. data/src/core/lib/security/credentials/fake/fake_credentials.cc +48 -72
  566. data/src/core/lib/security/credentials/fake/fake_credentials.h +28 -5
  567. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +186 -99
  568. data/src/core/lib/security/credentials/google_default/google_default_credentials.h +32 -6
  569. data/src/core/lib/security/credentials/iam/iam_credentials.cc +33 -39
  570. data/src/core/lib/security/credentials/iam/iam_credentials.h +22 -4
  571. data/src/core/lib/security/credentials/jwt/json_token.cc +32 -58
  572. data/src/core/lib/security/credentials/jwt/json_token.h +5 -7
  573. data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +70 -88
  574. data/src/core/lib/security/credentials/jwt/jwt_credentials.h +41 -10
  575. data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +159 -170
  576. data/src/core/lib/security/credentials/jwt/jwt_verifier.h +4 -5
  577. data/src/core/lib/security/credentials/local/local_credentials.cc +21 -34
  578. data/src/core/lib/security/credentials/local/local_credentials.h +32 -11
  579. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +438 -203
  580. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +98 -33
  581. data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +89 -91
  582. data/src/core/lib/security/credentials/plugin/plugin_credentials.h +43 -17
  583. data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +84 -83
  584. data/src/core/lib/security/credentials/ssl/ssl_credentials.h +60 -15
  585. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +245 -0
  586. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +313 -0
  587. data/src/core/lib/security/credentials/tls/tls_credentials.cc +128 -0
  588. data/src/core/lib/security/credentials/tls/tls_credentials.h +62 -0
  589. data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +301 -0
  590. data/src/core/lib/security/security_connector/alts/alts_security_connector.h +76 -0
  591. data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +324 -0
  592. data/src/core/lib/security/security_connector/fake/fake_security_connector.h +45 -0
  593. data/src/core/lib/security/security_connector/load_system_roots_fallback.cc +2 -2
  594. data/src/core/lib/security/security_connector/load_system_roots_linux.cc +15 -9
  595. data/src/core/lib/security/security_connector/local/local_security_connector.cc +281 -0
  596. data/src/core/lib/security/security_connector/local/local_security_connector.h +59 -0
  597. data/src/core/lib/security/security_connector/security_connector.cc +40 -1158
  598. data/src/core/lib/security/security_connector/security_connector.h +100 -209
  599. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +439 -0
  600. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +77 -0
  601. data/src/core/lib/security/security_connector/ssl_utils.cc +563 -0
  602. data/src/core/lib/security/security_connector/ssl_utils.h +184 -0
  603. data/src/core/lib/security/security_connector/ssl_utils_config.cc +32 -0
  604. data/src/core/lib/security/security_connector/ssl_utils_config.h +30 -0
  605. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +603 -0
  606. data/src/core/lib/security/security_connector/tls/tls_security_connector.h +183 -0
  607. data/src/core/lib/security/transport/auth_filters.h +5 -2
  608. data/src/core/lib/security/transport/client_auth_filter.cc +164 -116
  609. data/src/core/lib/security/transport/secure_endpoint.cc +70 -53
  610. data/src/core/lib/security/transport/security_handshaker.cc +340 -297
  611. data/src/core/lib/security/transport/security_handshaker.h +14 -3
  612. data/src/core/lib/security/transport/server_auth_filter.cc +115 -55
  613. data/src/core/lib/security/transport/target_authority_table.h +1 -1
  614. data/src/core/lib/security/util/json_util.cc +34 -13
  615. data/src/core/lib/security/util/json_util.h +5 -3
  616. data/src/core/lib/slice/b64.cc +3 -4
  617. data/src/core/lib/slice/b64.h +3 -4
  618. data/src/core/lib/slice/percent_encoding.cc +3 -3
  619. data/src/core/lib/slice/percent_encoding.h +3 -3
  620. data/src/core/lib/slice/slice.cc +219 -153
  621. data/src/core/lib/slice/slice_buffer.cc +60 -26
  622. data/src/core/lib/slice/slice_hash_table.h +9 -15
  623. data/src/core/lib/slice/slice_intern.cc +186 -143
  624. data/src/core/lib/slice/slice_internal.h +318 -3
  625. data/src/core/lib/slice/slice_string_helpers.cc +10 -1
  626. data/src/core/lib/slice/slice_string_helpers.h +3 -1
  627. data/src/core/lib/slice/slice_utils.h +200 -0
  628. data/src/core/lib/slice/slice_weak_hash_table.h +10 -17
  629. data/src/core/lib/surface/api_trace.h +1 -1
  630. data/src/core/lib/surface/byte_buffer_reader.cc +15 -43
  631. data/src/core/lib/surface/call.cc +419 -438
  632. data/src/core/lib/surface/call.h +14 -5
  633. data/src/core/lib/surface/call_details.cc +0 -1
  634. data/src/core/lib/surface/call_log_batch.cc +51 -60
  635. data/src/core/lib/surface/channel.cc +205 -144
  636. data/src/core/lib/surface/channel.h +85 -14
  637. data/src/core/lib/surface/channel_init.h +5 -0
  638. data/src/core/lib/surface/channel_ping.cc +3 -4
  639. data/src/core/lib/surface/completion_queue.cc +322 -281
  640. data/src/core/lib/surface/completion_queue.h +7 -21
  641. data/src/core/lib/surface/completion_queue_factory.cc +4 -4
  642. data/src/core/lib/surface/event_string.cc +18 -25
  643. data/src/core/lib/surface/event_string.h +3 -1
  644. data/src/core/lib/surface/init.cc +86 -31
  645. data/src/core/lib/surface/init.h +1 -0
  646. data/src/core/lib/surface/init_secure.cc +4 -4
  647. data/src/core/lib/surface/lame_client.cc +46 -35
  648. data/src/core/lib/surface/server.cc +815 -476
  649. data/src/core/lib/surface/server.h +50 -9
  650. data/src/core/lib/surface/validate_metadata.cc +18 -8
  651. data/src/core/lib/surface/validate_metadata.h +13 -2
  652. data/src/core/lib/surface/version.cc +2 -2
  653. data/src/core/lib/transport/bdp_estimator.cc +3 -3
  654. data/src/core/lib/transport/bdp_estimator.h +2 -2
  655. data/src/core/lib/transport/byte_stream.cc +5 -7
  656. data/src/core/lib/transport/byte_stream.h +13 -12
  657. data/src/core/lib/transport/connectivity_state.cc +114 -129
  658. data/src/core/lib/transport/connectivity_state.h +102 -58
  659. data/src/core/lib/transport/error_utils.cc +25 -2
  660. data/src/core/lib/transport/metadata.cc +428 -288
  661. data/src/core/lib/transport/metadata.h +307 -26
  662. data/src/core/lib/transport/metadata_batch.cc +81 -18
  663. data/src/core/lib/transport/metadata_batch.h +47 -6
  664. data/src/core/lib/transport/static_metadata.cc +1150 -521
  665. data/src/core/lib/transport/static_metadata.h +311 -317
  666. data/src/core/lib/transport/status_conversion.cc +7 -15
  667. data/src/core/lib/transport/status_metadata.cc +11 -4
  668. data/src/core/lib/transport/status_metadata.h +18 -0
  669. data/src/core/lib/transport/timeout_encoding.cc +8 -1
  670. data/src/core/lib/transport/timeout_encoding.h +4 -3
  671. data/src/core/lib/transport/transport.cc +49 -80
  672. data/src/core/lib/transport/transport.h +132 -54
  673. data/src/core/lib/transport/transport_impl.h +1 -1
  674. data/src/core/lib/transport/transport_op_string.cc +67 -105
  675. data/src/core/lib/uri/uri_parser.cc +314 -0
  676. data/src/core/lib/uri/uri_parser.h +49 -0
  677. data/src/core/plugin_registry/grpc_plugin_registry.cc +32 -4
  678. data/src/core/tsi/alts/crypt/aes_gcm.cc +0 -2
  679. data/src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc +1 -1
  680. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +715 -144
  681. data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +49 -35
  682. data/src/core/tsi/alts/handshaker/alts_shared_resource.cc +83 -0
  683. data/src/core/tsi/alts/handshaker/alts_shared_resource.h +73 -0
  684. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +373 -217
  685. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +45 -24
  686. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h +43 -10
  687. data/src/core/tsi/alts/handshaker/alts_tsi_utils.cc +13 -7
  688. data/src/core/tsi/alts/handshaker/alts_tsi_utils.h +4 -3
  689. data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +75 -48
  690. data/src/core/tsi/alts/handshaker/transport_security_common_api.h +35 -27
  691. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc +2 -2
  692. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h +2 -3
  693. data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +13 -3
  694. data/src/core/tsi/fake_transport_security.cc +26 -25
  695. data/src/core/tsi/fake_transport_security.h +2 -0
  696. data/src/core/tsi/local_transport_security.cc +8 -6
  697. data/src/core/tsi/ssl/session_cache/ssl_session.h +2 -6
  698. data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +2 -3
  699. data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +14 -11
  700. data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +4 -13
  701. data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +2 -3
  702. data/src/core/tsi/ssl_transport_security.cc +289 -125
  703. data/src/core/tsi/ssl_transport_security.h +52 -13
  704. data/src/core/tsi/ssl_types.h +0 -2
  705. data/src/core/tsi/transport_security.cc +31 -1
  706. data/src/core/tsi/transport_security.h +8 -10
  707. data/src/core/tsi/transport_security_grpc.cc +7 -0
  708. data/src/core/tsi/transport_security_grpc.h +8 -3
  709. data/src/core/tsi/transport_security_interface.h +15 -3
  710. data/src/ruby/bin/math_pb.rb +23 -21
  711. data/src/ruby/ext/grpc/ext-export.clang +1 -0
  712. data/src/ruby/ext/grpc/ext-export.gcc +6 -0
  713. data/src/ruby/ext/grpc/extconf.rb +18 -4
  714. data/src/ruby/ext/grpc/rb_call.c +11 -2
  715. data/src/ruby/ext/grpc/rb_call_credentials.c +12 -6
  716. data/src/ruby/ext/grpc/rb_channel.c +18 -11
  717. data/src/ruby/ext/grpc/rb_channel_credentials.c +8 -4
  718. data/src/ruby/ext/grpc/rb_compression_options.c +9 -7
  719. data/src/ruby/ext/grpc/rb_enable_cpp.cc +22 -0
  720. data/src/ruby/ext/grpc/rb_event_thread.c +2 -0
  721. data/src/ruby/ext/grpc/rb_grpc.c +48 -60
  722. data/src/ruby/ext/grpc/rb_grpc.h +5 -1
  723. data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +42 -6
  724. data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +67 -13
  725. data/src/ruby/ext/grpc/rb_server.c +10 -4
  726. data/src/ruby/lib/grpc.rb +2 -0
  727. data/src/ruby/lib/grpc/core/status_codes.rb +135 -0
  728. data/src/ruby/lib/grpc/errors.rb +122 -46
  729. data/src/ruby/lib/grpc/generic/active_call.rb +2 -3
  730. data/src/ruby/lib/grpc/generic/bidi_call.rb +2 -2
  731. data/src/ruby/lib/grpc/generic/interceptors.rb +4 -4
  732. data/src/ruby/lib/grpc/generic/rpc_desc.rb +3 -3
  733. data/src/ruby/lib/grpc/generic/rpc_server.rb +64 -4
  734. data/src/ruby/lib/grpc/generic/service.rb +6 -5
  735. data/src/ruby/lib/grpc/google_rpc_status_utils.rb +9 -4
  736. data/src/ruby/lib/grpc/grpc.rb +1 -1
  737. data/src/ruby/lib/grpc/structs.rb +15 -0
  738. data/src/ruby/lib/grpc/version.rb +1 -1
  739. data/src/ruby/pb/README.md +1 -1
  740. data/src/ruby/pb/generate_proto_ruby.sh +5 -3
  741. data/src/ruby/pb/grpc/health/checker.rb +2 -3
  742. data/src/ruby/pb/grpc/health/v1/health_pb.rb +16 -13
  743. data/src/ruby/pb/grpc/health/v1/health_services_pb.rb +18 -0
  744. data/src/ruby/pb/src/proto/grpc/testing/empty_pb.rb +4 -2
  745. data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +92 -69
  746. data/src/ruby/pb/src/proto/grpc/testing/test_pb.rb +2 -0
  747. data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +16 -0
  748. data/src/ruby/spec/channel_spec.rb +44 -0
  749. data/src/ruby/spec/client_auth_spec.rb +5 -5
  750. data/src/ruby/spec/debug_message_spec.rb +134 -0
  751. data/src/ruby/spec/errors_spec.rb +142 -0
  752. data/src/ruby/spec/generic/client_stub_spec.rb +13 -9
  753. data/src/ruby/spec/generic/rpc_server_spec.rb +25 -3
  754. data/src/ruby/spec/generic/service_spec.rb +2 -0
  755. data/src/ruby/spec/google_rpc_status_utils_spec.rb +2 -2
  756. data/src/ruby/spec/pb/codegen/grpc/testing/package_options.proto +28 -0
  757. data/src/ruby/spec/pb/codegen/grpc/testing/package_options_import.proto +22 -0
  758. data/src/ruby/spec/pb/codegen/grpc/testing/package_options_ruby_style.proto +39 -0
  759. data/src/ruby/spec/pb/codegen/package_option_spec.rb +78 -0
  760. data/src/ruby/spec/support/services.rb +29 -22
  761. data/src/ruby/spec/testdata/ca.pem +18 -13
  762. data/src/ruby/spec/testdata/client.key +26 -14
  763. data/src/ruby/spec/testdata/client.pem +18 -12
  764. data/src/ruby/spec/testdata/server1.key +26 -14
  765. data/src/ruby/spec/testdata/server1.pem +20 -14
  766. data/third_party/abseil-cpp/absl/algorithm/algorithm.h +159 -0
  767. data/third_party/abseil-cpp/absl/base/attributes.h +621 -0
  768. data/third_party/abseil-cpp/absl/base/call_once.h +226 -0
  769. data/third_party/abseil-cpp/absl/base/casts.h +184 -0
  770. data/third_party/abseil-cpp/absl/base/config.h +671 -0
  771. data/third_party/abseil-cpp/absl/base/const_init.h +76 -0
  772. data/third_party/abseil-cpp/absl/base/dynamic_annotations.cc +129 -0
  773. data/third_party/abseil-cpp/absl/base/dynamic_annotations.h +389 -0
  774. data/third_party/abseil-cpp/absl/base/internal/atomic_hook.h +200 -0
  775. data/third_party/abseil-cpp/absl/base/internal/bits.h +218 -0
  776. data/third_party/abseil-cpp/absl/base/internal/cycleclock.cc +107 -0
  777. data/third_party/abseil-cpp/absl/base/internal/cycleclock.h +94 -0
  778. data/third_party/abseil-cpp/absl/base/internal/endian.h +266 -0
  779. data/third_party/abseil-cpp/absl/base/internal/errno_saver.h +43 -0
  780. data/third_party/abseil-cpp/absl/base/internal/hide_ptr.h +51 -0
  781. data/third_party/abseil-cpp/absl/base/internal/identity.h +37 -0
  782. data/third_party/abseil-cpp/absl/base/internal/inline_variable.h +107 -0
  783. data/third_party/abseil-cpp/absl/base/internal/invoke.h +187 -0
  784. data/third_party/abseil-cpp/absl/base/internal/low_level_scheduling.h +107 -0
  785. data/third_party/abseil-cpp/absl/base/internal/per_thread_tls.h +52 -0
  786. data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +240 -0
  787. data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +183 -0
  788. data/third_party/abseil-cpp/absl/base/internal/scheduling_mode.h +58 -0
  789. data/third_party/abseil-cpp/absl/base/internal/spinlock.cc +233 -0
  790. data/third_party/abseil-cpp/absl/base/internal/spinlock.h +243 -0
  791. data/third_party/abseil-cpp/absl/base/internal/spinlock_akaros.inc +35 -0
  792. data/third_party/abseil-cpp/absl/base/internal/spinlock_linux.inc +66 -0
  793. data/third_party/abseil-cpp/absl/base/internal/spinlock_posix.inc +46 -0
  794. data/third_party/abseil-cpp/absl/base/internal/spinlock_wait.cc +81 -0
  795. data/third_party/abseil-cpp/absl/base/internal/spinlock_wait.h +93 -0
  796. data/third_party/abseil-cpp/absl/base/internal/spinlock_win32.inc +37 -0
  797. data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +416 -0
  798. data/third_party/abseil-cpp/absl/base/internal/sysinfo.h +66 -0
  799. data/third_party/abseil-cpp/absl/base/internal/thread_annotations.h +271 -0
  800. data/third_party/abseil-cpp/absl/base/internal/thread_identity.cc +152 -0
  801. data/third_party/abseil-cpp/absl/base/internal/thread_identity.h +259 -0
  802. data/third_party/abseil-cpp/absl/base/internal/throw_delegate.cc +108 -0
  803. data/third_party/abseil-cpp/absl/base/internal/throw_delegate.h +75 -0
  804. data/third_party/abseil-cpp/absl/base/internal/tsan_mutex_interface.h +66 -0
  805. data/third_party/abseil-cpp/absl/base/internal/unaligned_access.h +158 -0
  806. data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.cc +140 -0
  807. data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.h +124 -0
  808. data/third_party/abseil-cpp/absl/base/log_severity.cc +27 -0
  809. data/third_party/abseil-cpp/absl/base/log_severity.h +121 -0
  810. data/third_party/abseil-cpp/absl/base/macros.h +220 -0
  811. data/third_party/abseil-cpp/absl/base/optimization.h +181 -0
  812. data/third_party/abseil-cpp/absl/base/options.h +211 -0
  813. data/third_party/abseil-cpp/absl/base/policy_checks.h +111 -0
  814. data/third_party/abseil-cpp/absl/base/port.h +26 -0
  815. data/third_party/abseil-cpp/absl/base/thread_annotations.h +280 -0
  816. data/third_party/abseil-cpp/absl/container/inlined_vector.h +848 -0
  817. data/third_party/abseil-cpp/absl/container/internal/compressed_tuple.h +265 -0
  818. data/third_party/abseil-cpp/absl/container/internal/inlined_vector.h +892 -0
  819. data/third_party/abseil-cpp/absl/memory/memory.h +695 -0
  820. data/third_party/abseil-cpp/absl/meta/type_traits.h +759 -0
  821. data/third_party/abseil-cpp/absl/numeric/int128.cc +404 -0
  822. data/third_party/abseil-cpp/absl/numeric/int128.h +1091 -0
  823. data/third_party/abseil-cpp/absl/numeric/int128_have_intrinsic.inc +302 -0
  824. data/third_party/abseil-cpp/absl/numeric/int128_no_intrinsic.inc +308 -0
  825. data/third_party/abseil-cpp/absl/strings/ascii.cc +200 -0
  826. data/third_party/abseil-cpp/absl/strings/ascii.h +242 -0
  827. data/third_party/abseil-cpp/absl/strings/charconv.cc +984 -0
  828. data/third_party/abseil-cpp/absl/strings/charconv.h +119 -0
  829. data/third_party/abseil-cpp/absl/strings/escaping.cc +949 -0
  830. data/third_party/abseil-cpp/absl/strings/escaping.h +164 -0
  831. data/third_party/abseil-cpp/absl/strings/internal/char_map.h +156 -0
  832. data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.cc +359 -0
  833. data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.h +423 -0
  834. data/third_party/abseil-cpp/absl/strings/internal/charconv_parse.cc +504 -0
  835. data/third_party/abseil-cpp/absl/strings/internal/charconv_parse.h +99 -0
  836. data/third_party/abseil-cpp/absl/strings/internal/escaping.cc +180 -0
  837. data/third_party/abseil-cpp/absl/strings/internal/escaping.h +58 -0
  838. data/third_party/abseil-cpp/absl/strings/internal/memutil.cc +112 -0
  839. data/third_party/abseil-cpp/absl/strings/internal/memutil.h +148 -0
  840. data/third_party/abseil-cpp/absl/strings/internal/ostringstream.cc +36 -0
  841. data/third_party/abseil-cpp/absl/strings/internal/ostringstream.h +89 -0
  842. data/third_party/abseil-cpp/absl/strings/internal/resize_uninitialized.h +73 -0
  843. data/third_party/abseil-cpp/absl/strings/internal/stl_type_traits.h +248 -0
  844. data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +388 -0
  845. data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +432 -0
  846. data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +245 -0
  847. data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +209 -0
  848. data/third_party/abseil-cpp/absl/strings/internal/str_format/checker.h +326 -0
  849. data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.cc +51 -0
  850. data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.h +415 -0
  851. data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.cc +493 -0
  852. data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.h +23 -0
  853. data/third_party/abseil-cpp/absl/strings/internal/str_format/output.cc +72 -0
  854. data/third_party/abseil-cpp/absl/strings/internal/str_format/output.h +104 -0
  855. data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.cc +334 -0
  856. data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +333 -0
  857. data/third_party/abseil-cpp/absl/strings/internal/str_join_internal.h +314 -0
  858. data/third_party/abseil-cpp/absl/strings/internal/str_split_internal.h +455 -0
  859. data/third_party/abseil-cpp/absl/strings/internal/utf8.cc +53 -0
  860. data/third_party/abseil-cpp/absl/strings/internal/utf8.h +50 -0
  861. data/third_party/abseil-cpp/absl/strings/match.cc +40 -0
  862. data/third_party/abseil-cpp/absl/strings/match.h +90 -0
  863. data/third_party/abseil-cpp/absl/strings/numbers.cc +965 -0
  864. data/third_party/abseil-cpp/absl/strings/numbers.h +266 -0
  865. data/third_party/abseil-cpp/absl/strings/str_cat.cc +246 -0
  866. data/third_party/abseil-cpp/absl/strings/str_cat.h +408 -0
  867. data/third_party/abseil-cpp/absl/strings/str_format.h +537 -0
  868. data/third_party/abseil-cpp/absl/strings/str_join.h +293 -0
  869. data/third_party/abseil-cpp/absl/strings/str_replace.cc +82 -0
  870. data/third_party/abseil-cpp/absl/strings/str_replace.h +219 -0
  871. data/third_party/abseil-cpp/absl/strings/str_split.cc +139 -0
  872. data/third_party/abseil-cpp/absl/strings/str_split.h +513 -0
  873. data/third_party/abseil-cpp/absl/strings/string_view.cc +235 -0
  874. data/third_party/abseil-cpp/absl/strings/string_view.h +622 -0
  875. data/third_party/abseil-cpp/absl/strings/strip.h +91 -0
  876. data/third_party/abseil-cpp/absl/strings/substitute.cc +171 -0
  877. data/third_party/abseil-cpp/absl/strings/substitute.h +693 -0
  878. data/third_party/abseil-cpp/absl/time/civil_time.cc +175 -0
  879. data/third_party/abseil-cpp/absl/time/civil_time.h +538 -0
  880. data/third_party/abseil-cpp/absl/time/clock.cc +569 -0
  881. data/third_party/abseil-cpp/absl/time/clock.h +74 -0
  882. data/third_party/abseil-cpp/absl/time/duration.cc +922 -0
  883. data/third_party/abseil-cpp/absl/time/format.cc +153 -0
  884. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time.h +332 -0
  885. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +622 -0
  886. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/time_zone.h +384 -0
  887. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/zone_info_source.h +102 -0
  888. data/third_party/abseil-cpp/absl/time/internal/cctz/src/civil_time_detail.cc +94 -0
  889. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.cc +140 -0
  890. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.h +52 -0
  891. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +922 -0
  892. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.cc +45 -0
  893. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.h +76 -0
  894. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.cc +121 -0
  895. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.h +93 -0
  896. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +958 -0
  897. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.h +138 -0
  898. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +308 -0
  899. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.h +55 -0
  900. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_lookup.cc +187 -0
  901. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.cc +159 -0
  902. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.h +132 -0
  903. data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +122 -0
  904. data/third_party/abseil-cpp/absl/time/internal/cctz/src/zone_info_source.cc +115 -0
  905. data/third_party/abseil-cpp/absl/time/internal/get_current_time_chrono.inc +31 -0
  906. data/third_party/abseil-cpp/absl/time/internal/get_current_time_posix.inc +24 -0
  907. data/third_party/abseil-cpp/absl/time/time.cc +499 -0
  908. data/third_party/abseil-cpp/absl/time/time.h +1584 -0
  909. data/third_party/abseil-cpp/absl/types/bad_optional_access.cc +48 -0
  910. data/third_party/abseil-cpp/absl/types/bad_optional_access.h +78 -0
  911. data/third_party/abseil-cpp/absl/types/internal/optional.h +396 -0
  912. data/third_party/abseil-cpp/absl/types/internal/span.h +128 -0
  913. data/third_party/abseil-cpp/absl/types/optional.h +776 -0
  914. data/third_party/abseil-cpp/absl/types/span.h +713 -0
  915. data/third_party/abseil-cpp/absl/utility/utility.h +350 -0
  916. data/third_party/boringssl-with-bazel/err_data.c +1439 -0
  917. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_bitstr.c +0 -0
  918. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +123 -0
  919. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_d2i_fp.c +93 -0
  920. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_dup.c +87 -0
  921. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +195 -0
  922. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_gentm.c +0 -0
  923. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_i2d_fp.c +88 -0
  924. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +420 -0
  925. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +305 -0
  926. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +286 -0
  927. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_octet.c +0 -0
  928. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_print.c +0 -0
  929. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +313 -0
  930. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +212 -0
  931. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_type.c +0 -0
  932. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_utctm.c +0 -0
  933. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_utf8.c +0 -0
  934. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +446 -0
  935. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/asn1_locl.h +0 -0
  936. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/asn1_par.c +0 -0
  937. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/asn_pack.c +0 -0
  938. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/f_enum.c +0 -0
  939. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/f_int.c +0 -0
  940. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/f_string.c +0 -0
  941. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_dec.c +0 -0
  942. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +664 -0
  943. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_fre.c +0 -0
  944. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_new.c +0 -0
  945. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_typ.c +0 -0
  946. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_utl.c +0 -0
  947. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/time_support.c +0 -0
  948. data/third_party/boringssl-with-bazel/src/crypto/base64/base64.c +466 -0
  949. data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +700 -0
  950. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/bio_mem.c +0 -0
  951. data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +545 -0
  952. data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +279 -0
  953. data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +317 -0
  954. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/hexdump.c +0 -0
  955. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/internal.h +0 -0
  956. data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +488 -0
  957. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/printf.c +0 -0
  958. data/third_party/boringssl-with-bazel/src/crypto/bio/socket.c +206 -0
  959. data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +118 -0
  960. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bn_extra/bn_asn1.c +0 -0
  961. data/third_party/boringssl-with-bazel/src/crypto/bn_extra/convert.c +470 -0
  962. data/third_party/boringssl-with-bazel/src/crypto/buf/buf.c +172 -0
  963. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bytestring/asn1_compat.c +0 -0
  964. data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +265 -0
  965. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbb.c +719 -0
  966. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +688 -0
  967. data/third_party/boringssl-with-bazel/src/crypto/bytestring/internal.h +96 -0
  968. data/third_party/boringssl-with-bazel/src/crypto/bytestring/unicode.c +155 -0
  969. data/third_party/boringssl-with-bazel/src/crypto/chacha/chacha.c +184 -0
  970. data/third_party/boringssl-with-bazel/src/crypto/chacha/internal.h +45 -0
  971. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/cipher_extra.c +143 -0
  972. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +152 -0
  973. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesccm.c +447 -0
  974. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesctrhmac.c +283 -0
  975. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesgcmsiv.c +891 -0
  976. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +418 -0
  977. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_null.c +0 -0
  978. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_rc2.c +0 -0
  979. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_rc4.c +0 -0
  980. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +688 -0
  981. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/internal.h +0 -0
  982. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +491 -0
  983. data/third_party/boringssl-with-bazel/src/crypto/cmac/cmac.c +278 -0
  984. data/third_party/boringssl-with-bazel/src/crypto/conf/conf.c +810 -0
  985. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/conf/conf_def.h +0 -0
  986. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/conf/internal.h +0 -0
  987. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-aarch64-fuchsia.c +0 -0
  988. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-aarch64-linux.c +0 -0
  989. data/third_party/boringssl-with-bazel/src/crypto/cpu-arm-linux.c +220 -0
  990. data/third_party/boringssl-with-bazel/src/crypto/cpu-arm-linux.h +201 -0
  991. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-arm.c +0 -0
  992. data/third_party/boringssl-with-bazel/src/crypto/cpu-intel.c +291 -0
  993. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-ppc64le.c +0 -0
  994. data/third_party/boringssl-with-bazel/src/crypto/crypto.c +226 -0
  995. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +2159 -0
  996. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519_tables.h +7872 -0
  997. data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h +146 -0
  998. data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +539 -0
  999. data/third_party/boringssl-with-bazel/src/crypto/dh/check.c +217 -0
  1000. data/third_party/boringssl-with-bazel/src/crypto/dh/dh.c +533 -0
  1001. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/dh/dh_asn1.c +0 -0
  1002. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/dh/params.c +0 -0
  1003. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/digest_extra/digest_extra.c +0 -0
  1004. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +980 -0
  1005. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/dsa/dsa_asn1.c +0 -0
  1006. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +574 -0
  1007. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_derive.c +95 -0
  1008. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +425 -0
  1009. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +78 -0
  1010. data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/ecdh_extra.c +124 -0
  1011. data/third_party/boringssl-with-bazel/src/crypto/ecdsa_extra/ecdsa_asn1.c +267 -0
  1012. data/third_party/boringssl-with-bazel/src/crypto/engine/engine.c +99 -0
  1013. data/third_party/boringssl-with-bazel/src/crypto/err/err.c +850 -0
  1014. data/third_party/boringssl-with-bazel/src/crypto/err/internal.h +58 -0
  1015. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/digestsign.c +0 -0
  1016. data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +443 -0
  1017. data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +388 -0
  1018. data/third_party/boringssl-with-bazel/src/crypto/evp/evp_ctx.c +484 -0
  1019. data/third_party/boringssl-with-bazel/src/crypto/evp/internal.h +269 -0
  1020. data/third_party/boringssl-with-bazel/src/crypto/evp/p_dsa_asn1.c +273 -0
  1021. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec.c +286 -0
  1022. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec_asn1.c +255 -0
  1023. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519.c +104 -0
  1024. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519_asn1.c +221 -0
  1025. data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +648 -0
  1026. data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa_asn1.c +194 -0
  1027. data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519.c +110 -0
  1028. data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519_asn1.c +248 -0
  1029. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/pbkdf.c +0 -0
  1030. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/print.c +0 -0
  1031. data/third_party/boringssl-with-bazel/src/crypto/evp/scrypt.c +213 -0
  1032. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/sign.c +0 -0
  1033. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/ex_data.c +0 -0
  1034. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes.c +108 -0
  1035. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +1282 -0
  1036. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +238 -0
  1037. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/key_wrap.c +236 -0
  1038. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +106 -0
  1039. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +263 -0
  1040. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/add.c +0 -0
  1041. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/asm/x86_64-gcc.c +0 -0
  1042. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +445 -0
  1043. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/bytes.c +0 -0
  1044. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/cmp.c +200 -0
  1045. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/ctx.c +236 -0
  1046. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +886 -0
  1047. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div_extra.c +87 -0
  1048. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +1288 -0
  1049. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd.c +378 -0
  1050. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd_extra.c +325 -0
  1051. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/generic.c +0 -0
  1052. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +694 -0
  1053. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/jacobi.c +0 -0
  1054. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +502 -0
  1055. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery_inv.c +186 -0
  1056. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +749 -0
  1057. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +1068 -0
  1058. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/random.c +341 -0
  1059. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.c +226 -0
  1060. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.h +104 -0
  1061. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/shift.c +364 -0
  1062. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/sqrt.c +0 -0
  1063. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/cipher/aead.c +0 -0
  1064. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +620 -0
  1065. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +1302 -0
  1066. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_des.c +237 -0
  1067. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/internal.h +128 -0
  1068. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/delocate.h +89 -0
  1069. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/des/des.c +0 -0
  1070. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/des/internal.h +0 -0
  1071. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +271 -0
  1072. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.c +296 -0
  1073. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/digest/internal.h +0 -0
  1074. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/md32_common.h +268 -0
  1075. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +1252 -0
  1076. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +465 -0
  1077. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +524 -0
  1078. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/felem.c +100 -0
  1079. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +775 -0
  1080. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +328 -0
  1081. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +1178 -0
  1082. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64-table.h +9497 -0
  1083. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64.c +632 -0
  1084. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64.h +153 -0
  1085. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +736 -0
  1086. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +297 -0
  1087. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +175 -0
  1088. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +357 -0
  1089. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +270 -0
  1090. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/util.c +255 -0
  1091. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +270 -0
  1092. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +122 -0
  1093. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +328 -0
  1094. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/fips_shared_support.c +32 -0
  1095. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/hmac/hmac.c +0 -0
  1096. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/is_fips.c +29 -0
  1097. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md4/md4.c +256 -0
  1098. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md5/internal.h +37 -0
  1099. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md5/md5.c +301 -0
  1100. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +167 -0
  1101. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cfb.c +202 -0
  1102. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +200 -0
  1103. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +729 -0
  1104. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm_nohw.c +304 -0
  1105. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +441 -0
  1106. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +96 -0
  1107. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/polyval.c +0 -0
  1108. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/ctrdrbg.c +202 -0
  1109. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +137 -0
  1110. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +49 -0
  1111. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +64 -0
  1112. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +163 -0
  1113. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +378 -0
  1114. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +391 -0
  1115. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +243 -0
  1116. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +127 -0
  1117. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/padding.c +695 -0
  1118. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +898 -0
  1119. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +1358 -0
  1120. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +654 -0
  1121. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +53 -0
  1122. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/sha/sha1-altivec.c +0 -0
  1123. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +371 -0
  1124. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +343 -0
  1125. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +544 -0
  1126. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/tls/internal.h +0 -0
  1127. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/tls/kdf.c +0 -0
  1128. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/hkdf/hkdf.c +0 -0
  1129. data/third_party/boringssl-with-bazel/src/crypto/hrss/hrss.c +2100 -0
  1130. data/third_party/boringssl-with-bazel/src/crypto/hrss/internal.h +61 -0
  1131. data/third_party/boringssl-with-bazel/src/crypto/internal.h +834 -0
  1132. data/third_party/boringssl-with-bazel/src/crypto/lhash/lhash.c +348 -0
  1133. data/third_party/boringssl-with-bazel/src/crypto/mem.c +359 -0
  1134. data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +549 -0
  1135. data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +11585 -0
  1136. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/obj/obj_xref.c +0 -0
  1137. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_all.c +261 -0
  1138. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_info.c +360 -0
  1139. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +777 -0
  1140. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_oth.c +87 -0
  1141. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +257 -0
  1142. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +218 -0
  1143. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_x509.c +0 -0
  1144. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_xaux.c +0 -0
  1145. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs7/internal.h +0 -0
  1146. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7.c +159 -0
  1147. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +385 -0
  1148. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/internal.h +131 -0
  1149. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/p5_pbev2.c +316 -0
  1150. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8.c +530 -0
  1151. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +1305 -0
  1152. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/poly1305/internal.h +0 -0
  1153. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +318 -0
  1154. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +305 -0
  1155. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +856 -0
  1156. data/third_party/boringssl-with-bazel/src/crypto/pool/internal.h +45 -0
  1157. data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +220 -0
  1158. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/deterministic.c +52 -0
  1159. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rand_extra/forkunsafe.c +0 -0
  1160. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/fuchsia.c +30 -0
  1161. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rand_extra/rand_extra.c +0 -0
  1162. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/windows.c +69 -0
  1163. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rc4/rc4.c +0 -0
  1164. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/refcount_c11.c +0 -0
  1165. data/third_party/boringssl-with-bazel/src/crypto/refcount_lock.c +53 -0
  1166. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rsa_extra/rsa_asn1.c +0 -0
  1167. data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_print.c +22 -0
  1168. data/third_party/boringssl-with-bazel/src/crypto/siphash/siphash.c +82 -0
  1169. data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +431 -0
  1170. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/thread.c +0 -0
  1171. data/third_party/boringssl-with-bazel/src/crypto/thread_none.c +59 -0
  1172. data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +210 -0
  1173. data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +260 -0
  1174. data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +278 -0
  1175. data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +1474 -0
  1176. data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +720 -0
  1177. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/a_digest.c +0 -0
  1178. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/a_sign.c +0 -0
  1179. data/third_party/boringssl-with-bazel/src/crypto/x509/a_strex.c +653 -0
  1180. data/third_party/boringssl-with-bazel/src/crypto/x509/a_verify.c +114 -0
  1181. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/algorithm.c +0 -0
  1182. data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +842 -0
  1183. data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +458 -0
  1184. data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +275 -0
  1185. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/charmap.h +0 -0
  1186. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/i2d_pr.c +0 -0
  1187. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/internal.h +0 -0
  1188. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/rsa_pss.c +0 -0
  1189. data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +125 -0
  1190. data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +244 -0
  1191. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +544 -0
  1192. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/t_x509a.c +0 -0
  1193. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/vpm_int.h +0 -0
  1194. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509.c +0 -0
  1195. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_att.c +0 -0
  1196. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +476 -0
  1197. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_d2.c +0 -0
  1198. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_def.c +103 -0
  1199. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_ext.c +0 -0
  1200. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +834 -0
  1201. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +198 -0
  1202. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_r2x.c +116 -0
  1203. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +341 -0
  1204. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +185 -0
  1205. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +326 -0
  1206. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_txt.c +204 -0
  1207. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_v3.c +0 -0
  1208. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +2487 -0
  1209. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +671 -0
  1210. data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +210 -0
  1211. data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +389 -0
  1212. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509rset.c +0 -0
  1213. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509spki.c +0 -0
  1214. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_algor.c +0 -0
  1215. data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +399 -0
  1216. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_attrib.c +0 -0
  1217. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_crl.c +0 -0
  1218. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_exten.c +0 -0
  1219. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_info.c +0 -0
  1220. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_name.c +0 -0
  1221. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_pkey.c +0 -0
  1222. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_pubkey.c +0 -0
  1223. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_req.c +0 -0
  1224. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_sig.c +0 -0
  1225. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_spki.c +0 -0
  1226. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_val.c +0 -0
  1227. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +334 -0
  1228. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_x509a.c +0 -0
  1229. data/third_party/boringssl-with-bazel/src/crypto/x509v3/ext_dat.h +141 -0
  1230. data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +56 -0
  1231. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_cache.c +286 -0
  1232. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_data.c +0 -0
  1233. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_int.h +0 -0
  1234. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_lib.c +0 -0
  1235. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_map.c +0 -0
  1236. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_node.c +189 -0
  1237. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_tree.c +842 -0
  1238. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +207 -0
  1239. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_akeya.c +0 -0
  1240. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +629 -0
  1241. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_bcons.c +0 -0
  1242. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_bitst.c +0 -0
  1243. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +463 -0
  1244. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +503 -0
  1245. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_crld.c +0 -0
  1246. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +100 -0
  1247. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_extku.c +0 -0
  1248. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +246 -0
  1249. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_ia5.c +0 -0
  1250. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +218 -0
  1251. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_int.c +0 -0
  1252. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +371 -0
  1253. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_ncons.c +0 -0
  1254. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ocsp.c +68 -0
  1255. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pci.c +288 -0
  1256. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pcia.c +0 -0
  1257. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pcons.c +0 -0
  1258. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pku.c +0 -0
  1259. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pmaps.c +0 -0
  1260. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_prn.c +0 -0
  1261. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +843 -0
  1262. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +155 -0
  1263. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_sxnet.c +0 -0
  1264. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +1395 -0
  1265. data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +459 -0
  1266. data/third_party/boringssl-with-bazel/src/include/openssl/aes.h +195 -0
  1267. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/arm_arch.h +0 -0
  1268. data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +911 -0
  1269. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/asn1_mac.h +0 -0
  1270. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/asn1t.h +0 -0
  1271. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +575 -0
  1272. data/third_party/boringssl-with-bazel/src/include/openssl/base64.h +190 -0
  1273. data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +933 -0
  1274. data/third_party/boringssl-with-bazel/src/include/openssl/blowfish.h +93 -0
  1275. data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +1057 -0
  1276. data/third_party/boringssl-with-bazel/src/include/openssl/buf.h +137 -0
  1277. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/buffer.h +0 -0
  1278. data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +561 -0
  1279. data/third_party/boringssl-with-bazel/src/include/openssl/cast.h +96 -0
  1280. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/chacha.h +0 -0
  1281. data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +638 -0
  1282. data/third_party/boringssl-with-bazel/src/include/openssl/cmac.h +91 -0
  1283. data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +180 -0
  1284. data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +212 -0
  1285. data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +149 -0
  1286. data/third_party/boringssl-with-bazel/src/include/openssl/curve25519.h +201 -0
  1287. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/des.h +0 -0
  1288. data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +319 -0
  1289. data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +331 -0
  1290. data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +457 -0
  1291. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/dtls1.h +0 -0
  1292. data/third_party/boringssl-with-bazel/src/include/openssl/e_os2.h +18 -0
  1293. data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +424 -0
  1294. data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h +372 -0
  1295. data/third_party/boringssl-with-bazel/src/include/openssl/ecdh.h +118 -0
  1296. data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +205 -0
  1297. data/third_party/boringssl-with-bazel/src/include/openssl/engine.h +109 -0
  1298. data/third_party/boringssl-with-bazel/src/include/openssl/err.h +465 -0
  1299. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +1050 -0
  1300. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ex_data.h +0 -0
  1301. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/hkdf.h +0 -0
  1302. data/third_party/boringssl-with-bazel/src/include/openssl/hmac.h +186 -0
  1303. data/third_party/boringssl-with-bazel/src/include/openssl/hrss.h +100 -0
  1304. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/is_boringssl.h +0 -0
  1305. data/third_party/boringssl-with-bazel/src/include/openssl/lhash.h +282 -0
  1306. data/third_party/boringssl-with-bazel/src/include/openssl/md4.h +108 -0
  1307. data/third_party/boringssl-with-bazel/src/include/openssl/md5.h +109 -0
  1308. data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +175 -0
  1309. data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +4259 -0
  1310. data/third_party/boringssl-with-bazel/src/include/openssl/obj.h +236 -0
  1311. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/obj_mac.h +0 -0
  1312. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/objects.h +0 -0
  1313. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/opensslconf.h +0 -0
  1314. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/opensslv.h +0 -0
  1315. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ossl_typ.h +0 -0
  1316. data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +435 -0
  1317. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/pkcs12.h +0 -0
  1318. data/third_party/boringssl-with-bazel/src/include/openssl/pkcs7.h +215 -0
  1319. data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +269 -0
  1320. data/third_party/boringssl-with-bazel/src/include/openssl/poly1305.h +49 -0
  1321. data/third_party/boringssl-with-bazel/src/include/openssl/pool.h +102 -0
  1322. data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +111 -0
  1323. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/rc4.h +0 -0
  1324. data/third_party/boringssl-with-bazel/src/include/openssl/ripemd.h +108 -0
  1325. data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +818 -0
  1326. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/safestack.h +0 -0
  1327. data/third_party/boringssl-with-bazel/src/include/openssl/sha.h +294 -0
  1328. data/third_party/boringssl-with-bazel/src/include/openssl/siphash.h +37 -0
  1329. data/third_party/boringssl-with-bazel/src/include/openssl/span.h +199 -0
  1330. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/srtp.h +0 -0
  1331. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +5198 -0
  1332. data/third_party/boringssl-with-bazel/src/include/openssl/ssl3.h +333 -0
  1333. data/third_party/boringssl-with-bazel/src/include/openssl/stack.h +542 -0
  1334. data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +191 -0
  1335. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +632 -0
  1336. data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +291 -0
  1337. data/third_party/boringssl-with-bazel/src/include/openssl/type_check.h +90 -0
  1338. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +1207 -0
  1339. data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +681 -0
  1340. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +831 -0
  1341. data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/bio_ssl.cc +0 -0
  1342. data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +837 -0
  1343. data/third_party/boringssl-with-bazel/src/ssl/d1_lib.cc +268 -0
  1344. data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +273 -0
  1345. data/third_party/boringssl-with-bazel/src/ssl/d1_srtp.cc +232 -0
  1346. data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +200 -0
  1347. data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +353 -0
  1348. data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +675 -0
  1349. data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +703 -0
  1350. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +1890 -0
  1351. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +1805 -0
  1352. data/third_party/boringssl-with-bazel/src/ssl/internal.h +3572 -0
  1353. data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +724 -0
  1354. data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +221 -0
  1355. data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +458 -0
  1356. data/third_party/boringssl-with-bazel/src/ssl/ssl_aead_ctx.cc +432 -0
  1357. data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +856 -0
  1358. data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +306 -0
  1359. data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +1019 -0
  1360. data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +1718 -0
  1361. data/third_party/boringssl-with-bazel/src/ssl/ssl_file.cc +585 -0
  1362. data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +397 -0
  1363. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +3015 -0
  1364. data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +835 -0
  1365. data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +1333 -0
  1366. data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +230 -0
  1367. data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +277 -0
  1368. data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +394 -0
  1369. data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +1358 -0
  1370. data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +365 -0
  1371. data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +3870 -0
  1372. data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +689 -0
  1373. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +1017 -0
  1374. data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +513 -0
  1375. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +1096 -0
  1376. data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +317 -0
  1377. data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +703 -0
  1378. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +981 -0
  1379. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +619 -0
  1380. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +3147 -0
  1381. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +1226 -0
  1382. data/third_party/cares/cares/ares.h +12 -0
  1383. data/third_party/cares/cares/ares_create_query.c +5 -1
  1384. data/third_party/cares/cares/ares_data.c +74 -73
  1385. data/third_party/cares/cares/ares_destroy.c +6 -1
  1386. data/third_party/cares/cares/ares_gethostbyaddr.c +5 -5
  1387. data/third_party/cares/cares/ares_gethostbyname.c +15 -4
  1388. data/third_party/cares/cares/ares_getnameinfo.c +11 -0
  1389. data/third_party/cares/cares/ares_init.c +274 -173
  1390. data/third_party/cares/cares/ares_library_init.c +21 -3
  1391. data/third_party/cares/cares/ares_options.c +6 -2
  1392. data/third_party/cares/cares/ares_parse_naptr_reply.c +7 -6
  1393. data/third_party/cares/cares/ares_parse_ptr_reply.c +4 -2
  1394. data/third_party/cares/cares/ares_platform.c +7 -0
  1395. data/third_party/cares/cares/ares_private.h +19 -11
  1396. data/third_party/cares/cares/ares_process.c +27 -2
  1397. data/third_party/cares/cares/ares_rules.h +1 -1
  1398. data/third_party/cares/cares/ares_search.c +7 -0
  1399. data/third_party/cares/cares/ares_send.c +6 -0
  1400. data/third_party/cares/cares/ares_strsplit.c +174 -0
  1401. data/third_party/cares/cares/ares_strsplit.h +43 -0
  1402. data/third_party/cares/cares/ares_version.h +4 -4
  1403. data/third_party/cares/cares/config-win32.h +1 -1
  1404. data/third_party/cares/cares/inet_ntop.c +2 -3
  1405. data/third_party/cares/config_darwin/ares_config.h +3 -0
  1406. data/third_party/cares/config_freebsd/ares_config.h +3 -0
  1407. data/third_party/cares/config_linux/ares_config.h +3 -0
  1408. data/third_party/cares/config_openbsd/ares_config.h +3 -0
  1409. data/third_party/upb/upb/decode.c +609 -0
  1410. data/third_party/upb/upb/decode.h +21 -0
  1411. data/third_party/upb/upb/encode.c +378 -0
  1412. data/third_party/upb/upb/encode.h +21 -0
  1413. data/third_party/upb/upb/generated_util.h +105 -0
  1414. data/third_party/upb/upb/msg.c +111 -0
  1415. data/third_party/upb/upb/msg.h +69 -0
  1416. data/third_party/upb/upb/port.c +26 -0
  1417. data/third_party/upb/upb/port_def.inc +150 -0
  1418. data/third_party/upb/upb/port_undef.inc +21 -0
  1419. data/third_party/upb/upb/table.c +913 -0
  1420. data/third_party/upb/upb/table.int.h +507 -0
  1421. data/third_party/upb/upb/upb.c +261 -0
  1422. data/third_party/upb/upb/upb.h +364 -0
  1423. metadata +968 -542
  1424. data/src/boringssl/err_data.c +0 -1362
  1425. data/src/core/ext/filters/client_channel/connector.cc +0 -41
  1426. data/src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/google/protobuf/duration.pb.c +0 -19
  1427. data/src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/google/protobuf/duration.pb.h +0 -54
  1428. data/src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/google/protobuf/timestamp.pb.c +0 -19
  1429. data/src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/google/protobuf/timestamp.pb.h +0 -54
  1430. data/src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.c +0 -89
  1431. data/src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.h +0 -164
  1432. data/src/core/ext/filters/client_channel/lb_policy_factory.cc +0 -163
  1433. data/src/core/ext/filters/client_channel/method_params.cc +0 -178
  1434. data/src/core/ext/filters/client_channel/method_params.h +0 -78
  1435. data/src/core/ext/filters/client_channel/proxy_mapper.cc +0 -48
  1436. data/src/core/ext/filters/client_channel/subchannel_index.cc +0 -254
  1437. data/src/core/ext/filters/client_channel/subchannel_index.h +0 -79
  1438. data/src/core/ext/filters/client_channel/uri_parser.cc +0 -314
  1439. data/src/core/ext/filters/client_channel/uri_parser.h +0 -50
  1440. data/src/core/lib/channel/handshaker_factory.cc +0 -41
  1441. data/src/core/lib/gpr/arena.cc +0 -145
  1442. data/src/core/lib/gpr/host_port.cc +0 -98
  1443. data/src/core/lib/gpr/host_port.h +0 -43
  1444. data/src/core/lib/gpr/mpscq.cc +0 -117
  1445. data/src/core/lib/gpr/mpscq.h +0 -86
  1446. data/src/core/lib/gprpp/abstract.h +0 -37
  1447. data/src/core/lib/gprpp/atomic_with_atm.h +0 -57
  1448. data/src/core/lib/gprpp/atomic_with_std.h +0 -35
  1449. data/src/core/lib/gprpp/inlined_vector.h +0 -186
  1450. data/src/core/lib/gprpp/mutex_lock.h +0 -42
  1451. data/src/core/lib/iomgr/ev_epollsig_linux.cc +0 -1743
  1452. data/src/core/lib/iomgr/ev_epollsig_linux.h +0 -35
  1453. data/src/core/lib/iomgr/network_status_tracker.cc +0 -36
  1454. data/src/core/lib/iomgr/network_status_tracker.h +0 -32
  1455. data/src/core/lib/iomgr/wakeup_fd_cv.cc +0 -107
  1456. data/src/core/lib/iomgr/wakeup_fd_cv.h +0 -69
  1457. data/src/core/lib/json/json.cc +0 -97
  1458. data/src/core/lib/json/json_common.h +0 -34
  1459. data/src/core/lib/json/json_reader.h +0 -146
  1460. data/src/core/lib/json/json_string.cc +0 -367
  1461. data/src/core/lib/json/json_writer.h +0 -84
  1462. data/src/core/lib/security/security_connector/alts_security_connector.cc +0 -288
  1463. data/src/core/lib/security/security_connector/alts_security_connector.h +0 -69
  1464. data/src/core/lib/security/security_connector/local_security_connector.cc +0 -245
  1465. data/src/core/lib/security/security_connector/local_security_connector.h +0 -58
  1466. data/src/core/lib/transport/service_config.cc +0 -106
  1467. data/src/core/lib/transport/service_config.h +0 -249
  1468. data/src/core/tsi/alts/handshaker/alts_handshaker_service_api.cc +0 -520
  1469. data/src/core/tsi/alts/handshaker/alts_handshaker_service_api.h +0 -323
  1470. data/src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.cc +0 -143
  1471. data/src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.h +0 -149
  1472. data/src/core/tsi/alts/handshaker/alts_tsi_event.cc +0 -73
  1473. data/src/core/tsi/alts/handshaker/alts_tsi_event.h +0 -93
  1474. data/src/core/tsi/alts/handshaker/altscontext.pb.c +0 -47
  1475. data/src/core/tsi/alts/handshaker/altscontext.pb.h +0 -63
  1476. data/src/core/tsi/alts/handshaker/handshaker.pb.c +0 -122
  1477. data/src/core/tsi/alts/handshaker/handshaker.pb.h +0 -254
  1478. data/src/core/tsi/alts/handshaker/transport_security_common.pb.c +0 -49
  1479. data/src/core/tsi/alts/handshaker/transport_security_common.pb.h +0 -78
  1480. data/src/core/tsi/alts_transport_security.cc +0 -63
  1481. data/src/core/tsi/alts_transport_security.h +0 -47
  1482. data/src/core/tsi/grpc_shadow_boringssl.h +0 -3006
  1483. data/third_party/boringssl/crypto/asn1/a_bool.c +0 -110
  1484. data/third_party/boringssl/crypto/asn1/a_d2i_fp.c +0 -297
  1485. data/third_party/boringssl/crypto/asn1/a_dup.c +0 -111
  1486. data/third_party/boringssl/crypto/asn1/a_enum.c +0 -195
  1487. data/third_party/boringssl/crypto/asn1/a_i2d_fp.c +0 -150
  1488. data/third_party/boringssl/crypto/asn1/a_int.c +0 -479
  1489. data/third_party/boringssl/crypto/asn1/a_mbstr.c +0 -411
  1490. data/third_party/boringssl/crypto/asn1/a_object.c +0 -275
  1491. data/third_party/boringssl/crypto/asn1/a_strnid.c +0 -312
  1492. data/third_party/boringssl/crypto/asn1/a_time.c +0 -213
  1493. data/third_party/boringssl/crypto/asn1/asn1_lib.c +0 -442
  1494. data/third_party/boringssl/crypto/asn1/tasn_enc.c +0 -662
  1495. data/third_party/boringssl/crypto/base64/base64.c +0 -466
  1496. data/third_party/boringssl/crypto/bio/bio.c +0 -636
  1497. data/third_party/boringssl/crypto/bio/connect.c +0 -542
  1498. data/third_party/boringssl/crypto/bio/fd.c +0 -276
  1499. data/third_party/boringssl/crypto/bio/file.c +0 -315
  1500. data/third_party/boringssl/crypto/bio/pair.c +0 -489
  1501. data/third_party/boringssl/crypto/bio/socket.c +0 -202
  1502. data/third_party/boringssl/crypto/bio/socket_helper.c +0 -114
  1503. data/third_party/boringssl/crypto/bn_extra/convert.c +0 -466
  1504. data/third_party/boringssl/crypto/buf/buf.c +0 -231
  1505. data/third_party/boringssl/crypto/bytestring/ber.c +0 -261
  1506. data/third_party/boringssl/crypto/bytestring/cbb.c +0 -668
  1507. data/third_party/boringssl/crypto/bytestring/cbs.c +0 -618
  1508. data/third_party/boringssl/crypto/bytestring/internal.h +0 -75
  1509. data/third_party/boringssl/crypto/chacha/chacha.c +0 -167
  1510. data/third_party/boringssl/crypto/cipher_extra/cipher_extra.c +0 -114
  1511. data/third_party/boringssl/crypto/cipher_extra/derive_key.c +0 -152
  1512. data/third_party/boringssl/crypto/cipher_extra/e_aesccm.c +0 -203
  1513. data/third_party/boringssl/crypto/cipher_extra/e_aesctrhmac.c +0 -281
  1514. data/third_party/boringssl/crypto/cipher_extra/e_aesgcmsiv.c +0 -867
  1515. data/third_party/boringssl/crypto/cipher_extra/e_chacha20poly1305.c +0 -326
  1516. data/third_party/boringssl/crypto/cipher_extra/e_ssl3.c +0 -460
  1517. data/third_party/boringssl/crypto/cipher_extra/e_tls.c +0 -680
  1518. data/third_party/boringssl/crypto/cipher_extra/tls_cbc.c +0 -482
  1519. data/third_party/boringssl/crypto/cmac/cmac.c +0 -241
  1520. data/third_party/boringssl/crypto/conf/conf.c +0 -803
  1521. data/third_party/boringssl/crypto/cpu-arm-linux.c +0 -363
  1522. data/third_party/boringssl/crypto/cpu-intel.c +0 -288
  1523. data/third_party/boringssl/crypto/crypto.c +0 -198
  1524. data/third_party/boringssl/crypto/curve25519/spake25519.c +0 -539
  1525. data/third_party/boringssl/crypto/dh/check.c +0 -217
  1526. data/third_party/boringssl/crypto/dh/dh.c +0 -519
  1527. data/third_party/boringssl/crypto/dsa/dsa.c +0 -946
  1528. data/third_party/boringssl/crypto/ec_extra/ec_asn1.c +0 -562
  1529. data/third_party/boringssl/crypto/ecdh/ecdh.c +0 -162
  1530. data/third_party/boringssl/crypto/ecdsa_extra/ecdsa_asn1.c +0 -275
  1531. data/third_party/boringssl/crypto/engine/engine.c +0 -98
  1532. data/third_party/boringssl/crypto/err/err.c +0 -847
  1533. data/third_party/boringssl/crypto/err/internal.h +0 -58
  1534. data/third_party/boringssl/crypto/evp/evp.c +0 -362
  1535. data/third_party/boringssl/crypto/evp/evp_asn1.c +0 -337
  1536. data/third_party/boringssl/crypto/evp/evp_ctx.c +0 -446
  1537. data/third_party/boringssl/crypto/evp/internal.h +0 -252
  1538. data/third_party/boringssl/crypto/evp/p_dsa_asn1.c +0 -268
  1539. data/third_party/boringssl/crypto/evp/p_ec.c +0 -239
  1540. data/third_party/boringssl/crypto/evp/p_ec_asn1.c +0 -256
  1541. data/third_party/boringssl/crypto/evp/p_ed25519.c +0 -71
  1542. data/third_party/boringssl/crypto/evp/p_ed25519_asn1.c +0 -190
  1543. data/third_party/boringssl/crypto/evp/p_rsa.c +0 -634
  1544. data/third_party/boringssl/crypto/evp/p_rsa_asn1.c +0 -189
  1545. data/third_party/boringssl/crypto/evp/scrypt.c +0 -209
  1546. data/third_party/boringssl/crypto/fipsmodule/aes/aes.c +0 -1100
  1547. data/third_party/boringssl/crypto/fipsmodule/aes/internal.h +0 -100
  1548. data/third_party/boringssl/crypto/fipsmodule/aes/key_wrap.c +0 -138
  1549. data/third_party/boringssl/crypto/fipsmodule/aes/mode_wrappers.c +0 -112
  1550. data/third_party/boringssl/crypto/fipsmodule/bcm.c +0 -148
  1551. data/third_party/boringssl/crypto/fipsmodule/bn/bn.c +0 -428
  1552. data/third_party/boringssl/crypto/fipsmodule/bn/cmp.c +0 -200
  1553. data/third_party/boringssl/crypto/fipsmodule/bn/ctx.c +0 -303
  1554. data/third_party/boringssl/crypto/fipsmodule/bn/div.c +0 -895
  1555. data/third_party/boringssl/crypto/fipsmodule/bn/exponentiation.c +0 -1356
  1556. data/third_party/boringssl/crypto/fipsmodule/bn/gcd.c +0 -683
  1557. data/third_party/boringssl/crypto/fipsmodule/bn/internal.h +0 -573
  1558. data/third_party/boringssl/crypto/fipsmodule/bn/montgomery.c +0 -526
  1559. data/third_party/boringssl/crypto/fipsmodule/bn/montgomery_inv.c +0 -185
  1560. data/third_party/boringssl/crypto/fipsmodule/bn/mul.c +0 -876
  1561. data/third_party/boringssl/crypto/fipsmodule/bn/prime.c +0 -1154
  1562. data/third_party/boringssl/crypto/fipsmodule/bn/random.c +0 -351
  1563. data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.c +0 -231
  1564. data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.h +0 -33
  1565. data/third_party/boringssl/crypto/fipsmodule/bn/shift.c +0 -364
  1566. data/third_party/boringssl/crypto/fipsmodule/cipher/cipher.c +0 -615
  1567. data/third_party/boringssl/crypto/fipsmodule/cipher/e_aes.c +0 -1437
  1568. data/third_party/boringssl/crypto/fipsmodule/cipher/e_des.c +0 -233
  1569. data/third_party/boringssl/crypto/fipsmodule/cipher/internal.h +0 -129
  1570. data/third_party/boringssl/crypto/fipsmodule/delocate.h +0 -88
  1571. data/third_party/boringssl/crypto/fipsmodule/digest/digest.c +0 -256
  1572. data/third_party/boringssl/crypto/fipsmodule/digest/digests.c +0 -280
  1573. data/third_party/boringssl/crypto/fipsmodule/digest/md32_common.h +0 -268
  1574. data/third_party/boringssl/crypto/fipsmodule/ec/ec.c +0 -974
  1575. data/third_party/boringssl/crypto/fipsmodule/ec/ec_key.c +0 -453
  1576. data/third_party/boringssl/crypto/fipsmodule/ec/ec_montgomery.c +0 -270
  1577. data/third_party/boringssl/crypto/fipsmodule/ec/internal.h +0 -337
  1578. data/third_party/boringssl/crypto/fipsmodule/ec/oct.c +0 -373
  1579. data/third_party/boringssl/crypto/fipsmodule/ec/p224-64.c +0 -1104
  1580. data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64-table.h +0 -9503
  1581. data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.c +0 -447
  1582. data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.h +0 -117
  1583. data/third_party/boringssl/crypto/fipsmodule/ec/simple.c +0 -1046
  1584. data/third_party/boringssl/crypto/fipsmodule/ec/util.c +0 -104
  1585. data/third_party/boringssl/crypto/fipsmodule/ec/wnaf.c +0 -354
  1586. data/third_party/boringssl/crypto/fipsmodule/ecdsa/ecdsa.c +0 -458
  1587. data/third_party/boringssl/crypto/fipsmodule/is_fips.c +0 -27
  1588. data/third_party/boringssl/crypto/fipsmodule/md4/md4.c +0 -254
  1589. data/third_party/boringssl/crypto/fipsmodule/md5/md5.c +0 -298
  1590. data/third_party/boringssl/crypto/fipsmodule/modes/cbc.c +0 -211
  1591. data/third_party/boringssl/crypto/fipsmodule/modes/ccm.c +0 -256
  1592. data/third_party/boringssl/crypto/fipsmodule/modes/cfb.c +0 -234
  1593. data/third_party/boringssl/crypto/fipsmodule/modes/ctr.c +0 -220
  1594. data/third_party/boringssl/crypto/fipsmodule/modes/gcm.c +0 -1063
  1595. data/third_party/boringssl/crypto/fipsmodule/modes/internal.h +0 -388
  1596. data/third_party/boringssl/crypto/fipsmodule/modes/ofb.c +0 -95
  1597. data/third_party/boringssl/crypto/fipsmodule/rand/ctrdrbg.c +0 -202
  1598. data/third_party/boringssl/crypto/fipsmodule/rand/internal.h +0 -92
  1599. data/third_party/boringssl/crypto/fipsmodule/rand/rand.c +0 -358
  1600. data/third_party/boringssl/crypto/fipsmodule/rand/urandom.c +0 -302
  1601. data/third_party/boringssl/crypto/fipsmodule/rsa/blinding.c +0 -239
  1602. data/third_party/boringssl/crypto/fipsmodule/rsa/internal.h +0 -126
  1603. data/third_party/boringssl/crypto/fipsmodule/rsa/padding.c +0 -692
  1604. data/third_party/boringssl/crypto/fipsmodule/rsa/rsa.c +0 -875
  1605. data/third_party/boringssl/crypto/fipsmodule/rsa/rsa_impl.c +0 -1218
  1606. data/third_party/boringssl/crypto/fipsmodule/self_check/self_check.c +0 -581
  1607. data/third_party/boringssl/crypto/fipsmodule/sha/sha1.c +0 -375
  1608. data/third_party/boringssl/crypto/fipsmodule/sha/sha256.c +0 -337
  1609. data/third_party/boringssl/crypto/fipsmodule/sha/sha512.c +0 -608
  1610. data/third_party/boringssl/crypto/internal.h +0 -739
  1611. data/third_party/boringssl/crypto/lhash/lhash.c +0 -336
  1612. data/third_party/boringssl/crypto/mem.c +0 -235
  1613. data/third_party/boringssl/crypto/obj/obj.c +0 -554
  1614. data/third_party/boringssl/crypto/obj/obj_dat.h +0 -6244
  1615. data/third_party/boringssl/crypto/pem/pem_all.c +0 -262
  1616. data/third_party/boringssl/crypto/pem/pem_info.c +0 -379
  1617. data/third_party/boringssl/crypto/pem/pem_lib.c +0 -776
  1618. data/third_party/boringssl/crypto/pem/pem_oth.c +0 -88
  1619. data/third_party/boringssl/crypto/pem/pem_pk8.c +0 -258
  1620. data/third_party/boringssl/crypto/pem/pem_pkey.c +0 -227
  1621. data/third_party/boringssl/crypto/pkcs7/pkcs7.c +0 -166
  1622. data/third_party/boringssl/crypto/pkcs7/pkcs7_x509.c +0 -233
  1623. data/third_party/boringssl/crypto/pkcs8/internal.h +0 -120
  1624. data/third_party/boringssl/crypto/pkcs8/p5_pbev2.c +0 -307
  1625. data/third_party/boringssl/crypto/pkcs8/pkcs8.c +0 -513
  1626. data/third_party/boringssl/crypto/pkcs8/pkcs8_x509.c +0 -789
  1627. data/third_party/boringssl/crypto/poly1305/poly1305.c +0 -318
  1628. data/third_party/boringssl/crypto/poly1305/poly1305_arm.c +0 -304
  1629. data/third_party/boringssl/crypto/poly1305/poly1305_vec.c +0 -839
  1630. data/third_party/boringssl/crypto/pool/internal.h +0 -45
  1631. data/third_party/boringssl/crypto/pool/pool.c +0 -200
  1632. data/third_party/boringssl/crypto/rand_extra/deterministic.c +0 -48
  1633. data/third_party/boringssl/crypto/rand_extra/fuchsia.c +0 -43
  1634. data/third_party/boringssl/crypto/rand_extra/windows.c +0 -53
  1635. data/third_party/boringssl/crypto/refcount_lock.c +0 -53
  1636. data/third_party/boringssl/crypto/stack/stack.c +0 -380
  1637. data/third_party/boringssl/crypto/thread_none.c +0 -59
  1638. data/third_party/boringssl/crypto/thread_pthread.c +0 -206
  1639. data/third_party/boringssl/crypto/thread_win.c +0 -237
  1640. data/third_party/boringssl/crypto/x509/a_strex.c +0 -633
  1641. data/third_party/boringssl/crypto/x509/a_verify.c +0 -115
  1642. data/third_party/boringssl/crypto/x509/asn1_gen.c +0 -841
  1643. data/third_party/boringssl/crypto/x509/by_dir.c +0 -451
  1644. data/third_party/boringssl/crypto/x509/by_file.c +0 -274
  1645. data/third_party/boringssl/crypto/x509/t_crl.c +0 -128
  1646. data/third_party/boringssl/crypto/x509/t_req.c +0 -246
  1647. data/third_party/boringssl/crypto/x509/t_x509.c +0 -547
  1648. data/third_party/boringssl/crypto/x509/x509_cmp.c +0 -477
  1649. data/third_party/boringssl/crypto/x509/x509_def.c +0 -103
  1650. data/third_party/boringssl/crypto/x509/x509_lu.c +0 -725
  1651. data/third_party/boringssl/crypto/x509/x509_obj.c +0 -198
  1652. data/third_party/boringssl/crypto/x509/x509_r2x.c +0 -117
  1653. data/third_party/boringssl/crypto/x509/x509_req.c +0 -322
  1654. data/third_party/boringssl/crypto/x509/x509_set.c +0 -164
  1655. data/third_party/boringssl/crypto/x509/x509_trs.c +0 -326
  1656. data/third_party/boringssl/crypto/x509/x509_txt.c +0 -205
  1657. data/third_party/boringssl/crypto/x509/x509_vfy.c +0 -2476
  1658. data/third_party/boringssl/crypto/x509/x509_vpm.c +0 -670
  1659. data/third_party/boringssl/crypto/x509/x509cset.c +0 -170
  1660. data/third_party/boringssl/crypto/x509/x509name.c +0 -389
  1661. data/third_party/boringssl/crypto/x509/x_all.c +0 -501
  1662. data/third_party/boringssl/crypto/x509/x_x509.c +0 -328
  1663. data/third_party/boringssl/crypto/x509v3/ext_dat.h +0 -143
  1664. data/third_party/boringssl/crypto/x509v3/pcy_cache.c +0 -284
  1665. data/third_party/boringssl/crypto/x509v3/pcy_node.c +0 -188
  1666. data/third_party/boringssl/crypto/x509v3/pcy_tree.c +0 -840
  1667. data/third_party/boringssl/crypto/x509v3/v3_akey.c +0 -204
  1668. data/third_party/boringssl/crypto/x509v3/v3_alt.c +0 -623
  1669. data/third_party/boringssl/crypto/x509v3/v3_conf.c +0 -462
  1670. data/third_party/boringssl/crypto/x509v3/v3_cpols.c +0 -502
  1671. data/third_party/boringssl/crypto/x509v3/v3_enum.c +0 -100
  1672. data/third_party/boringssl/crypto/x509v3/v3_genn.c +0 -251
  1673. data/third_party/boringssl/crypto/x509v3/v3_info.c +0 -219
  1674. data/third_party/boringssl/crypto/x509v3/v3_lib.c +0 -370
  1675. data/third_party/boringssl/crypto/x509v3/v3_pci.c +0 -287
  1676. data/third_party/boringssl/crypto/x509v3/v3_purp.c +0 -866
  1677. data/third_party/boringssl/crypto/x509v3/v3_skey.c +0 -152
  1678. data/third_party/boringssl/crypto/x509v3/v3_utl.c +0 -1352
  1679. data/third_party/boringssl/include/openssl/aead.h +0 -433
  1680. data/third_party/boringssl/include/openssl/aes.h +0 -170
  1681. data/third_party/boringssl/include/openssl/asn1.h +0 -981
  1682. data/third_party/boringssl/include/openssl/base.h +0 -457
  1683. data/third_party/boringssl/include/openssl/base64.h +0 -187
  1684. data/third_party/boringssl/include/openssl/bio.h +0 -902
  1685. data/third_party/boringssl/include/openssl/blowfish.h +0 -93
  1686. data/third_party/boringssl/include/openssl/bn.h +0 -1019
  1687. data/third_party/boringssl/include/openssl/buf.h +0 -137
  1688. data/third_party/boringssl/include/openssl/bytestring.h +0 -505
  1689. data/third_party/boringssl/include/openssl/cast.h +0 -96
  1690. data/third_party/boringssl/include/openssl/cipher.h +0 -608
  1691. data/third_party/boringssl/include/openssl/cmac.h +0 -87
  1692. data/third_party/boringssl/include/openssl/conf.h +0 -183
  1693. data/third_party/boringssl/include/openssl/cpu.h +0 -196
  1694. data/third_party/boringssl/include/openssl/crypto.h +0 -122
  1695. data/third_party/boringssl/include/openssl/curve25519.h +0 -201
  1696. data/third_party/boringssl/include/openssl/dh.h +0 -298
  1697. data/third_party/boringssl/include/openssl/digest.h +0 -316
  1698. data/third_party/boringssl/include/openssl/dsa.h +0 -435
  1699. data/third_party/boringssl/include/openssl/ec.h +0 -413
  1700. data/third_party/boringssl/include/openssl/ec_key.h +0 -342
  1701. data/third_party/boringssl/include/openssl/ecdh.h +0 -101
  1702. data/third_party/boringssl/include/openssl/ecdsa.h +0 -199
  1703. data/third_party/boringssl/include/openssl/engine.h +0 -109
  1704. data/third_party/boringssl/include/openssl/err.h +0 -458
  1705. data/third_party/boringssl/include/openssl/evp.h +0 -873
  1706. data/third_party/boringssl/include/openssl/hmac.h +0 -186
  1707. data/third_party/boringssl/include/openssl/lhash.h +0 -174
  1708. data/third_party/boringssl/include/openssl/lhash_macros.h +0 -174
  1709. data/third_party/boringssl/include/openssl/md4.h +0 -106
  1710. data/third_party/boringssl/include/openssl/md5.h +0 -107
  1711. data/third_party/boringssl/include/openssl/mem.h +0 -156
  1712. data/third_party/boringssl/include/openssl/nid.h +0 -4242
  1713. data/third_party/boringssl/include/openssl/obj.h +0 -233
  1714. data/third_party/boringssl/include/openssl/pem.h +0 -397
  1715. data/third_party/boringssl/include/openssl/pkcs7.h +0 -82
  1716. data/third_party/boringssl/include/openssl/pkcs8.h +0 -230
  1717. data/third_party/boringssl/include/openssl/poly1305.h +0 -51
  1718. data/third_party/boringssl/include/openssl/pool.h +0 -91
  1719. data/third_party/boringssl/include/openssl/rand.h +0 -125
  1720. data/third_party/boringssl/include/openssl/ripemd.h +0 -107
  1721. data/third_party/boringssl/include/openssl/rsa.h +0 -756
  1722. data/third_party/boringssl/include/openssl/sha.h +0 -256
  1723. data/third_party/boringssl/include/openssl/span.h +0 -191
  1724. data/third_party/boringssl/include/openssl/ssl.h +0 -4740
  1725. data/third_party/boringssl/include/openssl/ssl3.h +0 -332
  1726. data/third_party/boringssl/include/openssl/stack.h +0 -485
  1727. data/third_party/boringssl/include/openssl/thread.h +0 -191
  1728. data/third_party/boringssl/include/openssl/tls1.h +0 -618
  1729. data/third_party/boringssl/include/openssl/type_check.h +0 -91
  1730. data/third_party/boringssl/include/openssl/x509.h +0 -1180
  1731. data/third_party/boringssl/include/openssl/x509_vfy.h +0 -614
  1732. data/third_party/boringssl/include/openssl/x509v3.h +0 -827
  1733. data/third_party/boringssl/ssl/custom_extensions.cc +0 -265
  1734. data/third_party/boringssl/ssl/d1_both.cc +0 -851
  1735. data/third_party/boringssl/ssl/d1_lib.cc +0 -267
  1736. data/third_party/boringssl/ssl/d1_pkt.cc +0 -274
  1737. data/third_party/boringssl/ssl/d1_srtp.cc +0 -232
  1738. data/third_party/boringssl/ssl/dtls_method.cc +0 -193
  1739. data/third_party/boringssl/ssl/dtls_record.cc +0 -353
  1740. data/third_party/boringssl/ssl/handoff.cc +0 -285
  1741. data/third_party/boringssl/ssl/handshake.cc +0 -630
  1742. data/third_party/boringssl/ssl/handshake_client.cc +0 -1842
  1743. data/third_party/boringssl/ssl/handshake_server.cc +0 -1674
  1744. data/third_party/boringssl/ssl/internal.h +0 -3064
  1745. data/third_party/boringssl/ssl/s3_both.cc +0 -585
  1746. data/third_party/boringssl/ssl/s3_lib.cc +0 -226
  1747. data/third_party/boringssl/ssl/s3_pkt.cc +0 -425
  1748. data/third_party/boringssl/ssl/ssl_aead_ctx.cc +0 -412
  1749. data/third_party/boringssl/ssl/ssl_asn1.cc +0 -844
  1750. data/third_party/boringssl/ssl/ssl_buffer.cc +0 -286
  1751. data/third_party/boringssl/ssl/ssl_cert.cc +0 -913
  1752. data/third_party/boringssl/ssl/ssl_cipher.cc +0 -1781
  1753. data/third_party/boringssl/ssl/ssl_file.cc +0 -583
  1754. data/third_party/boringssl/ssl/ssl_key_share.cc +0 -252
  1755. data/third_party/boringssl/ssl/ssl_lib.cc +0 -2719
  1756. data/third_party/boringssl/ssl/ssl_privkey.cc +0 -494
  1757. data/third_party/boringssl/ssl/ssl_session.cc +0 -1221
  1758. data/third_party/boringssl/ssl/ssl_stat.cc +0 -224
  1759. data/third_party/boringssl/ssl/ssl_transcript.cc +0 -398
  1760. data/third_party/boringssl/ssl/ssl_versions.cc +0 -399
  1761. data/third_party/boringssl/ssl/ssl_x509.cc +0 -1297
  1762. data/third_party/boringssl/ssl/t1_enc.cc +0 -452
  1763. data/third_party/boringssl/ssl/t1_lib.cc +0 -3783
  1764. data/third_party/boringssl/ssl/tls13_both.cc +0 -559
  1765. data/third_party/boringssl/ssl/tls13_client.cc +0 -891
  1766. data/third_party/boringssl/ssl/tls13_enc.cc +0 -493
  1767. data/third_party/boringssl/ssl/tls13_server.cc +0 -1022
  1768. data/third_party/boringssl/ssl/tls_method.cc +0 -274
  1769. data/third_party/boringssl/ssl/tls_record.cc +0 -703
  1770. data/third_party/boringssl/third_party/fiat/curve25519.c +0 -3230
  1771. data/third_party/boringssl/third_party/fiat/curve25519_tables.h +0 -7880
  1772. data/third_party/boringssl/third_party/fiat/internal.h +0 -154
  1773. data/third_party/boringssl/third_party/fiat/p256.c +0 -1824
  1774. data/third_party/nanopb/pb.h +0 -579
  1775. data/third_party/nanopb/pb_common.c +0 -97
  1776. data/third_party/nanopb/pb_common.h +0 -42
  1777. data/third_party/nanopb/pb_decode.c +0 -1347
  1778. data/third_party/nanopb/pb_decode.h +0 -149
  1779. data/third_party/nanopb/pb_encode.c +0 -696
  1780. data/third_party/nanopb/pb_encode.h +0 -154
data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc ADDED
@@ -0,0 +1,1890 @@
1
+ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2
+ * All rights reserved.
3
+ *
4
+ * This package is an SSL implementation written
5
+ * by Eric Young (eay@cryptsoft.com).
6
+ * The implementation was written so as to conform with Netscapes SSL.
7
+ *
8
+ * This library is free for commercial and non-commercial use as long as
9
+ * the following conditions are aheared to. The following conditions
10
+ * apply to all code found in this distribution, be it the RC4, RSA,
11
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12
+ * included with this distribution is covered by the same copyright terms
13
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14
+ *
15
+ * Copyright remains Eric Young's, and as such any Copyright notices in
16
+ * the code are not to be removed.
17
+ * If this package is used in a product, Eric Young should be given attribution
18
+ * as the author of the parts of the library used.
19
+ * This can be in the form of a textual message at program startup or
20
+ * in documentation (online or textual) provided with the package.
21
+ *
22
+ * Redistribution and use in source and binary forms, with or without
23
+ * modification, are permitted provided that the following conditions
24
+ * are met:
25
+ * 1. Redistributions of source code must retain the copyright
26
+ * notice, this list of conditions and the following disclaimer.
27
+ * 2. Redistributions in binary form must reproduce the above copyright
28
+ * notice, this list of conditions and the following disclaimer in the
29
+ * documentation and/or other materials provided with the distribution.
30
+ * 3. All advertising materials mentioning features or use of this software
31
+ * must display the following acknowledgement:
32
+ * "This product includes cryptographic software written by
33
+ * Eric Young (eay@cryptsoft.com)"
34
+ * The word 'cryptographic' can be left out if the rouines from the library
35
+ * being used are not cryptographic related :-).
36
+ * 4. If you include any Windows specific code (or a derivative thereof) from
37
+ * the apps directory (application code) you must include an acknowledgement:
38
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39
+ *
40
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50
+ * SUCH DAMAGE.
51
+ *
52
+ * The licence and distribution terms for any publically available version or
53
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
54
+ * copied and put under another distribution licence
55
+ * [including the GNU Public Licence.]
56
+ */
57
+ /* ====================================================================
58
+ * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
59
+ *
60
+ * Redistribution and use in source and binary forms, with or without
61
+ * modification, are permitted provided that the following conditions
62
+ * are met:
63
+ *
64
+ * 1. Redistributions of source code must retain the above copyright
65
+ * notice, this list of conditions and the following disclaimer.
66
+ *
67
+ * 2. Redistributions in binary form must reproduce the above copyright
68
+ * notice, this list of conditions and the following disclaimer in
69
+ * the documentation and/or other materials provided with the
70
+ * distribution.
71
+ *
72
+ * 3. All advertising materials mentioning features or use of this
73
+ * software must display the following acknowledgment:
74
+ * "This product includes software developed by the OpenSSL Project
75
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
76
+ *
77
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
78
+ * endorse or promote products derived from this software without
79
+ * prior written permission. For written permission, please contact
80
+ * openssl-core@openssl.org.
81
+ *
82
+ * 5. Products derived from this software may not be called "OpenSSL"
83
+ * nor may "OpenSSL" appear in their names without prior written
84
+ * permission of the OpenSSL Project.
85
+ *
86
+ * 6. Redistributions of any form whatsoever must retain the following
87
+ * acknowledgment:
88
+ * "This product includes software developed by the OpenSSL Project
89
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
90
+ *
91
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
92
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
93
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
94
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
95
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
96
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
97
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
98
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
99
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
100
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
101
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
102
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
103
+ * ====================================================================
104
+ *
105
+ * This product includes cryptographic software written by Eric Young
106
+ * (eay@cryptsoft.com). This product includes software written by Tim
107
+ * Hudson (tjh@cryptsoft.com).
108
+ *
109
+ */
110
+ /* ====================================================================
111
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
112
+ *
113
+ * Portions of the attached software ("Contribution") are developed by
114
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
115
+ *
116
+ * The Contribution is licensed pursuant to the OpenSSL open source
117
+ * license provided above.
118
+ *
119
+ * ECC cipher suite support in OpenSSL originally written by
120
+ * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
121
+ *
122
+ */
123
+ /* ====================================================================
124
+ * Copyright 2005 Nokia. All rights reserved.
125
+ *
126
+ * The portions of the attached software ("Contribution") is developed by
127
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
128
+ * license.
129
+ *
130
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
131
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
132
+ * support (see RFC 4279) to OpenSSL.
133
+ *
134
+ * No patent licenses or other rights except those expressly stated in
135
+ * the OpenSSL open source license shall be deemed granted or received
136
+ * expressly, by implication, estoppel, or otherwise.
137
+ *
138
+ * No assurances are provided by Nokia that the Contribution does not
139
+ * infringe the patent or other intellectual property rights of any third
140
+ * party or that the license provides you with all the necessary rights
141
+ * to make use of the Contribution.
142
+ *
143
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
144
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
145
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
146
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
147
+ * OTHERWISE.
148
+ */
149
+
150
+ #include <openssl/ssl.h>
151
+
152
+ #include <assert.h>
153
+ #include <limits.h>
154
+ #include <string.h>
155
+
156
+ #include <utility>
157
+
158
+ #include <openssl/aead.h>
159
+ #include <openssl/bn.h>
160
+ #include <openssl/bytestring.h>
161
+ #include <openssl/ec_key.h>
162
+ #include <openssl/ecdsa.h>
163
+ #include <openssl/err.h>
164
+ #include <openssl/evp.h>
165
+ #include <openssl/md5.h>
166
+ #include <openssl/mem.h>
167
+ #include <openssl/rand.h>
168
+ #include <openssl/sha.h>
169
+
170
+ #include "../crypto/internal.h"
171
+ #include "internal.h"
172
+
173
+
174
+ BSSL_NAMESPACE_BEGIN
175
+
176
+ enum ssl_client_hs_state_t {
177
+ state_start_connect = 0,
178
+ state_enter_early_data,
179
+ state_early_reverify_server_certificate,
180
+ state_read_hello_verify_request,
181
+ state_read_server_hello,
182
+ state_tls13,
183
+ state_read_server_certificate,
184
+ state_read_certificate_status,
185
+ state_verify_server_certificate,
186
+ state_reverify_server_certificate,
187
+ state_read_server_key_exchange,
188
+ state_read_certificate_request,
189
+ state_read_server_hello_done,
190
+ state_send_client_certificate,
191
+ state_send_client_key_exchange,
192
+ state_send_client_certificate_verify,
193
+ state_send_client_finished,
194
+ state_finish_flight,
195
+ state_read_session_ticket,
196
+ state_process_change_cipher_spec,
197
+ state_read_server_finished,
198
+ state_finish_client_handshake,
199
+ state_done,
200
+ };
201
+
202
+ // ssl_get_client_disabled sets |*out_mask_a| and |*out_mask_k| to masks of
203
+ // disabled algorithms.
204
+ static void ssl_get_client_disabled(SSL_HANDSHAKE *hs, uint32_t *out_mask_a,
205
+ uint32_t *out_mask_k) {
206
+ *out_mask_a = 0;
207
+ *out_mask_k = 0;
208
+
209
+ // PSK requires a client callback.
210
+ if (hs->config->psk_client_callback == NULL) {
211
+ *out_mask_a |= SSL_aPSK;
212
+ *out_mask_k |= SSL_kPSK;
213
+ }
214
+ }
215
+
216
+ static bool ssl_write_client_cipher_list(SSL_HANDSHAKE *hs, CBB *out) {
217
+ SSL *const ssl = hs->ssl;
218
+ uint32_t mask_a, mask_k;
219
+ ssl_get_client_disabled(hs, &mask_a, &mask_k);
220
+
221
+ CBB child;
222
+ if (!CBB_add_u16_length_prefixed(out, &child)) {
223
+ return false;
224
+ }
225
+
226
+ // Add a fake cipher suite. See draft-davidben-tls-grease-01.
227
+ if (ssl->ctx->grease_enabled &&
228
+ !CBB_add_u16(&child, ssl_get_grease_value(hs, ssl_grease_cipher))) {
229
+ return false;
230
+ }
231
+
232
+ // Add TLS 1.3 ciphers. Order ChaCha20-Poly1305 relative to AES-GCM based on
233
+ // hardware support.
234
+ if (hs->max_version >= TLS1_3_VERSION) {
235
+ if (!EVP_has_aes_hardware() &&
236
+ !CBB_add_u16(&child, TLS1_CK_CHACHA20_POLY1305_SHA256 & 0xffff)) {
237
+ return false;
238
+ }
239
+ if (!CBB_add_u16(&child, TLS1_CK_AES_128_GCM_SHA256 & 0xffff) ||
240
+ !CBB_add_u16(&child, TLS1_CK_AES_256_GCM_SHA384 & 0xffff)) {
241
+ return false;
242
+ }
243
+ if (EVP_has_aes_hardware() &&
244
+ !CBB_add_u16(&child, TLS1_CK_CHACHA20_POLY1305_SHA256 & 0xffff)) {
245
+ return false;
246
+ }
247
+ }
248
+
249
+ if (hs->min_version < TLS1_3_VERSION) {
250
+ bool any_enabled = false;
251
+ for (const SSL_CIPHER *cipher : SSL_get_ciphers(ssl)) {
252
+ // Skip disabled ciphers
253
+ if ((cipher->algorithm_mkey & mask_k) ||
254
+ (cipher->algorithm_auth & mask_a)) {
255
+ continue;
256
+ }
257
+ if (SSL_CIPHER_get_min_version(cipher) > hs->max_version ||
258
+ SSL_CIPHER_get_max_version(cipher) < hs->min_version) {
259
+ continue;
260
+ }
261
+ any_enabled = true;
262
+ if (!CBB_add_u16(&child, ssl_cipher_get_value(cipher))) {
263
+ return false;
264
+ }
265
+ }
266
+
267
+ // If all ciphers were disabled, return the error to the caller.
268
+ if (!any_enabled && hs->max_version < TLS1_3_VERSION) {
269
+ OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CIPHERS_AVAILABLE);
270
+ return false;
271
+ }
272
+ }
273
+
274
+ if (ssl->mode & SSL_MODE_SEND_FALLBACK_SCSV) {
275
+ if (!CBB_add_u16(&child, SSL3_CK_FALLBACK_SCSV & 0xffff)) {
276
+ return false;
277
+ }
278
+ }
279
+
280
+ return CBB_flush(out);
281
+ }
282
+
283
+ bool ssl_write_client_hello(SSL_HANDSHAKE *hs) {
284
+ SSL *const ssl = hs->ssl;
285
+ ScopedCBB cbb;
286
+ CBB body;
287
+ if (!ssl->method->init_message(ssl, cbb.get(), &body, SSL3_MT_CLIENT_HELLO)) {
288
+ return false;
289
+ }
290
+
291
+ CBB child;
292
+ if (!CBB_add_u16(&body, hs->client_version) ||
293
+ !CBB_add_bytes(&body, ssl->s3->client_random, SSL3_RANDOM_SIZE) ||
294
+ !CBB_add_u8_length_prefixed(&body, &child)) {
295
+ return false;
296
+ }
297
+
298
+ // Do not send a session ID on renegotiation.
299
+ if (!ssl->s3->initial_handshake_complete &&
300
+ !CBB_add_bytes(&child, hs->session_id, hs->session_id_len)) {
301
+ return false;
302
+ }
303
+
304
+ if (SSL_is_dtls(ssl)) {
305
+ if (!CBB_add_u8_length_prefixed(&body, &child) ||
306
+ !CBB_add_bytes(&child, ssl->d1->cookie, ssl->d1->cookie_len)) {
307
+ return false;
308
+ }
309
+ }
310
+
311
+ size_t header_len =
312
+ SSL_is_dtls(ssl) ? DTLS1_HM_HEADER_LENGTH : SSL3_HM_HEADER_LENGTH;
313
+ if (!ssl_write_client_cipher_list(hs, &body) ||
314
+ !CBB_add_u8(&body, 1 /* one compression method */) ||
315
+ !CBB_add_u8(&body, 0 /* null compression */) ||
316
+ !ssl_add_clienthello_tlsext(hs, &body, header_len + CBB_len(&body))) {
317
+ return false;
318
+ }
319
+
320
+ Array<uint8_t> msg;
321
+ if (!ssl->method->finish_message(ssl, cbb.get(), &msg)) {
322
+ return false;
323
+ }
324
+
325
+ // Now that the length prefixes have been computed, fill in the placeholder
326
+ // PSK binder.
327
+ if (hs->needs_psk_binder &&
328
+ !tls13_write_psk_binder(hs, MakeSpan(msg))) {
329
+ return false;
330
+ }
331
+
332
+ return ssl->method->add_message(ssl, std::move(msg));
333
+ }
334
+
335
+ static bool parse_supported_versions(SSL_HANDSHAKE *hs, uint16_t *version,
336
+ const CBS *in) {
337
+ // If the outer version is not TLS 1.2, or there is no extensions block, use
338
+ // the outer version.
339
+ if (*version != TLS1_2_VERSION || CBS_len(in) == 0) {
340
+ return true;
341
+ }
342
+
343
+ SSL *const ssl = hs->ssl;
344
+ CBS copy = *in, extensions;
345
+ if (!CBS_get_u16_length_prefixed(&copy, &extensions) ||
346
+ CBS_len(&copy) != 0) {
347
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
348
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
349
+ return false;
350
+ }
351
+
352
+ bool have_supported_versions;
353
+ CBS supported_versions;
354
+ const SSL_EXTENSION_TYPE ext_types[] = {
355
+ {TLSEXT_TYPE_supported_versions, &have_supported_versions,
356
+ &supported_versions},
357
+ };
358
+
359
+ uint8_t alert = SSL_AD_DECODE_ERROR;
360
+ if (!ssl_parse_extensions(&extensions, &alert, ext_types,
361
+ OPENSSL_ARRAY_SIZE(ext_types),
362
+ 1 /* ignore unknown */)) {
363
+ ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
364
+ return false;
365
+ }
366
+
367
+ // Override the outer version with the extension, if present.
368
+ if (have_supported_versions &&
369
+ (!CBS_get_u16(&supported_versions, version) ||
370
+ CBS_len(&supported_versions) != 0)) {
371
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
372
+ return false;
373
+ }
374
+
375
+ return true;
376
+ }
377
+
378
+ static enum ssl_hs_wait_t do_start_connect(SSL_HANDSHAKE *hs) {
379
+ SSL *const ssl = hs->ssl;
380
+
381
+ ssl_do_info_callback(ssl, SSL_CB_HANDSHAKE_START, 1);
382
+ // |session_reused| must be reset in case this is a renegotiation.
383
+ ssl->s3->session_reused = false;
384
+
385
+ // Freeze the version range.
386
+ if (!ssl_get_version_range(hs, &hs->min_version, &hs->max_version)) {
387
+ return ssl_hs_error;
388
+ }
389
+
390
+ // Always advertise the ClientHello version from the original maximum version,
391
+ // even on renegotiation. The static RSA key exchange uses this field, and
392
+ // some servers fail when it changes across handshakes.
393
+ if (SSL_is_dtls(hs->ssl)) {
394
+ hs->client_version =
395
+ hs->max_version >= TLS1_2_VERSION ? DTLS1_2_VERSION : DTLS1_VERSION;
396
+ } else {
397
+ hs->client_version =
398
+ hs->max_version >= TLS1_2_VERSION ? TLS1_2_VERSION : hs->max_version;
399
+ }
400
+
401
+ // If the configured session has expired or was created at a disabled
402
+ // version, drop it.
403
+ if (ssl->session != NULL) {
404
+ if (ssl->session->is_server ||
405
+ !ssl_supports_version(hs, ssl->session->ssl_version) ||
406
+ (ssl->session->session_id_length == 0 &&
407
+ ssl->session->ticket.empty()) ||
408
+ ssl->session->not_resumable ||
409
+ !ssl_session_is_time_valid(ssl, ssl->session.get()) ||
410
+ (ssl->quic_method != nullptr) != ssl->session->is_quic) {
411
+ ssl_set_session(ssl, NULL);
412
+ }
413
+ }
414
+
415
+ if (!RAND_bytes(ssl->s3->client_random, sizeof(ssl->s3->client_random))) {
416
+ return ssl_hs_error;
417
+ }
418
+
419
+ // Never send a session ID in QUIC. QUIC uses TLS 1.3 at a minimum and
420
+ // disables TLS 1.3 middlebox compatibility mode.
421
+ if (ssl->quic_method == nullptr) {
422
+ if (ssl->session != nullptr && !ssl->s3->initial_handshake_complete &&
423
+ ssl->session->session_id_length > 0) {
424
+ hs->session_id_len = ssl->session->session_id_length;
425
+ OPENSSL_memcpy(hs->session_id, ssl->session->session_id,
426
+ hs->session_id_len);
427
+ } else if (hs->max_version >= TLS1_3_VERSION) {
428
+ // Initialize a random session ID.
429
+ hs->session_id_len = sizeof(hs->session_id);
430
+ if (!RAND_bytes(hs->session_id, hs->session_id_len)) {
431
+ return ssl_hs_error;
432
+ }
433
+ }
434
+ }
435
+
436
+ if (!ssl_write_client_hello(hs)) {
437
+ return ssl_hs_error;
438
+ }
439
+
440
+ hs->state = state_enter_early_data;
441
+ return ssl_hs_flush;
442
+ }
443
+
444
+ static enum ssl_hs_wait_t do_enter_early_data(SSL_HANDSHAKE *hs) {
445
+ SSL *const ssl = hs->ssl;
446
+
447
+ if (SSL_is_dtls(ssl)) {
448
+ hs->state = state_read_hello_verify_request;
449
+ return ssl_hs_ok;
450
+ }
451
+
452
+ if (!hs->early_data_offered) {
453
+ hs->state = state_read_server_hello;
454
+ return ssl_hs_ok;
455
+ }
456
+
457
+ ssl->s3->aead_write_ctx->SetVersionIfNullCipher(ssl->session->ssl_version);
458
+ if (!ssl->method->add_change_cipher_spec(ssl)) {
459
+ return ssl_hs_error;
460
+ }
461
+
462
+ if (!tls13_init_early_key_schedule(
463
+ hs, MakeConstSpan(ssl->session->master_key,
464
+ ssl->session->master_key_length)) ||
465
+ !tls13_derive_early_secret(hs)) {
466
+ return ssl_hs_error;
467
+ }
468
+
469
+ // Stash the early data session, so connection properties may be queried out
470
+ // of it.
471
+ hs->early_session = UpRef(ssl->session);
472
+ hs->state = state_early_reverify_server_certificate;
473
+ return ssl_hs_ok;
474
+ }
475
+
476
+ static enum ssl_hs_wait_t do_early_reverify_server_certificate(SSL_HANDSHAKE *hs) {
477
+ if (hs->ssl->ctx->reverify_on_resume) {
478
+ // Don't send an alert on error. The alert be in early data, which the
479
+ // server may not accept anyway. It would also be a mismatch between QUIC
480
+ // and TCP because the QUIC early keys are deferred below.
481
+ //
482
+ // TODO(davidben): The client behavior should be to verify the certificate
483
+ // before deciding whether to offer the session and, if invalid, decline to
484
+ // send the session.
485
+ switch (ssl_reverify_peer_cert(hs, /*send_alert=*/false)) {
486
+ case ssl_verify_ok:
487
+ break;
488
+ case ssl_verify_invalid:
489
+ return ssl_hs_error;
490
+ case ssl_verify_retry:
491
+ hs->state = state_early_reverify_server_certificate;
492
+ return ssl_hs_certificate_verify;
493
+ }
494
+ }
495
+
496
+ // Defer releasing the 0-RTT key to after certificate reverification, so the
497
+ // QUIC implementation does not accidentally write data too early.
498
+ if (!tls13_set_traffic_key(hs->ssl, ssl_encryption_early_data, evp_aead_seal,
499
+ hs->early_session.get(),
500
+ hs->early_traffic_secret())) {
501
+ return ssl_hs_error;
502
+ }
503
+
504
+ hs->in_early_data = true;
505
+ hs->can_early_write = true;
506
+ hs->state = state_read_server_hello;
507
+ return ssl_hs_early_return;
508
+ }
509
+
510
+ static enum ssl_hs_wait_t do_read_hello_verify_request(SSL_HANDSHAKE *hs) {
511
+ SSL *const ssl = hs->ssl;
512
+
513
+ assert(SSL_is_dtls(ssl));
514
+
515
+ SSLMessage msg;
516
+ if (!ssl->method->get_message(ssl, &msg)) {
517
+ return ssl_hs_read_message;
518
+ }
519
+
520
+ if (msg.type != DTLS1_MT_HELLO_VERIFY_REQUEST) {
521
+ hs->state = state_read_server_hello;
522
+ return ssl_hs_ok;
523
+ }
524
+
525
+ CBS hello_verify_request = msg.body, cookie;
526
+ uint16_t server_version;
527
+ if (!CBS_get_u16(&hello_verify_request, &server_version) ||
528
+ !CBS_get_u8_length_prefixed(&hello_verify_request, &cookie) ||
529
+ CBS_len(&cookie) > sizeof(ssl->d1->cookie) ||
530
+ CBS_len(&hello_verify_request) != 0) {
531
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
532
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
533
+ return ssl_hs_error;
534
+ }
535
+
536
+ OPENSSL_memcpy(ssl->d1->cookie, CBS_data(&cookie), CBS_len(&cookie));
537
+ ssl->d1->cookie_len = CBS_len(&cookie);
538
+
539
+ ssl->method->next_message(ssl);
540
+
541
+ // DTLS resets the handshake buffer after HelloVerifyRequest.
542
+ if (!hs->transcript.Init()) {
543
+ return ssl_hs_error;
544
+ }
545
+
546
+ if (!ssl_write_client_hello(hs)) {
547
+ return ssl_hs_error;
548
+ }
549
+
550
+ hs->state = state_read_server_hello;
551
+ return ssl_hs_flush;
552
+ }
553
+
554
+ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
555
+ SSL *const ssl = hs->ssl;
556
+ SSLMessage msg;
557
+ if (!ssl->method->get_message(ssl, &msg)) {
558
+ return ssl_hs_read_server_hello;
559
+ }
560
+
561
+ if (!ssl_check_message_type(ssl, msg, SSL3_MT_SERVER_HELLO)) {
562
+ return ssl_hs_error;
563
+ }
564
+
565
+ CBS server_hello = msg.body, server_random, session_id;
566
+ uint16_t server_version, cipher_suite;
567
+ uint8_t compression_method;
568
+ if (!CBS_get_u16(&server_hello, &server_version) ||
569
+ !CBS_get_bytes(&server_hello, &server_random, SSL3_RANDOM_SIZE) ||
570
+ !CBS_get_u8_length_prefixed(&server_hello, &session_id) ||
571
+ CBS_len(&session_id) > SSL3_SESSION_ID_SIZE ||
572
+ !CBS_get_u16(&server_hello, &cipher_suite) ||
573
+ !CBS_get_u8(&server_hello, &compression_method)) {
574
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
575
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
576
+ return ssl_hs_error;
577
+ }
578
+
579
+ // Use the supported_versions extension if applicable.
580
+ if (!parse_supported_versions(hs, &server_version, &server_hello)) {
581
+ return ssl_hs_error;
582
+ }
583
+
584
+ if (!ssl_supports_version(hs, server_version)) {
585
+ OPENSSL_PUT_ERROR(SSL, SSL_R_UNSUPPORTED_PROTOCOL);
586
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_PROTOCOL_VERSION);
587
+ return ssl_hs_error;
588
+ }
589
+
590
+ assert(ssl->s3->have_version == ssl->s3->initial_handshake_complete);
591
+ if (!ssl->s3->have_version) {
592
+ ssl->version = server_version;
593
+ // At this point, the connection's version is known and ssl->version is
594
+ // fixed. Begin enforcing the record-layer version.
595
+ ssl->s3->have_version = true;
596
+ ssl->s3->aead_write_ctx->SetVersionIfNullCipher(ssl->version);
597
+ } else if (server_version != ssl->version) {
598
+ OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_SSL_VERSION);
599
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_PROTOCOL_VERSION);
600
+ return ssl_hs_error;
601
+ }
602
+
603
+ if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
604
+ hs->state = state_tls13;
605
+ return ssl_hs_ok;
606
+ }
607
+
608
+ // Clear some TLS 1.3 state that no longer needs to be retained.
609
+ hs->key_shares[0].reset();
610
+ hs->key_shares[1].reset();
611
+ hs->key_share_bytes.Reset();
612
+
613
+ // A TLS 1.2 server would not know to skip the early data we offered. Report
614
+ // an error code sooner. The caller may use this error code to implement the
615
+ // fallback described in RFC 8446 appendix D.3.
616
+ if (hs->early_data_offered) {
617
+ OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_VERSION_ON_EARLY_DATA);
618
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_PROTOCOL_VERSION);
619
+ return ssl_hs_error;
620
+ }
621
+
622
+ // Copy over the server random.
623
+ OPENSSL_memcpy(ssl->s3->server_random, CBS_data(&server_random),
624
+ SSL3_RANDOM_SIZE);
625
+
626
+ // Enforce the TLS 1.3 anti-downgrade feature.
627
+ if (!ssl->s3->initial_handshake_complete &&
628
+ ssl_supports_version(hs, TLS1_3_VERSION)) {
629
+ static_assert(
630
+ sizeof(kTLS12DowngradeRandom) == sizeof(kTLS13DowngradeRandom),
631
+ "downgrade signals have different size");
632
+ static_assert(
633
+ sizeof(kJDK11DowngradeRandom) == sizeof(kTLS13DowngradeRandom),
634
+ "downgrade signals have different size");
635
+ auto suffix =
636
+ MakeConstSpan(ssl->s3->server_random, sizeof(ssl->s3->server_random))
637
+ .subspan(SSL3_RANDOM_SIZE - sizeof(kTLS13DowngradeRandom));
638
+ if (suffix == kTLS12DowngradeRandom || suffix == kTLS13DowngradeRandom ||
639
+ suffix == kJDK11DowngradeRandom) {
640
+ ssl->s3->tls13_downgrade = true;
641
+ if (!hs->config->ignore_tls13_downgrade) {
642
+ OPENSSL_PUT_ERROR(SSL, SSL_R_TLS13_DOWNGRADE);
643
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
644
+ return ssl_hs_error;
645
+ }
646
+ }
647
+ }
648
+
649
+ if (!ssl->s3->initial_handshake_complete && ssl->session != nullptr &&
650
+ ssl->session->session_id_length != 0 &&
651
+ CBS_mem_equal(&session_id, ssl->session->session_id,
652
+ ssl->session->session_id_length)) {
653
+ ssl->s3->session_reused = true;
654
+ } else {
655
+ // The server may also have echoed back the TLS 1.3 compatibility mode
656
+ // session ID. As we know this is not a session the server knows about, any
657
+ // server resuming it is in error. Reject the first connection
658
+ // deterministicly, rather than installing an invalid session into the
659
+ // session cache. https://crbug.com/796910
660
+ if (hs->session_id_len != 0 &&
661
+ CBS_mem_equal(&session_id, hs->session_id, hs->session_id_len)) {
662
+ OPENSSL_PUT_ERROR(SSL, SSL_R_SERVER_ECHOED_INVALID_SESSION_ID);
663
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
664
+ return ssl_hs_error;
665
+ }
666
+
667
+ // The session wasn't resumed. Create a fresh SSL_SESSION to
668
+ // fill out.
669
+ ssl_set_session(ssl, NULL);
670
+ if (!ssl_get_new_session(hs, 0 /* client */)) {
671
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
672
+ return ssl_hs_error;
673
+ }
674
+ // Note: session_id could be empty.
675
+ hs->new_session->session_id_length = CBS_len(&session_id);
676
+ OPENSSL_memcpy(hs->new_session->session_id, CBS_data(&session_id),
677
+ CBS_len(&session_id));
678
+ }
679
+
680
+ const SSL_CIPHER *cipher = SSL_get_cipher_by_value(cipher_suite);
681
+ if (cipher == NULL) {
682
+ // unknown cipher
683
+ OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_CIPHER_RETURNED);
684
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
685
+ return ssl_hs_error;
686
+ }
687
+
688
+ // The cipher must be allowed in the selected version and enabled.
689
+ uint32_t mask_a, mask_k;
690
+ ssl_get_client_disabled(hs, &mask_a, &mask_k);
691
+ if ((cipher->algorithm_mkey & mask_k) || (cipher->algorithm_auth & mask_a) ||
692
+ SSL_CIPHER_get_min_version(cipher) > ssl_protocol_version(ssl) ||
693
+ SSL_CIPHER_get_max_version(cipher) < ssl_protocol_version(ssl) ||
694
+ !sk_SSL_CIPHER_find(SSL_get_ciphers(ssl), NULL, cipher)) {
695
+ OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CIPHER_RETURNED);
696
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
697
+ return ssl_hs_error;
698
+ }
699
+
700
+ if (ssl->session != NULL) {
701
+ if (ssl->session->ssl_version != ssl->version) {
702
+ OPENSSL_PUT_ERROR(SSL, SSL_R_OLD_SESSION_VERSION_NOT_RETURNED);
703
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
704
+ return ssl_hs_error;
705
+ }
706
+ if (ssl->session->cipher != cipher) {
707
+ OPENSSL_PUT_ERROR(SSL, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
708
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
709
+ return ssl_hs_error;
710
+ }
711
+ if (!ssl_session_is_context_valid(hs, ssl->session.get())) {
712
+ // This is actually a client application bug.
713
+ OPENSSL_PUT_ERROR(SSL,
714
+ SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
715
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
716
+ return ssl_hs_error;
717
+ }
718
+ } else {
719
+ hs->new_session->cipher = cipher;
720
+ }
721
+ hs->new_cipher = cipher;
722
+
723
+ // Now that the cipher is known, initialize the handshake hash and hash the
724
+ // ServerHello.
725
+ if (!hs->transcript.InitHash(ssl_protocol_version(ssl), hs->new_cipher) ||
726
+ !ssl_hash_message(hs, msg)) {
727
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
728
+ return ssl_hs_error;
729
+ }
730
+
731
+ // If doing a full handshake, the server may request a client certificate
732
+ // which requires hashing the handshake transcript. Otherwise, the handshake
733
+ // buffer may be released.
734
+ if (ssl->session != NULL ||
735
+ !ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
736
+ hs->transcript.FreeBuffer();
737
+ }
738
+
739
+ // Only the NULL compression algorithm is supported.
740
+ if (compression_method != 0) {
741
+ OPENSSL_PUT_ERROR(SSL, SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
742
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
743
+ return ssl_hs_error;
744
+ }
745
+
746
+ // TLS extensions
747
+ if (!ssl_parse_serverhello_tlsext(hs, &server_hello)) {
748
+ OPENSSL_PUT_ERROR(SSL, SSL_R_PARSE_TLSEXT);
749
+ return ssl_hs_error;
750
+ }
751
+
752
+ // There should be nothing left over in the record.
753
+ if (CBS_len(&server_hello) != 0) {
754
+ // wrong packet length
755
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
756
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
757
+ return ssl_hs_error;
758
+ }
759
+
760
+ if (ssl->session != NULL &&
761
+ hs->extended_master_secret != ssl->session->extended_master_secret) {
762
+ if (ssl->session->extended_master_secret) {
763
+ OPENSSL_PUT_ERROR(SSL, SSL_R_RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION);
764
+ } else {
765
+ OPENSSL_PUT_ERROR(SSL, SSL_R_RESUMED_NON_EMS_SESSION_WITH_EMS_EXTENSION);
766
+ }
767
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
768
+ return ssl_hs_error;
769
+ }
770
+
771
+ if (ssl->s3->token_binding_negotiated &&
772
+ (!hs->extended_master_secret || !ssl->s3->send_connection_binding)) {
773
+ OPENSSL_PUT_ERROR(SSL, SSL_R_NEGOTIATED_TB_WITHOUT_EMS_OR_RI);
774
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNSUPPORTED_EXTENSION);
775
+ return ssl_hs_error;
776
+ }
777
+
778
+ ssl->method->next_message(ssl);
779
+
780
+ if (ssl->session != NULL) {
781
+ if (ssl->ctx->reverify_on_resume &&
782
+ ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
783
+ hs->state = state_reverify_server_certificate;
784
+ } else {
785
+ hs->state = state_read_session_ticket;
786
+ }
787
+ return ssl_hs_ok;
788
+ }
789
+
790
+ hs->state = state_read_server_certificate;
791
+ return ssl_hs_ok;
792
+ }
793
+
794
+ static enum ssl_hs_wait_t do_tls13(SSL_HANDSHAKE *hs) {
795
+ enum ssl_hs_wait_t wait = tls13_client_handshake(hs);
796
+ if (wait == ssl_hs_ok) {
797
+ hs->state = state_finish_client_handshake;
798
+ return ssl_hs_ok;
799
+ }
800
+
801
+ return wait;
802
+ }
803
+
804
+ static enum ssl_hs_wait_t do_read_server_certificate(SSL_HANDSHAKE *hs) {
805
+ SSL *const ssl = hs->ssl;
806
+
807
+ if (!ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
808
+ hs->state = state_read_certificate_status;
809
+ return ssl_hs_ok;
810
+ }
811
+
812
+ SSLMessage msg;
813
+ if (!ssl->method->get_message(ssl, &msg)) {
814
+ return ssl_hs_read_message;
815
+ }
816
+
817
+ if (!ssl_check_message_type(ssl, msg, SSL3_MT_CERTIFICATE) ||
818
+ !ssl_hash_message(hs, msg)) {
819
+ return ssl_hs_error;
820
+ }
821
+
822
+ CBS body = msg.body;
823
+ uint8_t alert = SSL_AD_DECODE_ERROR;
824
+ if (!ssl_parse_cert_chain(&alert, &hs->new_session->certs, &hs->peer_pubkey,
825
+ NULL, &body, ssl->ctx->pool)) {
826
+ ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
827
+ return ssl_hs_error;
828
+ }
829
+
830
+ if (sk_CRYPTO_BUFFER_num(hs->new_session->certs.get()) == 0 ||
831
+ CBS_len(&body) != 0 ||
832
+ !ssl->ctx->x509_method->session_cache_objects(hs->new_session.get())) {
833
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
834
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
835
+ return ssl_hs_error;
836
+ }
837
+
838
+ if (!ssl_check_leaf_certificate(
839
+ hs, hs->peer_pubkey.get(),
840
+ sk_CRYPTO_BUFFER_value(hs->new_session->certs.get(), 0))) {
841
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
842
+ return ssl_hs_error;
843
+ }
844
+
845
+ ssl->method->next_message(ssl);
846
+
847
+ hs->state = state_read_certificate_status;
848
+ return ssl_hs_ok;
849
+ }
850
+
851
+ static enum ssl_hs_wait_t do_read_certificate_status(SSL_HANDSHAKE *hs) {
852
+ SSL *const ssl = hs->ssl;
853
+
854
+ if (!hs->certificate_status_expected) {
855
+ hs->state = state_verify_server_certificate;
856
+ return ssl_hs_ok;
857
+ }
858
+
859
+ SSLMessage msg;
860
+ if (!ssl->method->get_message(ssl, &msg)) {
861
+ return ssl_hs_read_message;
862
+ }
863
+
864
+ if (msg.type != SSL3_MT_CERTIFICATE_STATUS) {
865
+ // A server may send status_request in ServerHello and then change its mind
866
+ // about sending CertificateStatus.
867
+ hs->state = state_verify_server_certificate;
868
+ return ssl_hs_ok;
869
+ }
870
+
871
+ if (!ssl_hash_message(hs, msg)) {
872
+ return ssl_hs_error;
873
+ }
874
+
875
+ CBS certificate_status = msg.body, ocsp_response;
876
+ uint8_t status_type;
877
+ if (!CBS_get_u8(&certificate_status, &status_type) ||
878
+ status_type != TLSEXT_STATUSTYPE_ocsp ||
879
+ !CBS_get_u24_length_prefixed(&certificate_status, &ocsp_response) ||
880
+ CBS_len(&ocsp_response) == 0 ||
881
+ CBS_len(&certificate_status) != 0) {
882
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
883
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
884
+ return ssl_hs_error;
885
+ }
886
+
887
+ hs->new_session->ocsp_response.reset(
888
+ CRYPTO_BUFFER_new_from_CBS(&ocsp_response, ssl->ctx->pool));
889
+ if (hs->new_session->ocsp_response == nullptr) {
890
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
891
+ return ssl_hs_error;
892
+ }
893
+
894
+ ssl->method->next_message(ssl);
895
+
896
+ hs->state = state_verify_server_certificate;
897
+ return ssl_hs_ok;
898
+ }
899
+
900
+ static enum ssl_hs_wait_t do_verify_server_certificate(SSL_HANDSHAKE *hs) {
901
+ if (!ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
902
+ hs->state = state_read_server_key_exchange;
903
+ return ssl_hs_ok;
904
+ }
905
+
906
+ switch (ssl_verify_peer_cert(hs)) {
907
+ case ssl_verify_ok:
908
+ break;
909
+ case ssl_verify_invalid:
910
+ return ssl_hs_error;
911
+ case ssl_verify_retry:
912
+ hs->state = state_verify_server_certificate;
913
+ return ssl_hs_certificate_verify;
914
+ }
915
+
916
+ hs->state = state_read_server_key_exchange;
917
+ return ssl_hs_ok;
918
+ }
919
+
920
+ static enum ssl_hs_wait_t do_reverify_server_certificate(SSL_HANDSHAKE *hs) {
921
+ assert(hs->ssl->ctx->reverify_on_resume);
922
+
923
+ switch (ssl_reverify_peer_cert(hs, /*send_alert=*/true)) {
924
+ case ssl_verify_ok:
925
+ break;
926
+ case ssl_verify_invalid:
927
+ return ssl_hs_error;
928
+ case ssl_verify_retry:
929
+ hs->state = state_reverify_server_certificate;
930
+ return ssl_hs_certificate_verify;
931
+ }
932
+
933
+ hs->state = state_read_session_ticket;
934
+ return ssl_hs_ok;
935
+ }
936
+
937
+ static enum ssl_hs_wait_t do_read_server_key_exchange(SSL_HANDSHAKE *hs) {
938
+ SSL *const ssl = hs->ssl;
939
+ SSLMessage msg;
940
+ if (!ssl->method->get_message(ssl, &msg)) {
941
+ return ssl_hs_read_message;
942
+ }
943
+
944
+ if (msg.type != SSL3_MT_SERVER_KEY_EXCHANGE) {
945
+ // Some ciphers (pure PSK) have an optional ServerKeyExchange message.
946
+ if (ssl_cipher_requires_server_key_exchange(hs->new_cipher)) {
947
+ OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_MESSAGE);
948
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
949
+ return ssl_hs_error;
950
+ }
951
+
952
+ hs->state = state_read_certificate_request;
953
+ return ssl_hs_ok;
954
+ }
955
+
956
+ if (!ssl_hash_message(hs, msg)) {
957
+ return ssl_hs_error;
958
+ }
959
+
960
+ uint32_t alg_k = hs->new_cipher->algorithm_mkey;
961
+ uint32_t alg_a = hs->new_cipher->algorithm_auth;
962
+ CBS server_key_exchange = msg.body;
963
+ if (alg_a & SSL_aPSK) {
964
+ CBS psk_identity_hint;
965
+
966
+ // Each of the PSK key exchanges begins with a psk_identity_hint.
967
+ if (!CBS_get_u16_length_prefixed(&server_key_exchange,
968
+ &psk_identity_hint)) {
969
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
970
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
971
+ return ssl_hs_error;
972
+ }
973
+
974
+ // Store the PSK identity hint for the ClientKeyExchange. Assume that the
975
+ // maximum length of a PSK identity hint can be as long as the maximum
976
+ // length of a PSK identity. Also do not allow NULL characters; identities
977
+ // are saved as C strings.
978
+ //
979
+ // TODO(davidben): Should invalid hints be ignored? It's a hint rather than
980
+ // a specific identity.
981
+ if (CBS_len(&psk_identity_hint) > PSK_MAX_IDENTITY_LEN ||
982
+ CBS_contains_zero_byte(&psk_identity_hint)) {
983
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DATA_LENGTH_TOO_LONG);
984
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
985
+ return ssl_hs_error;
986
+ }
987
+
988
+ // Save non-empty identity hints as a C string. Empty identity hints we
989
+ // treat as missing. Plain PSK makes it possible to send either no hint
990
+ // (omit ServerKeyExchange) or an empty hint, while ECDHE_PSK can only spell
991
+ // empty hint. Having different capabilities is odd, so we interpret empty
992
+ // and missing as identical.
993
+ char *raw = nullptr;
994
+ if (CBS_len(&psk_identity_hint) != 0 &&
995
+ !CBS_strdup(&psk_identity_hint, &raw)) {
996
+ OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
997
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
998
+ return ssl_hs_error;
999
+ }
1000
+ hs->peer_psk_identity_hint.reset(raw);
1001
+ }
1002
+
1003
+ if (alg_k & SSL_kECDHE) {
1004
+ // Parse the server parameters.
1005
+ uint8_t group_type;
1006
+ uint16_t group_id;
1007
+ CBS point;
1008
+ if (!CBS_get_u8(&server_key_exchange, &group_type) ||
1009
+ group_type != NAMED_CURVE_TYPE ||
1010
+ !CBS_get_u16(&server_key_exchange, &group_id) ||
1011
+ !CBS_get_u8_length_prefixed(&server_key_exchange, &point)) {
1012
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
1013
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1014
+ return ssl_hs_error;
1015
+ }
1016
+ hs->new_session->group_id = group_id;
1017
+
1018
+ // Ensure the group is consistent with preferences.
1019
+ if (!tls1_check_group_id(hs, group_id)) {
1020
+ OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CURVE);
1021
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
1022
+ return ssl_hs_error;
1023
+ }
1024
+
1025
+ // Initialize ECDH and save the peer public key for later.
1026
+ hs->key_shares[0] = SSLKeyShare::Create(group_id);
1027
+ if (!hs->key_shares[0] ||
1028
+ !hs->peer_key.CopyFrom(point)) {
1029
+ return ssl_hs_error;
1030
+ }
1031
+ } else if (!(alg_k & SSL_kPSK)) {
1032
+ OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_MESSAGE);
1033
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
1034
+ return ssl_hs_error;
1035
+ }
1036
+
1037
+ // At this point, |server_key_exchange| contains the signature, if any, while
1038
+ // |msg.body| contains the entire message. From that, derive a CBS containing
1039
+ // just the parameter.
1040
+ CBS parameter;
1041
+ CBS_init(&parameter, CBS_data(&msg.body),
1042
+ CBS_len(&msg.body) - CBS_len(&server_key_exchange));
1043
+
1044
+ // ServerKeyExchange should be signed by the server's public key.
1045
+ if (ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
1046
+ uint16_t signature_algorithm = 0;
1047
+ if (ssl_protocol_version(ssl) >= TLS1_2_VERSION) {
1048
+ if (!CBS_get_u16(&server_key_exchange, &signature_algorithm)) {
1049
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
1050
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1051
+ return ssl_hs_error;
1052
+ }
1053
+ uint8_t alert = SSL_AD_DECODE_ERROR;
1054
+ if (!tls12_check_peer_sigalg(hs, &alert, signature_algorithm)) {
1055
+ ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
1056
+ return ssl_hs_error;
1057
+ }
1058
+ hs->new_session->peer_signature_algorithm = signature_algorithm;
1059
+ } else if (!tls1_get_legacy_signature_algorithm(&signature_algorithm,
1060
+ hs->peer_pubkey.get())) {
1061
+ OPENSSL_PUT_ERROR(SSL, SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE);
1062
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNSUPPORTED_CERTIFICATE);
1063
+ return ssl_hs_error;
1064
+ }
1065
+
1066
+ // The last field in |server_key_exchange| is the signature.
1067
+ CBS signature;
1068
+ if (!CBS_get_u16_length_prefixed(&server_key_exchange, &signature) ||
1069
+ CBS_len(&server_key_exchange) != 0) {
1070
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
1071
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1072
+ return ssl_hs_error;
1073
+ }
1074
+
1075
+ ScopedCBB transcript;
1076
+ Array<uint8_t> transcript_data;
1077
+ if (!CBB_init(transcript.get(),
1078
+ 2 * SSL3_RANDOM_SIZE + CBS_len(&parameter)) ||
1079
+ !CBB_add_bytes(transcript.get(), ssl->s3->client_random,
1080
+ SSL3_RANDOM_SIZE) ||
1081
+ !CBB_add_bytes(transcript.get(), ssl->s3->server_random,
1082
+ SSL3_RANDOM_SIZE) ||
1083
+ !CBB_add_bytes(transcript.get(), CBS_data(&parameter),
1084
+ CBS_len(&parameter)) ||
1085
+ !CBBFinishArray(transcript.get(), &transcript_data)) {
1086
+ OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
1087
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
1088
+ return ssl_hs_error;
1089
+ }
1090
+
1091
+ if (!ssl_public_key_verify(ssl, signature, signature_algorithm,
1092
+ hs->peer_pubkey.get(), transcript_data)) {
1093
+ // bad signature
1094
+ OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SIGNATURE);
1095
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
1096
+ return ssl_hs_error;
1097
+ }
1098
+ } else {
1099
+ // PSK ciphers are the only supported certificate-less ciphers.
1100
+ assert(alg_a == SSL_aPSK);
1101
+
1102
+ if (CBS_len(&server_key_exchange) > 0) {
1103
+ OPENSSL_PUT_ERROR(SSL, SSL_R_EXTRA_DATA_IN_MESSAGE);
1104
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1105
+ return ssl_hs_error;
1106
+ }
1107
+ }
1108
+
1109
+ ssl->method->next_message(ssl);
1110
+ hs->state = state_read_certificate_request;
1111
+ return ssl_hs_ok;
1112
+ }
1113
+
1114
+ static enum ssl_hs_wait_t do_read_certificate_request(SSL_HANDSHAKE *hs) {
1115
+ SSL *const ssl = hs->ssl;
1116
+
1117
+ if (!ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
1118
+ hs->state = state_read_server_hello_done;
1119
+ return ssl_hs_ok;
1120
+ }
1121
+
1122
+ SSLMessage msg;
1123
+ if (!ssl->method->get_message(ssl, &msg)) {
1124
+ return ssl_hs_read_message;
1125
+ }
1126
+
1127
+ if (msg.type == SSL3_MT_SERVER_HELLO_DONE) {
1128
+ // If we get here we don't need the handshake buffer as we won't be doing
1129
+ // client auth.
1130
+ hs->transcript.FreeBuffer();
1131
+ hs->state = state_read_server_hello_done;
1132
+ return ssl_hs_ok;
1133
+ }
1134
+
1135
+ if (!ssl_check_message_type(ssl, msg, SSL3_MT_CERTIFICATE_REQUEST) ||
1136
+ !ssl_hash_message(hs, msg)) {
1137
+ return ssl_hs_error;
1138
+ }
1139
+
1140
+ // Get the certificate types.
1141
+ CBS body = msg.body, certificate_types;
1142
+ if (!CBS_get_u8_length_prefixed(&body, &certificate_types)) {
1143
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1144
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
1145
+ return ssl_hs_error;
1146
+ }
1147
+
1148
+ if (!hs->certificate_types.CopyFrom(certificate_types)) {
1149
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
1150
+ return ssl_hs_error;
1151
+ }
1152
+
1153
+ if (ssl_protocol_version(ssl) >= TLS1_2_VERSION) {
1154
+ CBS supported_signature_algorithms;
1155
+ if (!CBS_get_u16_length_prefixed(&body, &supported_signature_algorithms) ||
1156
+ !tls1_parse_peer_sigalgs(hs, &supported_signature_algorithms)) {
1157
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1158
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
1159
+ return ssl_hs_error;
1160
+ }
1161
+ }
1162
+
1163
+ uint8_t alert = SSL_AD_DECODE_ERROR;
1164
+ UniquePtr<STACK_OF(CRYPTO_BUFFER)> ca_names =
1165
+ ssl_parse_client_CA_list(ssl, &alert, &body);
1166
+ if (!ca_names) {
1167
+ ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
1168
+ return ssl_hs_error;
1169
+ }
1170
+
1171
+ if (CBS_len(&body) != 0) {
1172
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1173
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
1174
+ return ssl_hs_error;
1175
+ }
1176
+
1177
+ hs->cert_request = true;
1178
+ hs->ca_names = std::move(ca_names);
1179
+ ssl->ctx->x509_method->hs_flush_cached_ca_names(hs);
1180
+
1181
+ ssl->method->next_message(ssl);
1182
+ hs->state = state_read_server_hello_done;
1183
+ return ssl_hs_ok;
1184
+ }
1185
+
1186
+ static enum ssl_hs_wait_t do_read_server_hello_done(SSL_HANDSHAKE *hs) {
1187
+ SSL *const ssl = hs->ssl;
1188
+ SSLMessage msg;
1189
+ if (!ssl->method->get_message(ssl, &msg)) {
1190
+ return ssl_hs_read_message;
1191
+ }
1192
+
1193
+ if (!ssl_check_message_type(ssl, msg, SSL3_MT_SERVER_HELLO_DONE) ||
1194
+ !ssl_hash_message(hs, msg)) {
1195
+ return ssl_hs_error;
1196
+ }
1197
+
1198
+ // ServerHelloDone is empty.
1199
+ if (CBS_len(&msg.body) != 0) {
1200
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1201
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
1202
+ return ssl_hs_error;
1203
+ }
1204
+
1205
+ // ServerHelloDone should be the end of the flight.
1206
+ if (ssl->method->has_unprocessed_handshake_data(ssl)) {
1207
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
1208
+ OPENSSL_PUT_ERROR(SSL, SSL_R_EXCESS_HANDSHAKE_DATA);
1209
+ return ssl_hs_error;
1210
+ }
1211
+
1212
+ ssl->method->next_message(ssl);
1213
+ hs->state = state_send_client_certificate;
1214
+ return ssl_hs_ok;
1215
+ }
1216
+
1217
+ static enum ssl_hs_wait_t do_send_client_certificate(SSL_HANDSHAKE *hs) {
1218
+ SSL *const ssl = hs->ssl;
1219
+
1220
+ // The peer didn't request a certificate.
1221
+ if (!hs->cert_request) {
1222
+ hs->state = state_send_client_key_exchange;
1223
+ return ssl_hs_ok;
1224
+ }
1225
+
1226
+ // Call cert_cb to update the certificate.
1227
+ if (hs->config->cert->cert_cb != NULL) {
1228
+ int rv = hs->config->cert->cert_cb(ssl, hs->config->cert->cert_cb_arg);
1229
+ if (rv == 0) {
1230
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
1231
+ OPENSSL_PUT_ERROR(SSL, SSL_R_CERT_CB_ERROR);
1232
+ return ssl_hs_error;
1233
+ }
1234
+ if (rv < 0) {
1235
+ hs->state = state_send_client_certificate;
1236
+ return ssl_hs_x509_lookup;
1237
+ }
1238
+ }
1239
+
1240
+ if (!ssl_has_certificate(hs)) {
1241
+ // Without a client certificate, the handshake buffer may be released.
1242
+ hs->transcript.FreeBuffer();
1243
+ }
1244
+
1245
+ if (!ssl_on_certificate_selected(hs) ||
1246
+ !ssl_output_cert_chain(hs)) {
1247
+ return ssl_hs_error;
1248
+ }
1249
+
1250
+
1251
+ hs->state = state_send_client_key_exchange;
1252
+ return ssl_hs_ok;
1253
+ }
1254
+
1255
+ static_assert(sizeof(size_t) >= sizeof(unsigned),
1256
+ "size_t is smaller than unsigned");
1257
+
1258
+ static enum ssl_hs_wait_t do_send_client_key_exchange(SSL_HANDSHAKE *hs) {
1259
+ SSL *const ssl = hs->ssl;
1260
+ ScopedCBB cbb;
1261
+ CBB body;
1262
+ if (!ssl->method->init_message(ssl, cbb.get(), &body,
1263
+ SSL3_MT_CLIENT_KEY_EXCHANGE)) {
1264
+ return ssl_hs_error;
1265
+ }
1266
+
1267
+ Array<uint8_t> pms;
1268
+ uint32_t alg_k = hs->new_cipher->algorithm_mkey;
1269
+ uint32_t alg_a = hs->new_cipher->algorithm_auth;
1270
+ if (ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
1271
+ CRYPTO_BUFFER *leaf =
1272
+ sk_CRYPTO_BUFFER_value(hs->new_session->certs.get(), 0);
1273
+ CBS leaf_cbs;
1274
+ CBS_init(&leaf_cbs, CRYPTO_BUFFER_data(leaf), CRYPTO_BUFFER_len(leaf));
1275
+
1276
+ // Check the key usage matches the cipher suite. We do this unconditionally
1277
+ // for non-RSA certificates. In particular, it's needed to distinguish ECDH
1278
+ // certificates, which we do not support, from ECDSA certificates.
1279
+ // Historically, we have not checked RSA key usages, so it is controlled by
1280
+ // a flag for now. See https://crbug.com/795089.
1281
+ ssl_key_usage_t intended_use = (alg_k & SSL_kRSA)
1282
+ ? key_usage_encipherment
1283
+ : key_usage_digital_signature;
1284
+ if (hs->config->enforce_rsa_key_usage ||
1285
+ EVP_PKEY_id(hs->peer_pubkey.get()) != EVP_PKEY_RSA) {
1286
+ if (!ssl_cert_check_key_usage(&leaf_cbs, intended_use)) {
1287
+ return ssl_hs_error;
1288
+ }
1289
+ }
1290
+ }
1291
+
1292
+ // If using a PSK key exchange, prepare the pre-shared key.
1293
+ unsigned psk_len = 0;
1294
+ uint8_t psk[PSK_MAX_PSK_LEN];
1295
+ if (alg_a & SSL_aPSK) {
1296
+ if (hs->config->psk_client_callback == NULL) {
1297
+ OPENSSL_PUT_ERROR(SSL, SSL_R_PSK_NO_CLIENT_CB);
1298
+ return ssl_hs_error;
1299
+ }
1300
+
1301
+ char identity[PSK_MAX_IDENTITY_LEN + 1];
1302
+ OPENSSL_memset(identity, 0, sizeof(identity));
1303
+ psk_len = hs->config->psk_client_callback(
1304
+ ssl, hs->peer_psk_identity_hint.get(), identity, sizeof(identity), psk,
1305
+ sizeof(psk));
1306
+ if (psk_len == 0) {
1307
+ OPENSSL_PUT_ERROR(SSL, SSL_R_PSK_IDENTITY_NOT_FOUND);
1308
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
1309
+ return ssl_hs_error;
1310
+ }
1311
+ assert(psk_len <= PSK_MAX_PSK_LEN);
1312
+
1313
+ hs->new_session->psk_identity.reset(OPENSSL_strdup(identity));
1314
+ if (hs->new_session->psk_identity == nullptr) {
1315
+ OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
1316
+ return ssl_hs_error;
1317
+ }
1318
+
1319
+ // Write out psk_identity.
1320
+ CBB child;
1321
+ if (!CBB_add_u16_length_prefixed(&body, &child) ||
1322
+ !CBB_add_bytes(&child, (const uint8_t *)identity,
1323
+ OPENSSL_strnlen(identity, sizeof(identity))) ||
1324
+ !CBB_flush(&body)) {
1325
+ return ssl_hs_error;
1326
+ }
1327
+ }
1328
+
1329
+ // Depending on the key exchange method, compute |pms|.
1330
+ if (alg_k & SSL_kRSA) {
1331
+ if (!pms.Init(SSL_MAX_MASTER_KEY_LENGTH)) {
1332
+ return ssl_hs_error;
1333
+ }
1334
+
1335
+ RSA *rsa = EVP_PKEY_get0_RSA(hs->peer_pubkey.get());
1336
+ if (rsa == NULL) {
1337
+ OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
1338
+ return ssl_hs_error;
1339
+ }
1340
+
1341
+ pms[0] = hs->client_version >> 8;
1342
+ pms[1] = hs->client_version & 0xff;
1343
+ if (!RAND_bytes(&pms[2], SSL_MAX_MASTER_KEY_LENGTH - 2)) {
1344
+ return ssl_hs_error;
1345
+ }
1346
+
1347
+ CBB enc_pms;
1348
+ uint8_t *ptr;
1349
+ size_t enc_pms_len;
1350
+ if (!CBB_add_u16_length_prefixed(&body, &enc_pms) ||
1351
+ !CBB_reserve(&enc_pms, &ptr, RSA_size(rsa)) ||
1352
+ !RSA_encrypt(rsa, &enc_pms_len, ptr, RSA_size(rsa), pms.data(),
1353
+ pms.size(), RSA_PKCS1_PADDING) ||
1354
+ !CBB_did_write(&enc_pms, enc_pms_len) ||
1355
+ !CBB_flush(&body)) {
1356
+ return ssl_hs_error;
1357
+ }
1358
+ } else if (alg_k & SSL_kECDHE) {
1359
+ // Generate a keypair and serialize the public half.
1360
+ CBB child;
1361
+ if (!CBB_add_u8_length_prefixed(&body, &child)) {
1362
+ return ssl_hs_error;
1363
+ }
1364
+
1365
+ // Compute the premaster.
1366
+ uint8_t alert = SSL_AD_DECODE_ERROR;
1367
+ if (!hs->key_shares[0]->Accept(&child, &pms, &alert, hs->peer_key)) {
1368
+ ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
1369
+ return ssl_hs_error;
1370
+ }
1371
+ if (!CBB_flush(&body)) {
1372
+ return ssl_hs_error;
1373
+ }
1374
+
1375
+ // The key exchange state may now be discarded.
1376
+ hs->key_shares[0].reset();
1377
+ hs->key_shares[1].reset();
1378
+ hs->peer_key.Reset();
1379
+ } else if (alg_k & SSL_kPSK) {
1380
+ // For plain PSK, other_secret is a block of 0s with the same length as
1381
+ // the pre-shared key.
1382
+ if (!pms.Init(psk_len)) {
1383
+ return ssl_hs_error;
1384
+ }
1385
+ OPENSSL_memset(pms.data(), 0, pms.size());
1386
+ } else {
1387
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
1388
+ OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
1389
+ return ssl_hs_error;
1390
+ }
1391
+
1392
+ // For a PSK cipher suite, other_secret is combined with the pre-shared
1393
+ // key.
1394
+ if (alg_a & SSL_aPSK) {
1395
+ ScopedCBB pms_cbb;
1396
+ CBB child;
1397
+ if (!CBB_init(pms_cbb.get(), 2 + psk_len + 2 + pms.size()) ||
1398
+ !CBB_add_u16_length_prefixed(pms_cbb.get(), &child) ||
1399
+ !CBB_add_bytes(&child, pms.data(), pms.size()) ||
1400
+ !CBB_add_u16_length_prefixed(pms_cbb.get(), &child) ||
1401
+ !CBB_add_bytes(&child, psk, psk_len) ||
1402
+ !CBBFinishArray(pms_cbb.get(), &pms)) {
1403
+ OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
1404
+ return ssl_hs_error;
1405
+ }
1406
+ }
1407
+
1408
+ // The message must be added to the finished hash before calculating the
1409
+ // master secret.
1410
+ if (!ssl_add_message_cbb(ssl, cbb.get())) {
1411
+ return ssl_hs_error;
1412
+ }
1413
+
1414
+ hs->new_session->master_key_length =
1415
+ tls1_generate_master_secret(hs, hs->new_session->master_key, pms);
1416
+ if (hs->new_session->master_key_length == 0) {
1417
+ return ssl_hs_error;
1418
+ }
1419
+ hs->new_session->extended_master_secret = hs->extended_master_secret;
1420
+
1421
+ hs->state = state_send_client_certificate_verify;
1422
+ return ssl_hs_ok;
1423
+ }
1424
+
1425
+ static enum ssl_hs_wait_t do_send_client_certificate_verify(SSL_HANDSHAKE *hs) {
1426
+ SSL *const ssl = hs->ssl;
1427
+
1428
+ if (!hs->cert_request || !ssl_has_certificate(hs)) {
1429
+ hs->state = state_send_client_finished;
1430
+ return ssl_hs_ok;
1431
+ }
1432
+
1433
+ assert(ssl_has_private_key(hs));
1434
+ ScopedCBB cbb;
1435
+ CBB body, child;
1436
+ if (!ssl->method->init_message(ssl, cbb.get(), &body,
1437
+ SSL3_MT_CERTIFICATE_VERIFY)) {
1438
+ return ssl_hs_error;
1439
+ }
1440
+
1441
+ uint16_t signature_algorithm;
1442
+ if (!tls1_choose_signature_algorithm(hs, &signature_algorithm)) {
1443
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
1444
+ return ssl_hs_error;
1445
+ }
1446
+ if (ssl_protocol_version(ssl) >= TLS1_2_VERSION) {
1447
+ // Write out the digest type in TLS 1.2.
1448
+ if (!CBB_add_u16(&body, signature_algorithm)) {
1449
+ OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
1450
+ return ssl_hs_error;
1451
+ }
1452
+ }
1453
+
1454
+ // Set aside space for the signature.
1455
+ const size_t max_sig_len = EVP_PKEY_size(hs->local_pubkey.get());
1456
+ uint8_t *ptr;
1457
+ if (!CBB_add_u16_length_prefixed(&body, &child) ||
1458
+ !CBB_reserve(&child, &ptr, max_sig_len)) {
1459
+ return ssl_hs_error;
1460
+ }
1461
+
1462
+ size_t sig_len = max_sig_len;
1463
+ switch (ssl_private_key_sign(hs, ptr, &sig_len, max_sig_len,
1464
+ signature_algorithm,
1465
+ hs->transcript.buffer())) {
1466
+ case ssl_private_key_success:
1467
+ break;
1468
+ case ssl_private_key_failure:
1469
+ return ssl_hs_error;
1470
+ case ssl_private_key_retry:
1471
+ hs->state = state_send_client_certificate_verify;
1472
+ return ssl_hs_private_key_operation;
1473
+ }
1474
+
1475
+ if (!CBB_did_write(&child, sig_len) ||
1476
+ !ssl_add_message_cbb(ssl, cbb.get())) {
1477
+ return ssl_hs_error;
1478
+ }
1479
+
1480
+ // The handshake buffer is no longer necessary.
1481
+ hs->transcript.FreeBuffer();
1482
+
1483
+ hs->state = state_send_client_finished;
1484
+ return ssl_hs_ok;
1485
+ }
1486
+
1487
+ static enum ssl_hs_wait_t do_send_client_finished(SSL_HANDSHAKE *hs) {
1488
+ SSL *const ssl = hs->ssl;
1489
+ // Resolve Channel ID first, before any non-idempotent operations.
1490
+ if (ssl->s3->channel_id_valid) {
1491
+ if (!ssl_do_channel_id_callback(hs)) {
1492
+ return ssl_hs_error;
1493
+ }
1494
+
1495
+ if (hs->config->channel_id_private == NULL) {
1496
+ hs->state = state_send_client_finished;
1497
+ return ssl_hs_channel_id_lookup;
1498
+ }
1499
+ }
1500
+
1501
+ if (!ssl->method->add_change_cipher_spec(ssl) ||
1502
+ !tls1_change_cipher_state(hs, evp_aead_seal)) {
1503
+ return ssl_hs_error;
1504
+ }
1505
+
1506
+ if (hs->next_proto_neg_seen) {
1507
+ static const uint8_t kZero[32] = {0};
1508
+ size_t padding_len =
1509
+ 32 - ((ssl->s3->next_proto_negotiated.size() + 2) % 32);
1510
+
1511
+ ScopedCBB cbb;
1512
+ CBB body, child;
1513
+ if (!ssl->method->init_message(ssl, cbb.get(), &body, SSL3_MT_NEXT_PROTO) ||
1514
+ !CBB_add_u8_length_prefixed(&body, &child) ||
1515
+ !CBB_add_bytes(&child, ssl->s3->next_proto_negotiated.data(),
1516
+ ssl->s3->next_proto_negotiated.size()) ||
1517
+ !CBB_add_u8_length_prefixed(&body, &child) ||
1518
+ !CBB_add_bytes(&child, kZero, padding_len) ||
1519
+ !ssl_add_message_cbb(ssl, cbb.get())) {
1520
+ OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
1521
+ return ssl_hs_error;
1522
+ }
1523
+ }
1524
+
1525
+ if (ssl->s3->channel_id_valid) {
1526
+ ScopedCBB cbb;
1527
+ CBB body;
1528
+ if (!ssl->method->init_message(ssl, cbb.get(), &body, SSL3_MT_CHANNEL_ID) ||
1529
+ !tls1_write_channel_id(hs, &body) ||
1530
+ !ssl_add_message_cbb(ssl, cbb.get())) {
1531
+ OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
1532
+ return ssl_hs_error;
1533
+ }
1534
+ }
1535
+
1536
+ if (!ssl_send_finished(hs)) {
1537
+ return ssl_hs_error;
1538
+ }
1539
+
1540
+ hs->state = state_finish_flight;
1541
+ return ssl_hs_flush;
1542
+ }
1543
+
1544
+ static bool can_false_start(const SSL_HANDSHAKE *hs) {
1545
+ SSL *const ssl = hs->ssl;
1546
+
1547
+ // False Start bypasses the Finished check's downgrade protection. This can
1548
+ // enable attacks where we send data under weaker settings than supported
1549
+ // (e.g. the Logjam attack). Thus we require TLS 1.2 with an ECDHE+AEAD
1550
+ // cipher, our strongest settings before TLS 1.3.
1551
+ //
1552
+ // Now that TLS 1.3 exists, we would like to avoid similar attacks between
1553
+ // TLS 1.2 and TLS 1.3, but there are too many TLS 1.2 deployments to
1554
+ // sacrifice False Start on them. TLS 1.3's downgrade signal fixes this, but
1555
+ // |SSL_CTX_set_ignore_tls13_downgrade| can disable it due to compatibility
1556
+ // issues.
1557
+ //
1558
+ // |SSL_CTX_set_ignore_tls13_downgrade| normally still retains Finished-based
1559
+ // downgrade protection, but False Start bypasses that. Thus, we disable False
1560
+ // Start based on the TLS 1.3 downgrade signal, even if otherwise unenforced.
1561
+ if (SSL_is_dtls(ssl) ||
1562
+ SSL_version(ssl) != TLS1_2_VERSION ||
1563
+ hs->new_cipher->algorithm_mkey != SSL_kECDHE ||
1564
+ hs->new_cipher->algorithm_mac != SSL_AEAD ||
1565
+ ssl->s3->tls13_downgrade) {
1566
+ return false;
1567
+ }
1568
+
1569
+ // Additionally require ALPN or NPN by default.
1570
+ //
1571
+ // TODO(davidben): Can this constraint be relaxed globally now that cipher
1572
+ // suite requirements have been tightened?
1573
+ if (!ssl->ctx->false_start_allowed_without_alpn &&
1574
+ ssl->s3->alpn_selected.empty() &&
1575
+ ssl->s3->next_proto_negotiated.empty()) {
1576
+ return false;
1577
+ }
1578
+
1579
+ return true;
1580
+ }
1581
+
1582
+ static enum ssl_hs_wait_t do_finish_flight(SSL_HANDSHAKE *hs) {
1583
+ SSL *const ssl = hs->ssl;
1584
+ if (ssl->session != NULL) {
1585
+ hs->state = state_finish_client_handshake;
1586
+ return ssl_hs_ok;
1587
+ }
1588
+
1589
+ // This is a full handshake. If it involves ChannelID, then record the
1590
+ // handshake hashes at this point in the session so that any resumption of
1591
+ // this session with ChannelID can sign those hashes.
1592
+ if (!tls1_record_handshake_hashes_for_channel_id(hs)) {
1593
+ return ssl_hs_error;
1594
+ }
1595
+
1596
+ hs->state = state_read_session_ticket;
1597
+
1598
+ if ((SSL_get_mode(ssl) & SSL_MODE_ENABLE_FALSE_START) &&
1599
+ can_false_start(hs) &&
1600
+ // No False Start on renegotiation (would complicate the state machine).
1601
+ !ssl->s3->initial_handshake_complete) {
1602
+ hs->in_false_start = true;
1603
+ hs->can_early_write = true;
1604
+ return ssl_hs_early_return;
1605
+ }
1606
+
1607
+ return ssl_hs_ok;
1608
+ }
1609
+
1610
+ static enum ssl_hs_wait_t do_read_session_ticket(SSL_HANDSHAKE *hs) {
1611
+ SSL *const ssl = hs->ssl;
1612
+
1613
+ if (!hs->ticket_expected) {
1614
+ hs->state = state_process_change_cipher_spec;
1615
+ return ssl_hs_read_change_cipher_spec;
1616
+ }
1617
+
1618
+ SSLMessage msg;
1619
+ if (!ssl->method->get_message(ssl, &msg)) {
1620
+ return ssl_hs_read_message;
1621
+ }
1622
+
1623
+ if (!ssl_check_message_type(ssl, msg, SSL3_MT_NEW_SESSION_TICKET) ||
1624
+ !ssl_hash_message(hs, msg)) {
1625
+ return ssl_hs_error;
1626
+ }
1627
+
1628
+ CBS new_session_ticket = msg.body, ticket;
1629
+ uint32_t ticket_lifetime_hint;
1630
+ if (!CBS_get_u32(&new_session_ticket, &ticket_lifetime_hint) ||
1631
+ !CBS_get_u16_length_prefixed(&new_session_ticket, &ticket) ||
1632
+ CBS_len(&new_session_ticket) != 0) {
1633
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1634
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
1635
+ return ssl_hs_error;
1636
+ }
1637
+
1638
+ if (CBS_len(&ticket) == 0) {
1639
+ // RFC 5077 allows a server to change its mind and send no ticket after
1640
+ // negotiating the extension. The value of |ticket_expected| is checked in
1641
+ // |ssl_update_cache| so is cleared here to avoid an unnecessary update.
1642
+ hs->ticket_expected = false;
1643
+ ssl->method->next_message(ssl);
1644
+ hs->state = state_process_change_cipher_spec;
1645
+ return ssl_hs_read_change_cipher_spec;
1646
+ }
1647
+
1648
+ SSL_SESSION *session = hs->new_session.get();
1649
+ UniquePtr<SSL_SESSION> renewed_session;
1650
+ if (ssl->session != NULL) {
1651
+ // The server is sending a new ticket for an existing session. Sessions are
1652
+ // immutable once established, so duplicate all but the ticket of the
1653
+ // existing session.
1654
+ renewed_session =
1655
+ SSL_SESSION_dup(ssl->session.get(), SSL_SESSION_INCLUDE_NONAUTH);
1656
+ if (!renewed_session) {
1657
+ // This should never happen.
1658
+ OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
1659
+ return ssl_hs_error;
1660
+ }
1661
+ session = renewed_session.get();
1662
+ }
1663
+
1664
+ // |ticket_lifetime_hint| is measured from when the ticket was issued.
1665
+ ssl_session_rebase_time(ssl, session);
1666
+
1667
+ if (!session->ticket.CopyFrom(ticket)) {
1668
+ return ssl_hs_error;
1669
+ }
1670
+ session->ticket_lifetime_hint = ticket_lifetime_hint;
1671
+
1672
+ // Generate a session ID for this session. Some callers expect all sessions to
1673
+ // have a session ID. Additionally, it acts as the session ID to signal
1674
+ // resumption.
1675
+ SHA256(CBS_data(&ticket), CBS_len(&ticket), session->session_id);
1676
+ session->session_id_length = SHA256_DIGEST_LENGTH;
1677
+
1678
+ if (renewed_session) {
1679
+ session->not_resumable = false;
1680
+ ssl->session = std::move(renewed_session);
1681
+ }
1682
+
1683
+ ssl->method->next_message(ssl);
1684
+ hs->state = state_process_change_cipher_spec;
1685
+ return ssl_hs_read_change_cipher_spec;
1686
+ }
1687
+
1688
+ static enum ssl_hs_wait_t do_process_change_cipher_spec(SSL_HANDSHAKE *hs) {
1689
+ if (!tls1_change_cipher_state(hs, evp_aead_open)) {
1690
+ return ssl_hs_error;
1691
+ }
1692
+
1693
+ hs->state = state_read_server_finished;
1694
+ return ssl_hs_ok;
1695
+ }
1696
+
1697
+ static enum ssl_hs_wait_t do_read_server_finished(SSL_HANDSHAKE *hs) {
1698
+ SSL *const ssl = hs->ssl;
1699
+ enum ssl_hs_wait_t wait = ssl_get_finished(hs);
1700
+ if (wait != ssl_hs_ok) {
1701
+ return wait;
1702
+ }
1703
+
1704
+ if (ssl->session != NULL) {
1705
+ hs->state = state_send_client_finished;
1706
+ return ssl_hs_ok;
1707
+ }
1708
+
1709
+ hs->state = state_finish_client_handshake;
1710
+ return ssl_hs_ok;
1711
+ }
1712
+
1713
+ static enum ssl_hs_wait_t do_finish_client_handshake(SSL_HANDSHAKE *hs) {
1714
+ SSL *const ssl = hs->ssl;
1715
+
1716
+ ssl->method->on_handshake_complete(ssl);
1717
+
1718
+ if (ssl->session != NULL) {
1719
+ ssl->s3->established_session = UpRef(ssl->session);
1720
+ } else {
1721
+ // We make a copy of the session in order to maintain the immutability
1722
+ // of the new established_session due to False Start. The caller may
1723
+ // have taken a reference to the temporary session.
1724
+ ssl->s3->established_session =
1725
+ SSL_SESSION_dup(hs->new_session.get(), SSL_SESSION_DUP_ALL);
1726
+ if (!ssl->s3->established_session) {
1727
+ return ssl_hs_error;
1728
+ }
1729
+ // Renegotiations do not participate in session resumption.
1730
+ if (!ssl->s3->initial_handshake_complete) {
1731
+ ssl->s3->established_session->not_resumable = false;
1732
+ }
1733
+
1734
+ hs->new_session.reset();
1735
+ }
1736
+
1737
+ hs->handshake_finalized = true;
1738
+ ssl->s3->initial_handshake_complete = true;
1739
+ ssl_update_cache(hs, SSL_SESS_CACHE_CLIENT);
1740
+
1741
+ hs->state = state_done;
1742
+ return ssl_hs_ok;
1743
+ }
1744
+
1745
+ enum ssl_hs_wait_t ssl_client_handshake(SSL_HANDSHAKE *hs) {
1746
+ while (hs->state != state_done) {
1747
+ enum ssl_hs_wait_t ret = ssl_hs_error;
1748
+ enum ssl_client_hs_state_t state =
1749
+ static_cast<enum ssl_client_hs_state_t>(hs->state);
1750
+ switch (state) {
1751
+ case state_start_connect:
1752
+ ret = do_start_connect(hs);
1753
+ break;
1754
+ case state_enter_early_data:
1755
+ ret = do_enter_early_data(hs);
1756
+ break;
1757
+ case state_early_reverify_server_certificate:
1758
+ ret = do_early_reverify_server_certificate(hs);
1759
+ break;
1760
+ case state_read_hello_verify_request:
1761
+ ret = do_read_hello_verify_request(hs);
1762
+ break;
1763
+ case state_read_server_hello:
1764
+ ret = do_read_server_hello(hs);
1765
+ break;
1766
+ case state_tls13:
1767
+ ret = do_tls13(hs);
1768
+ break;
1769
+ case state_read_server_certificate:
1770
+ ret = do_read_server_certificate(hs);
1771
+ break;
1772
+ case state_read_certificate_status:
1773
+ ret = do_read_certificate_status(hs);
1774
+ break;
1775
+ case state_verify_server_certificate:
1776
+ ret = do_verify_server_certificate(hs);
1777
+ break;
1778
+ case state_reverify_server_certificate:
1779
+ ret = do_reverify_server_certificate(hs);
1780
+ break;
1781
+ case state_read_server_key_exchange:
1782
+ ret = do_read_server_key_exchange(hs);
1783
+ break;
1784
+ case state_read_certificate_request:
1785
+ ret = do_read_certificate_request(hs);
1786
+ break;
1787
+ case state_read_server_hello_done:
1788
+ ret = do_read_server_hello_done(hs);
1789
+ break;
1790
+ case state_send_client_certificate:
1791
+ ret = do_send_client_certificate(hs);
1792
+ break;
1793
+ case state_send_client_key_exchange:
1794
+ ret = do_send_client_key_exchange(hs);
1795
+ break;
1796
+ case state_send_client_certificate_verify:
1797
+ ret = do_send_client_certificate_verify(hs);
1798
+ break;
1799
+ case state_send_client_finished:
1800
+ ret = do_send_client_finished(hs);
1801
+ break;
1802
+ case state_finish_flight:
1803
+ ret = do_finish_flight(hs);
1804
+ break;
1805
+ case state_read_session_ticket:
1806
+ ret = do_read_session_ticket(hs);
1807
+ break;
1808
+ case state_process_change_cipher_spec:
1809
+ ret = do_process_change_cipher_spec(hs);
1810
+ break;
1811
+ case state_read_server_finished:
1812
+ ret = do_read_server_finished(hs);
1813
+ break;
1814
+ case state_finish_client_handshake:
1815
+ ret = do_finish_client_handshake(hs);
1816
+ break;
1817
+ case state_done:
1818
+ ret = ssl_hs_ok;
1819
+ break;
1820
+ }
1821
+
1822
+ if (hs->state != state) {
1823
+ ssl_do_info_callback(hs->ssl, SSL_CB_CONNECT_LOOP, 1);
1824
+ }
1825
+
1826
+ if (ret != ssl_hs_ok) {
1827
+ return ret;
1828
+ }
1829
+ }
1830
+
1831
+ ssl_do_info_callback(hs->ssl, SSL_CB_HANDSHAKE_DONE, 1);
1832
+ return ssl_hs_ok;
1833
+ }
1834
+
1835
+ const char *ssl_client_handshake_state(SSL_HANDSHAKE *hs) {
1836
+ enum ssl_client_hs_state_t state =
1837
+ static_cast<enum ssl_client_hs_state_t>(hs->state);
1838
+ switch (state) {
1839
+ case state_start_connect:
1840
+ return "TLS client start_connect";
1841
+ case state_enter_early_data:
1842
+ return "TLS client enter_early_data";
1843
+ case state_early_reverify_server_certificate:
1844
+ return "TLS client early_reverify_server_certificate";
1845
+ case state_read_hello_verify_request:
1846
+ return "TLS client read_hello_verify_request";
1847
+ case state_read_server_hello:
1848
+ return "TLS client read_server_hello";
1849
+ case state_tls13:
1850
+ return tls13_client_handshake_state(hs);
1851
+ case state_read_server_certificate:
1852
+ return "TLS client read_server_certificate";
1853
+ case state_read_certificate_status:
1854
+ return "TLS client read_certificate_status";
1855
+ case state_verify_server_certificate:
1856
+ return "TLS client verify_server_certificate";
1857
+ case state_reverify_server_certificate:
1858
+ return "TLS client reverify_server_certificate";
1859
+ case state_read_server_key_exchange:
1860
+ return "TLS client read_server_key_exchange";
1861
+ case state_read_certificate_request:
1862
+ return "TLS client read_certificate_request";
1863
+ case state_read_server_hello_done:
1864
+ return "TLS client read_server_hello_done";
1865
+ case state_send_client_certificate:
1866
+ return "TLS client send_client_certificate";
1867
+ case state_send_client_key_exchange:
1868
+ return "TLS client send_client_key_exchange";
1869
+ case state_send_client_certificate_verify:
1870
+ return "TLS client send_client_certificate_verify";
1871
+ case state_send_client_finished:
1872
+ return "TLS client send_client_finished";
1873
+ case state_finish_flight:
1874
+ return "TLS client finish_flight";
1875
+ case state_read_session_ticket:
1876
+ return "TLS client read_session_ticket";
1877
+ case state_process_change_cipher_spec:
1878
+ return "TLS client process_change_cipher_spec";
1879
+ case state_read_server_finished:
1880
+ return "TLS client read_server_finished";
1881
+ case state_finish_client_handshake:
1882
+ return "TLS client finish_client_handshake";
1883
+ case state_done:
1884
+ return "TLS client done";
1885
+ }
1886
+
1887
+ return "TLS client unknown";
1888
+ }
1889
+
1890
+ BSSL_NAMESPACE_END