RubyGems - grpc - Versions diffs - 1.4.5 → 1.6.0.pre1 - Mend

grpc 1.4.5 → 1.6.0.pre1

Potentially problematic release.

This version of grpc might be problematic. Click here for more details.

Files changed (928) hide show

checksums.yaml +4 -4
data/Makefile +1235 -1100
data/etc/roots.pem +0 -412
data/include/grpc/byte_buffer.h +10 -25
data/include/grpc/byte_buffer_reader.h +10 -25
data/include/grpc/census.h +10 -25
data/include/grpc/compression.h +10 -25
data/include/grpc/grpc.h +15 -26
data/include/grpc/grpc_cronet.h +10 -25
data/include/grpc/grpc_posix.h +10 -25
data/include/grpc/grpc_security.h +10 -25
data/include/grpc/grpc_security_constants.h +10 -25
data/include/grpc/impl/codegen/atm.h +11 -25
data/include/grpc/impl/codegen/atm_gcc_atomic.h +10 -25
data/include/grpc/impl/codegen/atm_gcc_sync.h +10 -25
data/include/grpc/impl/codegen/atm_windows.h +10 -25
data/include/grpc/impl/codegen/byte_buffer_reader.h +11 -26
data/include/grpc/impl/codegen/compression_types.h +12 -27
data/include/grpc/impl/codegen/connectivity_state.h +10 -25
data/include/grpc/impl/codegen/exec_ctx_fwd.h +10 -25
data/include/grpc/impl/codegen/gpr_slice.h +10 -25
data/include/grpc/impl/codegen/gpr_types.h +10 -25
data/include/grpc/impl/codegen/grpc_types.h +42 -43
data/include/grpc/impl/codegen/port_platform.h +10 -25
data/include/grpc/impl/codegen/propagation_bits.h +10 -25
data/include/grpc/impl/codegen/slice.h +13 -28
data/include/grpc/impl/codegen/status.h +10 -25
data/include/grpc/impl/codegen/sync.h +10 -25
data/include/grpc/impl/codegen/sync_generic.h +10 -25
data/include/grpc/impl/codegen/sync_posix.h +10 -25
data/include/grpc/impl/codegen/sync_windows.h +10 -25
data/include/grpc/load_reporting.h +10 -25
data/include/grpc/slice.h +10 -25
data/include/grpc/slice_buffer.h +10 -25
data/include/grpc/status.h +10 -25
data/include/grpc/support/alloc.h +10 -25
data/include/grpc/support/atm.h +10 -25
data/include/grpc/support/atm_gcc_atomic.h +10 -25
data/include/grpc/support/atm_gcc_sync.h +10 -25
data/include/grpc/support/atm_windows.h +10 -25
data/include/grpc/support/avl.h +46 -49
data/include/grpc/support/cmdline.h +10 -25
data/include/grpc/support/cpu.h +10 -25
data/include/grpc/support/histogram.h +10 -25
data/include/grpc/support/host_port.h +10 -25
data/include/grpc/support/log.h +10 -25
data/include/grpc/support/log_windows.h +10 -25
data/include/grpc/support/port_platform.h +10 -25
data/include/grpc/support/string_util.h +10 -25
data/include/grpc/support/subprocess.h +10 -25
data/include/grpc/support/sync.h +10 -25
data/include/grpc/support/sync_generic.h +10 -25
data/include/grpc/support/sync_posix.h +10 -25
data/include/grpc/support/sync_windows.h +10 -25
data/include/grpc/support/thd.h +10 -25
data/include/grpc/support/time.h +10 -25
data/include/grpc/support/tls.h +10 -25
data/include/grpc/support/tls_gcc.h +10 -25
data/include/grpc/support/tls_msvc.h +10 -25
data/include/grpc/support/tls_pthread.h +10 -25
data/include/grpc/support/useful.h +10 -25
data/include/grpc/support/workaround_list.h +11 -26
data/src/boringssl/err_data.c +277 -259
data/src/core/ext/census/aggregation.h +10 -25
data/src/core/ext/census/base_resources.c +10 -25
data/src/core/ext/census/base_resources.h +10 -25
data/src/core/ext/census/census_interface.h +10 -25
data/src/core/ext/census/census_rpc_stats.h +10 -25
data/src/core/ext/census/context.c +10 -25
data/src/core/ext/census/gen/census.pb.c +10 -25
data/src/core/ext/census/gen/census.pb.h +10 -25
data/src/core/ext/census/gen/trace_context.pb.c +10 -25
data/src/core/ext/census/gen/trace_context.pb.h +10 -25
data/src/core/ext/census/grpc_context.c +10 -25
data/src/core/ext/census/grpc_filter.c +11 -26
data/src/core/ext/census/grpc_filter.h +10 -25
data/src/core/ext/census/grpc_plugin.c +10 -25
data/src/core/ext/census/initialize.c +10 -25
data/src/core/ext/census/intrusive_hash_map.c +10 -25
data/src/core/ext/census/intrusive_hash_map.h +10 -25
data/src/core/ext/census/intrusive_hash_map_internal.h +10 -25
data/src/core/ext/census/mlog.c +10 -25
data/src/core/ext/census/mlog.h +10 -25
data/src/core/ext/census/operation.c +10 -25
data/src/core/ext/census/placeholders.c +10 -25
data/src/core/ext/census/resource.c +10 -25
data/src/core/ext/census/resource.h +10 -25
data/src/core/ext/census/rpc_metric_id.h +10 -25
data/src/core/ext/census/trace_context.c +10 -25
data/src/core/ext/census/trace_context.h +10 -25
data/src/core/ext/census/trace_label.h +10 -25
data/src/core/ext/census/trace_propagation.h +10 -25
data/src/core/ext/census/trace_status.h +10 -25
data/src/core/ext/census/trace_string.h +10 -25
data/src/core/ext/census/tracing.c +10 -26
data/src/core/ext/census/tracing.h +10 -25
data/src/core/ext/filters/client_channel/channel_connectivity.c +20 -33
data/src/core/ext/filters/client_channel/client_channel.c +617 -520
data/src/core/ext/filters/client_channel/client_channel.h +15 -28
data/src/core/ext/filters/client_channel/client_channel_factory.c +13 -31
data/src/core/ext/filters/client_channel/client_channel_factory.h +10 -25
data/src/core/ext/filters/client_channel/client_channel_plugin.c +16 -29
data/src/core/ext/filters/client_channel/connector.c +10 -25
data/src/core/ext/filters/client_channel/connector.h +10 -25
data/src/core/ext/filters/client_channel/http_connect_handshaker.c +15 -30
data/src/core/ext/filters/client_channel/http_connect_handshaker.h +10 -25
data/src/core/ext/filters/client_channel/http_proxy.c +112 -38
data/src/core/ext/filters/client_channel/http_proxy.h +10 -25
data/src/core/ext/filters/client_channel/lb_policy.c +32 -36
data/src/core/ext/filters/client_channel/lb_policy.h +24 -27
data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.c +14 -30
data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.h +10 -25
data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.c +464 -279
data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.h +10 -25
data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +15 -28
data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.c +40 -48
data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.c +65 -49
data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +31 -31
data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.c +47 -32
data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +11 -26
data/src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.c +13 -9
data/src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.h +27 -21
data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.c +373 -136
data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.c +504 -279
data/src/core/ext/filters/client_channel/lb_policy_factory.c +12 -31
data/src/core/ext/filters/client_channel/lb_policy_factory.h +12 -27
data/src/core/ext/filters/client_channel/lb_policy_registry.c +10 -25
data/src/core/ext/filters/client_channel/lb_policy_registry.h +10 -25
data/src/core/ext/filters/client_channel/parse_address.c +10 -25
data/src/core/ext/filters/client_channel/parse_address.h +10 -25
data/src/core/ext/filters/client_channel/proxy_mapper.c +10 -25
data/src/core/ext/filters/client_channel/proxy_mapper.h +10 -25
data/src/core/ext/filters/client_channel/proxy_mapper_registry.c +10 -25
data/src/core/ext/filters/client_channel/proxy_mapper_registry.h +10 -25
data/src/core/ext/filters/client_channel/resolver.c +33 -38
data/src/core/ext/filters/client_channel/resolver.h +19 -30
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.c +153 -50
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +14 -27
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.c +33 -30
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.c +326 -116
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +35 -36
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.c +60 -0
data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.c +19 -34
data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.c +254 -0
data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +60 -0
data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.c +16 -28
data/src/core/ext/filters/client_channel/resolver_factory.c +10 -25
data/src/core/ext/filters/client_channel/resolver_factory.h +10 -25
data/src/core/ext/filters/client_channel/resolver_registry.c +10 -25
data/src/core/ext/filters/client_channel/resolver_registry.h +10 -25
data/src/core/ext/filters/client_channel/retry_throttle.c +23 -34
data/src/core/ext/filters/client_channel/retry_throttle.h +10 -25
data/src/core/ext/filters/client_channel/subchannel.c +33 -55
data/src/core/ext/filters/client_channel/subchannel.h +16 -26
data/src/core/ext/filters/client_channel/subchannel_index.c +55 -92
data/src/core/ext/filters/client_channel/subchannel_index.h +26 -29
data/src/core/ext/filters/client_channel/uri_parser.c +10 -25
data/src/core/ext/filters/client_channel/uri_parser.h +10 -25
data/src/core/ext/filters/deadline/deadline_filter.c +30 -45
data/src/core/ext/filters/deadline/deadline_filter.h +10 -25
data/src/core/ext/filters/http/client/http_client_filter.c +255 -294
data/src/core/ext/filters/http/client/http_client_filter.h +10 -25
data/src/core/ext/filters/http/http_filters_plugin.c +11 -26
data/src/core/ext/filters/http/message_compress/message_compress_filter.c +133 -105
data/src/core/ext/filters/http/message_compress/message_compress_filter.h +10 -25
data/src/core/ext/filters/http/server/http_server_filter.c +17 -32
data/src/core/ext/filters/http/server/http_server_filter.h +10 -25
data/src/core/ext/filters/load_reporting/load_reporting.c +11 -30
data/src/core/ext/filters/load_reporting/load_reporting.h +10 -25
data/src/core/ext/filters/load_reporting/load_reporting_filter.c +11 -26
data/src/core/ext/filters/load_reporting/load_reporting_filter.h +10 -25
data/src/core/ext/filters/max_age/max_age_filter.c +28 -43
data/src/core/ext/filters/max_age/max_age_filter.h +10 -25
data/src/core/ext/filters/message_size/message_size_filter.c +24 -37
data/src/core/ext/filters/message_size/message_size_filter.h +10 -25
data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.c +16 -31
data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.h +10 -25
data/src/core/ext/filters/workarounds/workaround_utils.c +12 -26
data/src/core/ext/filters/workarounds/workaround_utils.h +11 -26
data/src/core/ext/transport/chttp2/alpn/alpn.c +10 -25
data/src/core/ext/transport/chttp2/alpn/alpn.h +10 -25
data/src/core/ext/transport/chttp2/client/chttp2_connector.c +13 -28
data/src/core/ext/transport/chttp2/client/chttp2_connector.h +10 -25
data/src/core/ext/transport/chttp2/client/insecure/channel_create.c +13 -30
data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.c +12 -29
data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.c +13 -30
data/src/core/ext/transport/chttp2/server/chttp2_server.c +11 -26
data/src/core/ext/transport/chttp2/server/chttp2_server.h +10 -25
data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.c +10 -25
data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.c +10 -25
data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.c +10 -25
data/src/core/ext/transport/chttp2/transport/bin_decoder.c +11 -25
data/src/core/ext/transport/chttp2/transport/bin_decoder.h +10 -25
data/src/core/ext/transport/chttp2/transport/bin_encoder.c +10 -25
data/src/core/ext/transport/chttp2/transport/bin_encoder.h +10 -25
data/src/core/ext/transport/chttp2/transport/chttp2_plugin.c +15 -27
data/src/core/ext/transport/chttp2/transport/chttp2_transport.c +421 -443
data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +14 -25
data/src/core/ext/transport/chttp2/transport/flow_control.c +500 -0
data/src/core/ext/transport/chttp2/transport/frame.h +10 -25
data/src/core/ext/transport/chttp2/transport/frame_data.c +20 -28
data/src/core/ext/transport/chttp2/transport/frame_data.h +10 -25
data/src/core/ext/transport/chttp2/transport/frame_goaway.c +10 -25
data/src/core/ext/transport/chttp2/transport/frame_goaway.h +10 -25
data/src/core/ext/transport/chttp2/transport/frame_ping.c +11 -26
data/src/core/ext/transport/chttp2/transport/frame_ping.h +10 -25
data/src/core/ext/transport/chttp2/transport/frame_rst_stream.c +11 -26
data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +10 -25
data/src/core/ext/transport/chttp2/transport/frame_settings.c +16 -29
data/src/core/ext/transport/chttp2/transport/frame_settings.h +10 -25
data/src/core/ext/transport/chttp2/transport/frame_window_update.c +17 -33
data/src/core/ext/transport/chttp2/transport/frame_window_update.h +10 -25
data/src/core/ext/transport/chttp2/transport/hpack_encoder.c +18 -31
data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +12 -25
data/src/core/ext/transport/chttp2/transport/hpack_parser.c +15 -30
data/src/core/ext/transport/chttp2/transport/hpack_parser.h +10 -25
data/src/core/ext/transport/chttp2/transport/hpack_table.c +10 -25
data/src/core/ext/transport/chttp2/transport/hpack_table.h +10 -25
data/src/core/ext/transport/chttp2/transport/http2_settings.c +10 -25
data/src/core/ext/transport/chttp2/transport/http2_settings.h +10 -25
data/src/core/ext/transport/chttp2/transport/huffsyms.c +10 -25
data/src/core/ext/transport/chttp2/transport/huffsyms.h +10 -25
data/src/core/ext/transport/chttp2/transport/incoming_metadata.c +10 -25
data/src/core/ext/transport/chttp2/transport/incoming_metadata.h +10 -25
data/src/core/ext/transport/chttp2/transport/internal.h +191 -179
data/src/core/ext/transport/chttp2/transport/parsing.c +33 -102
data/src/core/ext/transport/chttp2/transport/stream_lists.c +26 -28
data/src/core/ext/transport/chttp2/transport/stream_map.c +10 -25
data/src/core/ext/transport/chttp2/transport/stream_map.h +10 -25
data/src/core/ext/transport/chttp2/transport/varint.c +14 -25
data/src/core/ext/transport/chttp2/transport/varint.h +10 -25
data/src/core/ext/transport/chttp2/transport/writing.c +164 -106
data/src/core/ext/transport/inproc/inproc_plugin.c +29 -0
data/src/core/ext/transport/inproc/inproc_transport.c +1303 -0
data/src/core/ext/transport/inproc/inproc_transport.h +41 -0
data/src/core/lib/channel/channel_args.c +52 -27
data/src/core/lib/channel/channel_args.h +18 -27
data/src/core/lib/channel/channel_stack.c +11 -26
data/src/core/lib/channel/channel_stack.h +12 -27
data/src/core/lib/channel/channel_stack_builder.c +11 -26
data/src/core/lib/channel/channel_stack_builder.h +10 -25
data/src/core/lib/channel/connected_channel.c +10 -25
data/src/core/lib/channel/connected_channel.h +10 -25
data/src/core/lib/channel/context.h +10 -25
data/src/core/lib/channel/handshaker.c +14 -29
data/src/core/lib/channel/handshaker.h +10 -25
data/src/core/lib/channel/handshaker_factory.c +10 -25
data/src/core/lib/channel/handshaker_factory.h +10 -25
data/src/core/lib/channel/handshaker_registry.c +10 -25
data/src/core/lib/channel/handshaker_registry.h +10 -25
data/src/core/lib/compression/algorithm_metadata.h +10 -25
data/src/core/lib/compression/compression.c +10 -25
data/src/core/lib/compression/message_compress.c +10 -25
data/src/core/lib/compression/message_compress.h +10 -25
data/src/core/lib/compression/stream_compression.c +191 -0
data/src/core/lib/compression/stream_compression.h +90 -0
data/src/core/lib/debug/trace.c +28 -29
data/src/core/lib/debug/trace.h +16 -30
data/src/core/lib/http/format_request.c +10 -25
data/src/core/lib/http/format_request.h +10 -25
data/src/core/lib/http/httpcli.c +19 -35
data/src/core/lib/http/httpcli.h +10 -25
data/src/core/lib/http/httpcli_security_connector.c +17 -30
data/src/core/lib/http/parser.c +11 -26
data/src/core/lib/http/parser.h +10 -25
data/src/core/lib/iomgr/closure.c +62 -25
data/src/core/lib/iomgr/closure.h +81 -26
data/src/core/lib/iomgr/combiner.c +103 -200
data/src/core/lib/iomgr/combiner.h +14 -32
data/src/core/lib/iomgr/endpoint.c +10 -29
data/src/core/lib/iomgr/endpoint.h +10 -29
data/src/core/lib/iomgr/endpoint_pair.h +10 -25
data/src/core/lib/iomgr/endpoint_pair_posix.c +10 -25
data/src/core/lib/iomgr/endpoint_pair_uv.c +10 -25
data/src/core/lib/iomgr/endpoint_pair_windows.c +10 -25
data/src/core/lib/iomgr/error.c +45 -46
data/src/core/lib/iomgr/error.h +21 -34
data/src/core/lib/iomgr/error_internal.h +10 -25
data/src/core/lib/iomgr/ev_epoll1_linux.c +279 -179
data/src/core/lib/iomgr/ev_epoll1_linux.h +10 -25
data/src/core/lib/iomgr/ev_epoll_limited_pollers_linux.c +75 -264
data/src/core/lib/iomgr/ev_epoll_limited_pollers_linux.h +10 -25
data/src/core/lib/iomgr/ev_epoll_thread_pool_linux.c +44 -199
data/src/core/lib/iomgr/ev_epoll_thread_pool_linux.h +10 -25
data/src/core/lib/iomgr/ev_epollex_linux.c +184 -247
data/src/core/lib/iomgr/ev_epollex_linux.h +10 -25
data/src/core/lib/iomgr/ev_epollsig_linux.c +116 -323
data/src/core/lib/iomgr/ev_epollsig_linux.h +10 -25
data/src/core/lib/iomgr/ev_poll_posix.c +328 -184
data/src/core/lib/iomgr/ev_poll_posix.h +10 -25
data/src/core/lib/iomgr/ev_posix.c +25 -56
data/src/core/lib/iomgr/ev_posix.h +15 -44
data/src/core/lib/iomgr/ev_windows.c +11 -26
data/src/core/lib/iomgr/exec_ctx.c +36 -45
data/src/core/lib/iomgr/exec_ctx.h +10 -25
data/src/core/lib/iomgr/executor.c +152 -127
data/src/core/lib/iomgr/executor.h +18 -26
data/src/core/lib/iomgr/gethostname.h +26 -0
data/src/core/lib/iomgr/gethostname_fallback.c +27 -0
data/src/core/lib/iomgr/gethostname_host_name_max.c +37 -0
data/src/core/lib/iomgr/gethostname_sysconf.c +37 -0
data/src/core/lib/iomgr/iocp_windows.c +10 -25
data/src/core/lib/iomgr/iocp_windows.h +10 -25
data/src/core/lib/iomgr/iomgr.c +17 -28
data/src/core/lib/iomgr/iomgr.h +12 -27
data/src/core/lib/iomgr/iomgr_internal.h +10 -25
data/src/core/lib/iomgr/iomgr_posix.c +11 -26
data/src/core/lib/iomgr/iomgr_posix.h +10 -25
data/src/core/lib/iomgr/iomgr_uv.c +19 -26
data/src/core/lib/iomgr/iomgr_uv.h +37 -0
data/src/core/lib/iomgr/iomgr_windows.c +10 -25
data/src/core/lib/iomgr/is_epollexclusive_available.c +10 -25
data/src/core/lib/iomgr/is_epollexclusive_available.h +10 -25
data/src/core/lib/iomgr/load_file.c +10 -25
data/src/core/lib/iomgr/load_file.h +10 -25
data/src/core/lib/iomgr/lockfree_event.c +22 -35
data/src/core/lib/iomgr/lockfree_event.h +13 -27
data/src/core/lib/iomgr/nameser.h +104 -0
data/src/core/lib/iomgr/network_status_tracker.c +10 -25
data/src/core/lib/iomgr/network_status_tracker.h +10 -25
data/src/core/lib/iomgr/polling_entity.c +10 -25
data/src/core/lib/iomgr/polling_entity.h +14 -34
data/src/core/lib/iomgr/pollset.h +14 -25
data/src/core/lib/iomgr/pollset_set.h +10 -25
data/src/core/lib/iomgr/pollset_set_uv.c +10 -25
data/src/core/lib/iomgr/pollset_set_windows.c +10 -25
data/src/core/lib/iomgr/pollset_set_windows.h +10 -25
data/src/core/lib/iomgr/pollset_uv.c +25 -26
data/src/core/lib/iomgr/pollset_uv.h +10 -25
data/src/core/lib/iomgr/pollset_windows.c +17 -27
data/src/core/lib/iomgr/pollset_windows.h +10 -25
data/src/core/lib/iomgr/port.h +24 -25
data/src/core/lib/iomgr/resolve_address.h +10 -25
data/src/core/lib/iomgr/resolve_address_posix.c +13 -28
data/src/core/lib/iomgr/resolve_address_uv.c +31 -35
data/src/core/lib/iomgr/resolve_address_windows.c +13 -28
data/src/core/lib/iomgr/resource_quota.c +52 -67
data/src/core/lib/iomgr/resource_quota.h +10 -25
data/src/core/lib/iomgr/sockaddr.h +10 -25
data/src/core/lib/iomgr/sockaddr_posix.h +10 -25
data/src/core/lib/iomgr/sockaddr_utils.c +15 -25
data/src/core/lib/iomgr/sockaddr_utils.h +12 -25
data/src/core/lib/iomgr/sockaddr_windows.h +10 -25
data/src/core/lib/iomgr/socket_factory_posix.c +13 -31
data/src/core/lib/iomgr/socket_factory_posix.h +10 -25
data/src/core/lib/iomgr/socket_mutator.c +14 -31
data/src/core/lib/iomgr/socket_mutator.h +10 -25
data/src/core/lib/iomgr/socket_utils.h +10 -25
data/src/core/lib/iomgr/socket_utils_common_posix.c +10 -25
data/src/core/lib/iomgr/socket_utils_linux.c +10 -25
data/src/core/lib/iomgr/socket_utils_posix.c +10 -25
data/src/core/lib/iomgr/socket_utils_posix.h +10 -25
data/src/core/lib/iomgr/socket_utils_uv.c +10 -25
data/src/core/lib/iomgr/socket_utils_windows.c +10 -25
data/src/core/lib/iomgr/socket_windows.c +12 -27
data/src/core/lib/iomgr/socket_windows.h +10 -25
data/src/core/lib/iomgr/sys_epoll_wrapper.h +10 -25
data/src/core/lib/iomgr/tcp_client.h +10 -25
data/src/core/lib/iomgr/tcp_client_posix.c +21 -34
data/src/core/lib/iomgr/tcp_client_posix.h +10 -25
data/src/core/lib/iomgr/tcp_client_uv.c +18 -27
data/src/core/lib/iomgr/tcp_client_windows.c +14 -29
data/src/core/lib/iomgr/tcp_posix.c +36 -55
data/src/core/lib/iomgr/tcp_posix.h +10 -25
data/src/core/lib/iomgr/tcp_server.h +10 -25
data/src/core/lib/iomgr/tcp_server_posix.c +16 -31
data/src/core/lib/iomgr/tcp_server_utils_posix.h +10 -25
data/src/core/lib/iomgr/tcp_server_utils_posix_common.c +11 -26
data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.c +10 -25
data/src/core/lib/iomgr/tcp_server_utils_posix_noifaddrs.c +10 -25
data/src/core/lib/iomgr/tcp_server_uv.c +103 -64
data/src/core/lib/iomgr/tcp_server_windows.c +14 -29
data/src/core/lib/iomgr/tcp_uv.c +41 -45
data/src/core/lib/iomgr/tcp_uv.h +10 -25
data/src/core/lib/iomgr/tcp_windows.c +39 -53
data/src/core/lib/iomgr/tcp_windows.h +10 -25
data/src/core/lib/iomgr/time_averaged_stats.c +10 -25
data/src/core/lib/iomgr/time_averaged_stats.h +10 -25
data/src/core/lib/iomgr/timer.h +18 -27
data/src/core/lib/iomgr/timer_generic.c +91 -87
data/src/core/lib/iomgr/timer_generic.h +10 -25
data/src/core/lib/iomgr/timer_heap.c +10 -25
data/src/core/lib/iomgr/timer_heap.h +10 -25
data/src/core/lib/iomgr/timer_manager.c +178 -100
data/src/core/lib/iomgr/timer_manager.h +10 -25
data/src/core/lib/iomgr/timer_uv.c +23 -33
data/src/core/lib/iomgr/timer_uv.h +10 -25
data/src/core/lib/iomgr/udp_server.c +17 -32
data/src/core/lib/iomgr/udp_server.h +10 -25
data/src/core/lib/iomgr/unix_sockets_posix.c +10 -25
data/src/core/lib/iomgr/unix_sockets_posix.h +10 -25
data/src/core/lib/iomgr/unix_sockets_posix_noop.c +10 -25
data/src/core/lib/iomgr/wakeup_fd_cv.c +10 -25
data/src/core/lib/iomgr/wakeup_fd_cv.h +13 -28
data/src/core/lib/iomgr/wakeup_fd_eventfd.c +10 -25
data/src/core/lib/iomgr/wakeup_fd_nospecial.c +10 -25
data/src/core/lib/iomgr/wakeup_fd_pipe.c +10 -25
data/src/core/lib/iomgr/wakeup_fd_pipe.h +10 -25
data/src/core/lib/iomgr/wakeup_fd_posix.c +10 -25
data/src/core/lib/iomgr/wakeup_fd_posix.h +10 -25
data/src/core/lib/json/json.c +10 -25
data/src/core/lib/json/json.h +10 -25
data/src/core/lib/json/json_common.h +10 -25
data/src/core/lib/json/json_reader.c +11 -25
data/src/core/lib/json/json_reader.h +10 -25
data/src/core/lib/json/json_string.c +10 -25
data/src/core/lib/json/json_writer.c +10 -25
data/src/core/lib/json/json_writer.h +10 -25
data/src/core/lib/profiling/basic_timers.c +10 -25
data/src/core/lib/profiling/stap_timers.c +10 -25
data/src/core/lib/profiling/timers.h +10 -25
data/src/core/lib/security/context/security_context.c +32 -40
data/src/core/lib/security/context/security_context.h +15 -26
data/src/core/lib/security/credentials/composite/composite_credentials.c +76 -81
data/src/core/lib/security/credentials/composite/composite_credentials.h +10 -25
data/src/core/lib/security/credentials/credentials.c +29 -49
data/src/core/lib/security/credentials/credentials.h +48 -61
data/src/core/lib/security/credentials/credentials_metadata.c +34 -78
data/src/core/lib/security/credentials/fake/fake_credentials.c +33 -56
data/src/core/lib/security/credentials/fake/fake_credentials.h +12 -27
data/src/core/lib/security/credentials/google_default/credentials_generic.c +10 -25
data/src/core/lib/security/credentials/google_default/google_default_credentials.c +12 -27
data/src/core/lib/security/credentials/google_default/google_default_credentials.h +10 -25
data/src/core/lib/security/credentials/iam/iam_credentials.c +40 -40
data/src/core/lib/security/credentials/iam/iam_credentials.h +11 -26
data/src/core/lib/security/credentials/jwt/json_token.c +10 -25
data/src/core/lib/security/credentials/jwt/json_token.h +10 -25
data/src/core/lib/security/credentials/jwt/jwt_credentials.c +45 -48
data/src/core/lib/security/credentials/jwt/jwt_credentials.h +11 -26
data/src/core/lib/security/credentials/jwt/jwt_verifier.c +53 -33
data/src/core/lib/security/credentials/jwt/jwt_verifier.h +10 -25
data/src/core/lib/security/credentials/oauth2/oauth2_credentials.c +155 -87
data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +24 -28
data/src/core/lib/security/credentials/plugin/plugin_credentials.c +118 -82
data/src/core/lib/security/credentials/plugin/plugin_credentials.h +24 -27
data/src/core/lib/security/credentials/ssl/ssl_credentials.c +13 -32
data/src/core/lib/security/credentials/ssl/ssl_credentials.h +10 -25
data/src/core/lib/security/transport/auth_filters.h +10 -25
data/src/core/lib/security/transport/client_auth_filter.c +217 -112
data/src/core/lib/security/transport/lb_targets_info.c +16 -32
data/src/core/lib/security/transport/lb_targets_info.h +10 -25
data/src/core/lib/security/transport/secure_endpoint.c +29 -43
data/src/core/lib/security/transport/secure_endpoint.h +10 -25
data/src/core/lib/security/transport/security_connector.c +80 -61
data/src/core/lib/security/transport/security_connector.h +35 -35
data/src/core/lib/security/transport/security_handshaker.c +18 -33
data/src/core/lib/security/transport/security_handshaker.h +10 -25
data/src/core/lib/security/transport/server_auth_filter.c +62 -116
data/src/core/lib/security/transport/tsi_error.c +10 -25
data/src/core/lib/security/transport/tsi_error.h +10 -25
data/src/core/lib/security/util/json_util.c +10 -25
data/src/core/lib/security/util/json_util.h +10 -25
data/src/core/lib/slice/b64.c +10 -25
data/src/core/lib/slice/b64.h +10 -25
data/src/core/lib/slice/percent_encoding.c +10 -25
data/src/core/lib/slice/percent_encoding.h +10 -25
data/src/core/lib/slice/slice.c +10 -25
data/src/core/lib/slice/slice_buffer.c +10 -25
data/src/core/lib/slice/slice_hash_table.c +48 -26
data/src/core/lib/slice/slice_hash_table.h +26 -28
data/src/core/lib/slice/slice_intern.c +10 -25
data/src/core/lib/slice/slice_internal.h +10 -25
data/src/core/lib/slice/slice_string_helpers.c +10 -25
data/src/core/lib/slice/slice_string_helpers.h +10 -25
data/src/core/lib/support/alloc.c +10 -25
data/src/core/lib/support/arena.c +12 -27
data/src/core/lib/support/arena.h +10 -25
data/src/core/lib/support/atm.c +17 -32
data/src/core/lib/support/atomic.h +10 -25
data/src/core/lib/support/atomic_with_atm.h +10 -25
data/src/core/lib/support/atomic_with_std.h +10 -25
data/src/core/lib/support/avl.c +101 -101
data/src/core/lib/support/backoff.c +10 -25
data/src/core/lib/support/backoff.h +10 -25
data/src/core/lib/support/block_annotate.h +10 -25
data/src/core/lib/support/cmdline.c +10 -25
data/src/core/lib/support/cpu_iphone.c +10 -25
data/src/core/lib/support/cpu_linux.c +10 -25
data/src/core/lib/support/cpu_posix.c +10 -25
data/src/core/lib/support/cpu_windows.c +10 -25
data/src/core/lib/support/env.h +16 -25
data/src/core/lib/support/env_linux.c +30 -37
data/src/core/lib/support/env_posix.c +15 -25
data/src/core/lib/support/env_windows.c +15 -25
data/src/core/lib/support/histogram.c +10 -25
data/src/core/lib/support/host_port.c +10 -25
data/src/core/lib/support/log.c +20 -29
data/src/core/lib/support/log_android.c +10 -25
data/src/core/lib/support/log_linux.c +13 -26
data/src/core/lib/support/log_posix.c +10 -25
data/src/core/lib/support/log_windows.c +10 -25
data/src/core/lib/support/memory.h +10 -25
data/src/core/lib/support/mpscq.c +11 -49
data/src/core/lib/support/mpscq.h +11 -50
data/src/core/lib/support/murmur_hash.c +12 -25
data/src/core/lib/support/murmur_hash.h +10 -25
data/src/core/lib/support/spinlock.h +10 -25
data/src/core/lib/support/stack_lockfree.c +10 -25
data/src/core/lib/support/stack_lockfree.h +10 -25
data/src/core/lib/support/string.c +10 -25
data/src/core/lib/support/string.h +10 -25
data/src/core/lib/support/string_posix.c +10 -25
data/src/core/lib/support/string_util_windows.c +10 -25
data/src/core/lib/support/string_windows.c +10 -25
data/src/core/lib/support/string_windows.h +10 -25
data/src/core/lib/support/subprocess_posix.c +10 -25
data/src/core/lib/support/subprocess_windows.c +10 -25
data/src/core/lib/support/sync.c +10 -25
data/src/core/lib/support/sync_posix.c +10 -25
data/src/core/lib/support/sync_windows.c +10 -25
data/src/core/lib/support/thd.c +10 -25
data/src/core/lib/support/thd_internal.h +10 -25
data/src/core/lib/support/thd_posix.c +10 -25
data/src/core/lib/support/thd_windows.c +10 -25
data/src/core/lib/support/time.c +10 -25
data/src/core/lib/support/time_posix.c +10 -25
data/src/core/lib/support/time_precise.c +18 -33
data/src/core/lib/support/time_precise.h +10 -25
data/src/core/lib/support/time_windows.c +10 -25
data/src/core/lib/support/tls_pthread.c +10 -25
data/src/core/lib/support/tmpfile.h +10 -25
data/src/core/lib/support/tmpfile_msys.c +10 -25
data/src/core/lib/support/tmpfile_posix.c +10 -25
data/src/core/lib/support/tmpfile_windows.c +10 -25
data/src/core/lib/support/wrap_memcpy.c +10 -25
data/src/core/lib/surface/alarm.c +78 -35
data/src/core/lib/surface/alarm_internal.h +40 -0
data/src/core/lib/surface/api_trace.c +11 -26
data/src/core/lib/surface/api_trace.h +10 -25
data/src/core/lib/surface/byte_buffer.c +10 -25
data/src/core/lib/surface/byte_buffer_reader.c +10 -25
data/src/core/lib/surface/call.c +64 -84
data/src/core/lib/surface/call.h +11 -26
data/src/core/lib/surface/call_details.c +10 -25
data/src/core/lib/surface/call_log_batch.c +10 -25
data/src/core/lib/surface/call_test_only.h +10 -25
data/src/core/lib/surface/channel.c +11 -26
data/src/core/lib/surface/channel.h +11 -26
data/src/core/lib/surface/channel_init.c +10 -25
data/src/core/lib/surface/channel_init.h +10 -25
data/src/core/lib/surface/channel_ping.c +12 -27
data/src/core/lib/surface/channel_stack_type.c +10 -25
data/src/core/lib/surface/channel_stack_type.h +10 -25
data/src/core/lib/surface/completion_queue.c +442 -331
data/src/core/lib/surface/completion_queue.h +16 -33
data/src/core/lib/surface/completion_queue_factory.c +10 -25
data/src/core/lib/surface/completion_queue_factory.h +10 -25
data/src/core/lib/surface/event_string.c +10 -25
data/src/core/lib/surface/event_string.h +10 -25
data/src/core/lib/surface/init.c +38 -47
data/src/core/lib/surface/init.h +10 -25
data/src/core/lib/surface/init_secure.c +20 -27
data/src/core/lib/surface/lame_client.cc +14 -29
data/src/core/lib/surface/lame_client.h +10 -25
data/src/core/lib/surface/metadata_array.c +10 -25
data/src/core/lib/surface/server.c +128 -81
data/src/core/lib/surface/server.h +10 -25
data/src/core/lib/surface/validate_metadata.c +10 -25
data/src/core/lib/surface/validate_metadata.h +10 -25
data/src/core/lib/surface/version.c +11 -26
data/src/core/lib/transport/bdp_estimator.c +19 -29
data/src/core/lib/transport/bdp_estimator.h +16 -29
data/src/core/lib/transport/byte_stream.c +127 -36
data/src/core/lib/transport/byte_stream.h +88 -46
data/src/core/lib/transport/connectivity_state.c +17 -31
data/src/core/lib/transport/connectivity_state.h +10 -25
data/src/core/lib/transport/error_utils.c +10 -25
data/src/core/lib/transport/error_utils.h +10 -25
data/src/core/lib/transport/http2_errors.h +10 -25
data/src/core/lib/transport/metadata.c +87 -85
data/src/core/lib/transport/metadata.h +15 -28
data/src/core/lib/transport/metadata_batch.c +10 -25
data/src/core/lib/transport/metadata_batch.h +10 -25
data/src/core/lib/transport/pid_controller.c +10 -25
data/src/core/lib/transport/pid_controller.h +10 -25
data/src/core/lib/transport/service_config.c +11 -26
data/src/core/lib/transport/service_config.h +10 -25
data/src/core/lib/transport/static_metadata.c +12 -26
data/src/core/lib/transport/static_metadata.h +10 -25
data/src/core/lib/transport/status_conversion.c +10 -25
data/src/core/lib/transport/status_conversion.h +10 -25
data/src/core/lib/transport/timeout_encoding.c +10 -25
data/src/core/lib/transport/timeout_encoding.h +10 -25
data/src/core/lib/transport/transport.c +60 -53
data/src/core/lib/transport/transport.h +36 -34
data/src/core/lib/transport/transport_impl.h +10 -25
data/src/core/lib/transport/transport_op_string.c +10 -28
data/src/core/plugin_registry/grpc_plugin_registry.c +22 -25
data/src/core/tsi/fake_transport_security.c +199 -94
data/src/core/tsi/fake_transport_security.h +11 -26
data/src/core/tsi/gts_transport_security.c +40 -0
data/src/core/tsi/gts_transport_security.h +37 -0
data/src/core/tsi/ssl_transport_security.c +13 -32
data/src/core/tsi/ssl_transport_security.h +10 -25
data/src/core/tsi/ssl_types.h +10 -25
data/src/core/tsi/transport_security.c +48 -78
data/src/core/tsi/transport_security.h +18 -27
data/src/core/tsi/transport_security_adapter.c +17 -29
data/src/core/tsi/transport_security_adapter.h +10 -25
data/src/core/tsi/transport_security_grpc.c +64 -0
data/src/core/tsi/transport_security_grpc.h +80 -0
data/src/core/tsi/transport_security_interface.h +21 -27
data/src/ruby/bin/apis/google/protobuf/empty.rb +10 -25
data/src/ruby/bin/apis/pubsub_demo.rb +10 -25
data/src/ruby/bin/apis/tech/pubsub/proto/pubsub.rb +10 -25
data/src/ruby/bin/apis/tech/pubsub/proto/pubsub_services.rb +10 -25
data/src/ruby/bin/math_client.rb +10 -25
data/src/ruby/bin/math_server.rb +10 -25
data/src/ruby/bin/math_services_pb.rb +10 -25
data/src/ruby/bin/noproto_client.rb +10 -25
data/src/ruby/bin/noproto_server.rb +10 -25
data/src/ruby/ext/grpc/extconf.rb +10 -25
data/src/ruby/ext/grpc/rb_byte_buffer.c +10 -25
data/src/ruby/ext/grpc/rb_byte_buffer.h +10 -25
data/src/ruby/ext/grpc/rb_call.c +44 -25
data/src/ruby/ext/grpc/rb_call.h +10 -25
data/src/ruby/ext/grpc/rb_call_credentials.c +10 -25
data/src/ruby/ext/grpc/rb_call_credentials.h +10 -25
data/src/ruby/ext/grpc/rb_channel.c +10 -25
data/src/ruby/ext/grpc/rb_channel.h +10 -25
data/src/ruby/ext/grpc/rb_channel_args.c +10 -25
data/src/ruby/ext/grpc/rb_channel_args.h +10 -25
data/src/ruby/ext/grpc/rb_channel_credentials.c +10 -25
data/src/ruby/ext/grpc/rb_channel_credentials.h +10 -25
data/src/ruby/ext/grpc/rb_completion_queue.c +10 -25
data/src/ruby/ext/grpc/rb_completion_queue.h +10 -25
data/src/ruby/ext/grpc/rb_compression_options.c +10 -25
data/src/ruby/ext/grpc/rb_compression_options.h +10 -25
data/src/ruby/ext/grpc/rb_event_thread.c +10 -25
data/src/ruby/ext/grpc/rb_event_thread.h +10 -25
data/src/ruby/ext/grpc/rb_grpc.c +10 -25
data/src/ruby/ext/grpc/rb_grpc.h +10 -25
data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +10 -25
data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +16 -31
data/src/ruby/ext/grpc/rb_loader.c +10 -25
data/src/ruby/ext/grpc/rb_loader.h +10 -25
data/src/ruby/ext/grpc/rb_server.c +10 -25
data/src/ruby/ext/grpc/rb_server.h +10 -25
data/src/ruby/ext/grpc/rb_server_credentials.c +10 -25
data/src/ruby/ext/grpc/rb_server_credentials.h +10 -25
data/src/ruby/lib/grpc.rb +10 -25
data/src/ruby/lib/grpc/core/time_consts.rb +10 -25
data/src/ruby/lib/grpc/errors.rb +16 -30
data/src/ruby/lib/grpc/generic/active_call.rb +25 -27
data/src/ruby/lib/grpc/generic/bidi_call.rb +17 -27
data/src/ruby/lib/grpc/generic/client_stub.rb +10 -25
data/src/ruby/lib/grpc/generic/rpc_desc.rb +10 -25
data/src/ruby/lib/grpc/generic/rpc_server.rb +10 -25
data/src/ruby/lib/grpc/generic/service.rb +10 -25
data/src/ruby/lib/grpc/grpc.rb +10 -25
data/src/ruby/lib/grpc/logconfig.rb +10 -25
data/src/ruby/lib/grpc/notifier.rb +10 -25
data/src/ruby/lib/grpc/version.rb +11 -26
data/src/ruby/pb/generate_proto_ruby.sh +10 -25
data/src/ruby/pb/grpc/health/checker.rb +10 -25
data/src/ruby/pb/grpc/health/v1/health_services_pb.rb +10 -25
data/src/ruby/pb/grpc/testing/duplicate/echo_duplicate_services_pb.rb +10 -25
data/src/ruby/pb/grpc/testing/metrics_services_pb.rb +10 -25
data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +10 -25
data/src/ruby/pb/test/client.rb +10 -25
data/src/ruby/pb/test/server.rb +10 -25
data/src/ruby/spec/call_credentials_spec.rb +10 -25
data/src/ruby/spec/call_spec.rb +43 -25
data/src/ruby/spec/channel_connection_spec.rb +10 -25
data/src/ruby/spec/channel_credentials_spec.rb +11 -26
data/src/ruby/spec/channel_spec.rb +10 -25
data/src/ruby/spec/client_auth_spec.rb +10 -25
data/src/ruby/spec/client_server_spec.rb +66 -25
data/src/ruby/spec/compression_options_spec.rb +10 -25
data/src/ruby/spec/error_sanity_spec.rb +10 -25
data/src/ruby/spec/generic/active_call_spec.rb +10 -25
data/src/ruby/spec/generic/client_stub_spec.rb +146 -35
data/src/ruby/spec/generic/rpc_desc_spec.rb +10 -25
data/src/ruby/spec/generic/rpc_server_pool_spec.rb +10 -25
data/src/ruby/spec/generic/rpc_server_spec.rb +124 -34
data/src/ruby/spec/generic/service_spec.rb +10 -25
data/src/ruby/spec/pb/duplicate/codegen_spec.rb +10 -25
data/src/ruby/spec/pb/health/checker_spec.rb +10 -25
data/src/ruby/spec/server_credentials_spec.rb +10 -25
data/src/ruby/spec/server_spec.rb +10 -25
data/src/ruby/spec/spec_helper.rb +10 -25
data/src/ruby/spec/time_consts_spec.rb +10 -25
data/third_party/boringssl/crypto/aes/key_wrap.c +138 -0
data/third_party/boringssl/crypto/asn1/a_bitstr.c +6 -3
data/third_party/boringssl/crypto/asn1/a_enum.c +4 -1
data/third_party/boringssl/crypto/asn1/a_gentm.c +20 -15
data/third_party/boringssl/crypto/asn1/a_int.c +7 -4
data/third_party/boringssl/crypto/asn1/a_object.c +5 -2
data/third_party/boringssl/crypto/asn1/a_time.c +0 -1
data/third_party/boringssl/crypto/asn1/a_utctm.c +1 -2
data/third_party/boringssl/crypto/asn1/asn1_lib.c +5 -2
data/third_party/boringssl/crypto/asn1/asn1_locl.h +35 -0
data/third_party/boringssl/crypto/asn1/tasn_dec.c +3 -1
data/third_party/boringssl/crypto/asn1/tasn_enc.c +6 -3
data/third_party/boringssl/crypto/asn1/tasn_new.c +12 -7
data/third_party/boringssl/crypto/asn1/tasn_utl.c +22 -8
data/third_party/boringssl/crypto/{time_support.c → asn1/time_support.c} +1 -1
data/third_party/boringssl/crypto/asn1/x_long.c +5 -2
data/third_party/boringssl/crypto/base64/base64.c +7 -5
data/third_party/boringssl/crypto/bio/bio.c +24 -10
data/third_party/boringssl/crypto/bio/bio_mem.c +12 -10
data/third_party/boringssl/crypto/bio/connect.c +7 -18
data/third_party/boringssl/crypto/bio/fd.c +3 -6
data/third_party/boringssl/crypto/bio/file.c +6 -6
data/third_party/boringssl/crypto/bio/hexdump.c +4 -2
data/third_party/boringssl/crypto/bio/pair.c +30 -344
data/third_party/boringssl/crypto/bio/socket.c +6 -7
data/third_party/boringssl/crypto/bio/socket_helper.c +4 -3
data/third_party/boringssl/crypto/bn/add.c +1 -1
data/third_party/boringssl/crypto/bn/asm/x86_64-gcc.c +11 -10
data/third_party/boringssl/crypto/bn/bn.c +6 -20
data/third_party/boringssl/crypto/bn/cmp.c +14 -0
data/third_party/boringssl/crypto/bn/convert.c +73 -2
data/third_party/boringssl/crypto/bn/ctx.c +3 -1
data/third_party/boringssl/crypto/bn/div.c +108 -51
data/third_party/boringssl/crypto/bn/exponentiation.c +15 -33
data/third_party/boringssl/crypto/bn/gcd.c +29 -22
data/third_party/boringssl/crypto/bn/generic.c +71 -67
data/third_party/boringssl/crypto/bn/internal.h +19 -6
data/third_party/boringssl/crypto/bn/kronecker.c +1 -0
data/third_party/boringssl/crypto/bn/montgomery.c +9 -10
data/third_party/boringssl/crypto/bn/montgomery_inv.c +47 -0
data/third_party/boringssl/crypto/bn/mul.c +11 -9
data/third_party/boringssl/crypto/bn/random.c +6 -3
data/third_party/boringssl/crypto/bn/rsaz_exp.c +0 -65
data/third_party/boringssl/crypto/bn/rsaz_exp.h +0 -3
data/third_party/boringssl/crypto/bn/shift.c +9 -1
data/third_party/boringssl/crypto/bn/sqrt.c +3 -1
data/third_party/boringssl/crypto/buf/buf.c +6 -4
data/third_party/boringssl/crypto/bytestring/asn1_compat.c +2 -1
data/third_party/boringssl/crypto/bytestring/ber.c +2 -1
data/third_party/boringssl/crypto/bytestring/cbb.c +9 -7
data/third_party/boringssl/crypto/bytestring/cbs.c +54 -2
data/third_party/boringssl/crypto/chacha/chacha.c +1 -1
data/third_party/boringssl/crypto/cipher/aead.c +3 -3
data/third_party/boringssl/crypto/cipher/cipher.c +18 -13
data/third_party/boringssl/crypto/cipher/e_aes.c +335 -281
data/third_party/boringssl/crypto/cipher/e_chacha20poly1305.c +113 -137
data/third_party/boringssl/crypto/cipher/e_null.c +2 -1
data/third_party/boringssl/crypto/cipher/e_rc2.c +54 -49
data/third_party/boringssl/crypto/cipher/e_ssl3.c +4 -3
data/third_party/boringssl/crypto/cipher/e_tls.c +5 -5
data/third_party/boringssl/crypto/cipher/tls_cbc.c +41 -112
data/third_party/boringssl/crypto/cmac/cmac.c +6 -4
data/third_party/boringssl/crypto/conf/conf.c +6 -3
data/third_party/boringssl/crypto/cpu-arm-linux.c +2 -2
data/third_party/boringssl/crypto/curve25519/curve25519.c +28 -34
data/third_party/boringssl/crypto/curve25519/spake25519.c +7 -6
data/third_party/boringssl/crypto/curve25519/x25519-x86_64.c +2 -1
data/third_party/boringssl/crypto/des/des.c +1 -1
data/third_party/boringssl/crypto/des/internal.h +58 -46
data/third_party/boringssl/crypto/dh/dh.c +4 -8
data/third_party/boringssl/crypto/digest/digest.c +5 -2
data/third_party/boringssl/crypto/digest/digests.c +70 -33
data/third_party/boringssl/crypto/digest/md32_common.h +39 -27
data/third_party/boringssl/crypto/dsa/dsa.c +11 -19
data/third_party/boringssl/crypto/ec/ec.c +1 -1
data/third_party/boringssl/crypto/ec/ec_asn1.c +3 -2
data/third_party/boringssl/crypto/ec/ec_key.c +1 -1
data/third_party/boringssl/crypto/ec/ec_montgomery.c +6 -11
data/third_party/boringssl/crypto/ec/oct.c +2 -14
data/third_party/boringssl/crypto/ec/p224-64.c +78 -122
data/third_party/boringssl/crypto/ec/p256-64.c +93 -133
data/third_party/boringssl/crypto/ec/p256-x86_64.c +48 -61
data/third_party/boringssl/crypto/ec/p256-x86_64.h +113 -0
data/third_party/boringssl/crypto/ec/simple.c +2 -1
data/third_party/boringssl/crypto/ec/wnaf.c +52 -43
data/third_party/boringssl/crypto/ecdh/ecdh.c +4 -2
data/third_party/boringssl/crypto/ecdsa/ecdsa.c +17 -16
data/third_party/boringssl/crypto/engine/engine.c +3 -1
data/third_party/boringssl/crypto/err/err.c +5 -5
data/third_party/boringssl/crypto/evp/evp.c +1 -1
data/third_party/boringssl/crypto/evp/evp_asn1.c +1 -1
data/third_party/boringssl/crypto/evp/evp_ctx.c +23 -29
data/third_party/boringssl/crypto/evp/p_ec.c +2 -1
data/third_party/boringssl/crypto/evp/p_rsa.c +9 -3
data/third_party/boringssl/crypto/evp/pbkdf.c +3 -1
data/third_party/boringssl/crypto/hkdf/hkdf.c +3 -1
data/third_party/boringssl/crypto/hmac/hmac.c +4 -2
data/third_party/boringssl/crypto/internal.h +81 -0
data/third_party/boringssl/crypto/lhash/lhash.c +7 -13
data/third_party/boringssl/crypto/md4/md4.c +20 -18
data/third_party/boringssl/crypto/md5/md5.c +31 -21
data/third_party/boringssl/crypto/mem.c +4 -10
data/third_party/boringssl/crypto/modes/cbc.c +2 -6
data/third_party/boringssl/crypto/modes/cfb.c +2 -2
data/third_party/boringssl/crypto/modes/ctr.c +1 -1
data/third_party/boringssl/crypto/modes/gcm.c +117 -334
data/third_party/boringssl/crypto/modes/internal.h +107 -84
data/third_party/boringssl/crypto/modes/ofb.c +3 -3
data/third_party/boringssl/crypto/modes/polyval.c +94 -0
data/third_party/boringssl/crypto/obj/obj.c +13 -8
data/third_party/boringssl/crypto/obj/obj_dat.h +6109 -5187
data/third_party/boringssl/crypto/obj/obj_xref.c +55 -57
data/third_party/boringssl/crypto/pem/pem_lib.c +6 -3
data/third_party/boringssl/crypto/pkcs8/internal.h +27 -8
data/third_party/boringssl/crypto/pkcs8/p5_pbev2.c +137 -352
data/third_party/boringssl/crypto/pkcs8/pkcs8.c +371 -364
data/third_party/boringssl/crypto/poly1305/poly1305.c +12 -18
data/third_party/boringssl/crypto/poly1305/poly1305_arm.c +2 -2
data/third_party/boringssl/crypto/{newhope/reduce.c → pool/internal.h} +24 -21
data/third_party/boringssl/crypto/pool/pool.c +200 -0
data/third_party/boringssl/crypto/rand/deterministic.c +6 -5
data/third_party/boringssl/crypto/rand/fuchsia.c +43 -0
data/third_party/boringssl/crypto/rand/rand.c +7 -7
data/third_party/boringssl/crypto/rand/urandom.c +136 -22
data/third_party/boringssl/crypto/rand/windows.c +2 -2
data/third_party/boringssl/crypto/rsa/blinding.c +2 -1
data/third_party/boringssl/crypto/rsa/padding.c +11 -11
data/third_party/boringssl/crypto/rsa/rsa.c +4 -4
data/third_party/boringssl/crypto/rsa/rsa_asn1.c +7 -1
data/third_party/boringssl/crypto/rsa/rsa_impl.c +41 -80
data/third_party/boringssl/crypto/sha/sha1-altivec.c +346 -0
data/third_party/boringssl/crypto/sha/sha1.c +60 -42
data/third_party/boringssl/crypto/sha/sha256.c +4 -2
data/third_party/boringssl/crypto/sha/sha512.c +9 -7
data/third_party/boringssl/crypto/stack/stack.c +10 -7
data/third_party/boringssl/crypto/thread_pthread.c +2 -2
data/third_party/boringssl/crypto/thread_win.c +2 -2
data/third_party/boringssl/crypto/x509/a_verify.c +1 -1
data/third_party/boringssl/crypto/x509/asn1_gen.c +1 -1
data/third_party/boringssl/crypto/x509/by_dir.c +1 -1
data/third_party/boringssl/crypto/x509/t_x509.c +78 -38
data/third_party/boringssl/crypto/x509/x509_cmp.c +8 -5
data/third_party/boringssl/crypto/x509/x509_lu.c +6 -1
data/third_party/boringssl/crypto/x509/x509_obj.c +4 -1
data/third_party/boringssl/crypto/x509/x509_vfy.c +42 -8
data/third_party/boringssl/crypto/x509/x509_vpm.c +8 -6
data/third_party/boringssl/crypto/x509/x509name.c +4 -1
data/third_party/boringssl/crypto/x509/x_crl.c +4 -2
data/third_party/boringssl/crypto/x509/x_name.c +23 -13
data/third_party/boringssl/crypto/x509/x_pkey.c +4 -1
data/third_party/boringssl/crypto/x509/x_x509.c +42 -3
data/third_party/boringssl/crypto/x509v3/pcy_int.h +2 -2
data/third_party/boringssl/crypto/x509v3/pcy_tree.c +2 -1
data/third_party/boringssl/crypto/x509v3/v3_cpols.c +1 -1
data/third_party/boringssl/crypto/x509v3/v3_ia5.c +4 -1
data/third_party/boringssl/crypto/x509v3/v3_ncons.c +4 -1
data/third_party/boringssl/crypto/x509v3/v3_pci.c +6 -3
data/third_party/boringssl/crypto/x509v3/v3_purp.c +13 -21
data/third_party/boringssl/crypto/x509v3/v3_utl.c +19 -33
data/third_party/boringssl/include/openssl/aead.h +9 -20
data/third_party/boringssl/include/openssl/aes.h +21 -9
data/third_party/boringssl/include/openssl/asn1.h +9 -1
data/third_party/boringssl/include/openssl/base.h +33 -6
data/third_party/boringssl/include/openssl/bio.h +10 -103
data/third_party/boringssl/include/openssl/bn.h +58 -42
data/third_party/boringssl/include/openssl/bytestring.h +17 -0
data/third_party/boringssl/include/openssl/cipher.h +4 -3
data/third_party/boringssl/include/openssl/conf.h +4 -1
data/third_party/boringssl/include/openssl/curve25519.h +13 -0
data/third_party/boringssl/include/openssl/digest.h +5 -3
data/third_party/boringssl/include/openssl/dsa.h +5 -5
data/third_party/boringssl/include/openssl/ec.h +2 -2
data/third_party/boringssl/include/openssl/ecdh.h +3 -4
data/third_party/boringssl/include/openssl/ecdsa.h +10 -10
data/third_party/boringssl/include/openssl/err.h +5 -5
data/third_party/boringssl/include/openssl/evp.h +11 -7
data/third_party/boringssl/include/openssl/lhash.h +2 -3
data/third_party/boringssl/include/openssl/lhash_macros.h +56 -14
data/third_party/boringssl/include/openssl/nid.h +2949 -2916
data/third_party/boringssl/include/openssl/obj.h +1 -1
data/third_party/boringssl/include/openssl/pkcs8.h +21 -42
data/third_party/boringssl/include/openssl/pool.h +87 -0
data/third_party/boringssl/include/openssl/rand.h +1 -1
data/third_party/boringssl/include/openssl/rsa.h +4 -2
data/third_party/boringssl/include/openssl/sha.h +0 -4
data/third_party/boringssl/include/openssl/ssl.h +327 -662
data/third_party/boringssl/include/openssl/ssl3.h +1 -21
data/third_party/boringssl/include/openssl/stack.h +1 -0
data/third_party/boringssl/include/openssl/stack_macros.h +85 -0
data/third_party/boringssl/include/openssl/tls1.h +23 -52
data/third_party/boringssl/include/openssl/type_check.h +4 -0
data/third_party/boringssl/include/openssl/x509.h +10 -59
data/third_party/boringssl/include/openssl/x509_vfy.h +7 -1
data/third_party/boringssl/include/openssl/x509v3.h +4 -4
data/third_party/boringssl/ssl/bio_ssl.c +175 -0
data/third_party/boringssl/ssl/custom_extensions.c +24 -21
data/third_party/boringssl/ssl/d1_both.c +259 -289
data/third_party/boringssl/ssl/d1_lib.c +8 -20
data/third_party/boringssl/ssl/d1_pkt.c +6 -15
data/third_party/boringssl/ssl/dtls_method.c +22 -8
data/third_party/boringssl/ssl/dtls_record.c +27 -2
data/third_party/boringssl/ssl/handshake_client.c +460 -579
data/third_party/boringssl/ssl/handshake_server.c +662 -644
data/third_party/boringssl/ssl/internal.h +1009 -375
data/third_party/boringssl/ssl/s3_both.c +312 -162
data/third_party/boringssl/ssl/s3_lib.c +12 -128
data/third_party/boringssl/ssl/s3_pkt.c +22 -30
data/third_party/boringssl/ssl/ssl_aead_ctx.c +28 -22
data/third_party/boringssl/ssl/ssl_asn1.c +210 -114
data/third_party/boringssl/ssl/ssl_buffer.c +2 -1
data/third_party/boringssl/ssl/ssl_cert.c +417 -219
data/third_party/boringssl/ssl/ssl_cipher.c +191 -393
data/third_party/boringssl/ssl/ssl_ecdh.c +19 -164
data/third_party/boringssl/ssl/ssl_file.c +0 -11
data/third_party/boringssl/ssl/ssl_lib.c +325 -652
data/third_party/boringssl/ssl/{ssl_rsa.c → ssl_privkey.c} +21 -131
data/third_party/boringssl/ssl/ssl_privkey_cc.cc +76 -0
data/third_party/boringssl/ssl/ssl_session.c +206 -95
data/third_party/boringssl/ssl/ssl_stat.c +18 -84
data/third_party/boringssl/ssl/{s3_enc.c → ssl_transcript.c} +150 -157
data/third_party/boringssl/ssl/ssl_x509.c +815 -0
data/third_party/boringssl/ssl/t1_enc.c +188 -174
data/third_party/boringssl/ssl/t1_lib.c +1064 -764
data/third_party/boringssl/ssl/tls13_both.c +290 -96
data/third_party/boringssl/ssl/tls13_client.c +344 -314
data/third_party/boringssl/ssl/tls13_enc.c +239 -200
data/third_party/boringssl/ssl/tls13_server.c +374 -366
data/third_party/boringssl/ssl/tls_method.c +40 -5
data/third_party/boringssl/ssl/tls_record.c +166 -71
metadata +39 -25
data/src/core/lib/iomgr/workqueue.h +0 -87
data/src/core/lib/iomgr/workqueue_uv.c +0 -65
data/src/core/lib/iomgr/workqueue_uv.h +0 -37
data/src/core/lib/iomgr/workqueue_windows.c +0 -63
data/src/core/lib/iomgr/workqueue_windows.h +0 -37
data/third_party/boringssl/crypto/bio/buffer.c +0 -496
data/third_party/boringssl/crypto/newhope/error_correction.c +0 -131
data/third_party/boringssl/crypto/newhope/internal.h +0 -71
data/third_party/boringssl/crypto/newhope/newhope.c +0 -174
data/third_party/boringssl/crypto/newhope/ntt.c +0 -148
data/third_party/boringssl/crypto/newhope/poly.c +0 -183
data/third_party/boringssl/crypto/newhope/precomp.c +0 -306
data/third_party/boringssl/crypto/obj/obj_xref.h +0 -96
data/third_party/boringssl/crypto/pkcs8/p5_pbe.c +0 -151
data/third_party/boringssl/include/openssl/newhope.h +0 -158
data/third_party/boringssl/include/openssl/time_support.h +0 -91

data/third_party/boringssl/include/openssl/x509v3.h CHANGED

@@ -230,7 +230,7 @@ X509_NAME *dpname;
 /* All existing reasons */
 #define CRLDP_ALL_REASONS	0x807f
-#define CRL_REASON_NONE				-1
+#define CRL_REASON_NONE				(-1)
 #define CRL_REASON_UNSPECIFIED			0
 #define CRL_REASON_KEY_COMPROMISE		1
 #define CRL_REASON_CA_COMPROMISE		2
@@ -376,8 +376,8 @@ struct ISSUING_DIST_POINT_st
 /* onlysomereasons present */
 #define IDP_REASONS	0x40
-#define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \
-",name:", val->name, ",value:", val->value);
+#define X509V3_conf_err(val) ERR_add_error_data(6, "section:", (val)->section, \
+",name:", (val)->name, ",value:", (val)->value);
 #define X509V3_set_ctx_test(ctx) \
 			X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)
@@ -389,7 +389,7 @@ struct ISSUING_DIST_POINT_st
 			(X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \
 			(X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \
 			NULL, NULL, \
-			(void *)table}
+			(void *)(table)}
 #define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \
 			0,0,0,0, \

data/third_party/boringssl/ssl/bio_ssl.c ADDED

@@ -0,0 +1,175 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+#include <openssl/ssl.h>
+#include <openssl/bio.h>
+static int ssl_read(BIO *bio, char *out, int outl) {
+  SSL *ssl = bio->ptr;
+  if (ssl == NULL) {
+    return 0;
+  }
+  BIO_clear_retry_flags(bio);
+  const int ret = SSL_read(ssl, out, outl);
+  switch (SSL_get_error(ssl, ret)) {
+    case SSL_ERROR_WANT_READ:
+      BIO_set_retry_read(bio);
+      break;
+    case SSL_ERROR_WANT_WRITE:
+      BIO_set_retry_write(bio);
+      break;
+    case SSL_ERROR_WANT_ACCEPT:
+      BIO_set_retry_special(bio);
+      bio->retry_reason = BIO_RR_ACCEPT;
+      break;
+    case SSL_ERROR_WANT_CONNECT:
+      BIO_set_retry_special(bio);
+      bio->retry_reason = BIO_RR_CONNECT;
+      break;
+    case SSL_ERROR_NONE:
+    case SSL_ERROR_SYSCALL:
+    case SSL_ERROR_SSL:
+    case SSL_ERROR_ZERO_RETURN:
+    default:
+      break;
+  }
+  return ret;
+}
+static int ssl_write(BIO *bio, const char *out, int outl) {
+  SSL *ssl = bio->ptr;
+  if (ssl == NULL) {
+    return 0;
+  }
+  BIO_clear_retry_flags(bio);
+  const int ret = SSL_write(ssl, out, outl);
+  switch (SSL_get_error(ssl, ret)) {
+    case SSL_ERROR_WANT_WRITE:
+      BIO_set_retry_write(bio);
+      break;
+    case SSL_ERROR_WANT_READ:
+      BIO_set_retry_read(bio);
+      break;
+    case SSL_ERROR_WANT_CONNECT:
+      BIO_set_retry_special(bio);
+      bio->retry_reason = BIO_RR_CONNECT;
+      break;
+    case SSL_ERROR_NONE:
+    case SSL_ERROR_SYSCALL:
+    case SSL_ERROR_SSL:
+    default:
+      break;
+  }
+  return ret;
+}
+static long ssl_ctrl(BIO *bio, int cmd, long num, void *ptr) {
+  SSL *ssl = bio->ptr;
+  if (ssl == NULL && cmd != BIO_C_SET_SSL) {
+    return 0;
+  }
+  switch (cmd) {
+    case BIO_C_SET_SSL:
+      bio->shutdown = num;
+      bio->ptr = ptr;
+      bio->init = 1;
+      return 1;
+    case BIO_CTRL_GET_CLOSE:
+      return bio->shutdown;
+    case BIO_CTRL_SET_CLOSE:
+      bio->shutdown = num;
+      return 1;
+    case BIO_CTRL_WPENDING:
+      return BIO_ctrl(SSL_get_wbio(ssl), cmd, num, ptr);
+    case BIO_CTRL_PENDING:
+      return SSL_pending(ssl);
+    case BIO_CTRL_FLUSH: {
+      BIO_clear_retry_flags(bio);
+      long ret = BIO_ctrl(SSL_get_wbio(ssl), cmd, num, ptr);
+      BIO_copy_next_retry(bio);
+      return ret;
+    }
+    case BIO_CTRL_PUSH:
+    case BIO_CTRL_POP:
+    case BIO_CTRL_DUP:
+      return -1;
+    default:
+      return BIO_ctrl(SSL_get_rbio(ssl), cmd, num, ptr);
+  }
+}
+static int ssl_new(BIO *bio) {
+  return 1;
+}
+static int ssl_free(BIO *bio) {
+  SSL *ssl = bio->ptr;
+  if (ssl == NULL) {
+    return 1;
+  }
+  SSL_shutdown(ssl);
+  if (bio->shutdown) {
+    SSL_free(ssl);
+  }
+  return 1;
+}
+static long ssl_callback_ctrl(BIO *bio, int cmd, bio_info_cb fp) {
+  SSL *ssl = bio->ptr;
+  if (ssl == NULL) {
+    return 0;
+  }
+  switch (cmd) {
+    case BIO_CTRL_SET_CALLBACK:
+      return -1;
+    default:
+      return BIO_callback_ctrl(SSL_get_rbio(ssl), cmd, fp);
+  }
+}
+static const BIO_METHOD ssl_method = {
+    BIO_TYPE_SSL, "SSL",    ssl_write, ssl_read, NULL,
+    NULL,         ssl_ctrl, ssl_new,   ssl_free, ssl_callback_ctrl,
+};
+const BIO_METHOD *BIO_f_ssl(void) { return &ssl_method; }
+long BIO_set_ssl(BIO *bio, SSL *ssl, int take_owership) {
+  return BIO_ctrl(bio, BIO_C_SET_SSL, take_owership, ssl);
+}

data/third_party/boringssl/ssl/custom_extensions.c CHANGED

@@ -58,7 +58,8 @@ static int default_add_callback(SSL *ssl, unsigned extension_value,
   return 1;
 }
-static int custom_ext_add_hello(SSL *ssl, CBB *extensions) {
+static int custom_ext_add_hello(SSL_HANDSHAKE *hs, CBB *extensions) {
+  SSL *const ssl = hs->ssl;
   STACK_OF(SSL_CUSTOM_EXTENSION) *stack = ssl->ctx->client_custom_extensions;
   if (ssl->server) {
     stack = ssl->ctx->server_custom_extensions;
@@ -72,7 +73,7 @@ static int custom_ext_add_hello(SSL *ssl, CBB *extensions) {
     const SSL_CUSTOM_EXTENSION *ext = sk_SSL_CUSTOM_EXTENSION_value(stack, i);
     if (ssl->server &&
-        !(ssl->s3->tmp.custom_extensions.received & (1u << i))) {
+        !(hs->custom_extensions.received & (1u << i))) {
       /* Servers cannot echo extensions that the client didn't send. */
       continue;
     }
@@ -90,7 +91,7 @@ static int custom_ext_add_hello(SSL *ssl, CBB *extensions) {
             !CBB_add_bytes(&contents_cbb, contents, contents_len) ||
             !CBB_flush(extensions)) {
           OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
-          ERR_add_error_dataf("extension: %u", (unsigned) ext->value);
+          ERR_add_error_dataf("extension %u", (unsigned) ext->value);
           if (ext->free_callback && 0 < contents_len) {
             ext->free_callback(ssl, ext->value, contents, ext->add_arg);
           }
@@ -102,8 +103,8 @@ static int custom_ext_add_hello(SSL *ssl, CBB *extensions) {
         }
         if (!ssl->server) {
-          assert((ssl->s3->tmp.custom_extensions.sent & (1u << i)) == 0);
-          ssl->s3->tmp.custom_extensions.sent |= (1u << i);
+          assert((hs->custom_extensions.sent & (1u << i)) == 0);
+          hs->custom_extensions.sent |= (1u << i);
         }
         break;
@@ -113,7 +114,7 @@ static int custom_ext_add_hello(SSL *ssl, CBB *extensions) {
       default:
         ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
         OPENSSL_PUT_ERROR(SSL, SSL_R_CUSTOM_EXTENSION_ERROR);
-        ERR_add_error_dataf("extension: %u", (unsigned) ext->value);
+        ERR_add_error_dataf("extension %u", (unsigned) ext->value);
         return 0;
     }
   }
@@ -121,12 +122,13 @@ static int custom_ext_add_hello(SSL *ssl, CBB *extensions) {
   return 1;
 }
-int custom_ext_add_clienthello(SSL *ssl, CBB *extensions) {
-  return custom_ext_add_hello(ssl, extensions);
+int custom_ext_add_clienthello(SSL_HANDSHAKE *hs, CBB *extensions) {
+  return custom_ext_add_hello(hs, extensions);
 }
-int custom_ext_parse_serverhello(SSL *ssl, int *out_alert, uint16_t value,
-                                 const CBS *extension) {
+int custom_ext_parse_serverhello(SSL_HANDSHAKE *hs, int *out_alert,
+                                 uint16_t value, const CBS *extension) {
+  SSL *const ssl = hs->ssl;
   unsigned index;
   const SSL_CUSTOM_EXTENSION *ext =
       custom_ext_find(ssl->ctx->client_custom_extensions, &index, value);
@@ -134,9 +136,9 @@ int custom_ext_parse_serverhello(SSL *ssl, int *out_alert, uint16_t value,
   if (/* Unknown extensions are not allowed in a ServerHello. */
       ext == NULL ||
       /* Also, if we didn't send the extension, that's also unacceptable. */
-      !(ssl->s3->tmp.custom_extensions.sent & (1u << index))) {
+      !(hs->custom_extensions.sent & (1u << index))) {
     OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
-    ERR_add_error_dataf("extension: %u", (unsigned)value);
+    ERR_add_error_dataf("extension %u", (unsigned)value);
     *out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
     return 0;
   }
@@ -145,15 +147,16 @@ int custom_ext_parse_serverhello(SSL *ssl, int *out_alert, uint16_t value,
       !ext->parse_callback(ssl, value, CBS_data(extension), CBS_len(extension),
                            out_alert, ext->parse_arg)) {
     OPENSSL_PUT_ERROR(SSL, SSL_R_CUSTOM_EXTENSION_ERROR);
-    ERR_add_error_dataf("extension: %u", (unsigned)ext->value);
+    ERR_add_error_dataf("extension %u", (unsigned)ext->value);
     return 0;
   }
   return 1;
 }
-int custom_ext_parse_clienthello(SSL *ssl, int *out_alert, uint16_t value,
-                                 const CBS *extension) {
+int custom_ext_parse_clienthello(SSL_HANDSHAKE *hs, int *out_alert,
+                                 uint16_t value, const CBS *extension) {
+  SSL *const ssl = hs->ssl;
   unsigned index;
   const SSL_CUSTOM_EXTENSION *ext =
       custom_ext_find(ssl->ctx->server_custom_extensions, &index, value);
@@ -162,29 +165,29 @@ int custom_ext_parse_clienthello(SSL *ssl, int *out_alert, uint16_t value,
     return 1;
   }
-  assert((ssl->s3->tmp.custom_extensions.received & (1u << index)) == 0);
-  ssl->s3->tmp.custom_extensions.received |= (1u << index);
+  assert((hs->custom_extensions.received & (1u << index)) == 0);
+  hs->custom_extensions.received |= (1u << index);
   if (ext->parse_callback &&
       !ext->parse_callback(ssl, value, CBS_data(extension), CBS_len(extension),
                            out_alert, ext->parse_arg)) {
     OPENSSL_PUT_ERROR(SSL, SSL_R_CUSTOM_EXTENSION_ERROR);
-    ERR_add_error_dataf("extension: %u", (unsigned)ext->value);
+    ERR_add_error_dataf("extension %u", (unsigned)ext->value);
     return 0;
   }
   return 1;
 }
-int custom_ext_add_serverhello(SSL *ssl, CBB *extensions) {
-  return custom_ext_add_hello(ssl, extensions);
+int custom_ext_add_serverhello(SSL_HANDSHAKE *hs, CBB *extensions) {
+  return custom_ext_add_hello(hs, extensions);
 }
 /* MAX_NUM_CUSTOM_EXTENSIONS is the maximum number of custom extensions that
  * can be set on an |SSL_CTX|. It's determined by the size of the bitset used
  * to track when an extension has been sent. */
 #define MAX_NUM_CUSTOM_EXTENSIONS \
-  (sizeof(((struct ssl3_state_st *)NULL)->tmp.custom_extensions.sent) * 8)
+  (sizeof(((SSL_HANDSHAKE *)NULL)->custom_extensions.sent) * 8)
 static int custom_ext_append(STACK_OF(SSL_CUSTOM_EXTENSION) **stack,
                              unsigned extension_value,

data/third_party/boringssl/ssl/d1_both.c CHANGED

@@ -122,8 +122,10 @@
 #include <openssl/evp.h>
 #include <openssl/mem.h>
 #include <openssl/rand.h>
+#include <openssl/type_check.h>
 #include <openssl/x509.h>
+#include "../crypto/internal.h"
 #include "internal.h"
@@ -157,7 +159,7 @@ static hm_fragment *dtls1_hm_fragment_new(const struct hm_header_st *msg_hdr) {
     OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
     return NULL;
   }
-  memset(frag, 0, sizeof(hm_fragment));
+  OPENSSL_memset(frag, 0, sizeof(hm_fragment));
   frag->type = msg_hdr->type;
   frag->seq = msg_hdr->seq;
   frag->msg_len = msg_hdr->msg_len;
@@ -195,7 +197,7 @@ static hm_fragment *dtls1_hm_fragment_new(const struct hm_header_st *msg_hdr) {
       OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
       goto err;
     }
-    memset(frag->reassembly, 0, bitmask_len);
+    OPENSSL_memset(frag->reassembly, 0, bitmask_len);
   }
   return frag;
@@ -310,9 +312,9 @@ start:
   }
   /* Cross-epoch records are discarded, but we may receive out-of-order
-   * application data between ChangeCipherSpec and Finished or a ChangeCipherSpec
-   * before the appropriate point in the handshake. Those must be silently
-   * discarded.
+   * application data between ChangeCipherSpec and Finished or a
+   * ChangeCipherSpec before the appropriate point in the handshake. Those must
+   * be silently discarded.
    *
    * However, only allow the out-of-order records in the correct epoch.
    * Application data must come in the encrypted epoch, and ChangeCipherSpec in
@@ -383,8 +385,8 @@ start:
     assert(msg_len > 0);
     /* Copy the body into the fragment. */
-    memcpy(frag->data + DTLS1_HM_HEADER_LENGTH + frag_off, CBS_data(&body),
-           CBS_len(&body));
+    OPENSSL_memcpy(frag->data + DTLS1_HM_HEADER_LENGTH + frag_off,
+                   CBS_data(&body), CBS_len(&body));
     dtls1_hm_fragment_mark(frag, frag_off, frag_off + frag_len);
   }
@@ -393,17 +395,11 @@ start:
   return 1;
 }
-int dtls1_get_message(SSL *ssl, int msg_type,
-                      enum ssl_hash_message_t hash_message) {
+int dtls1_get_message(SSL *ssl) {
   if (ssl->s3->tmp.reuse_message) {
-    /* A ssl_dont_hash_message call cannot be combined with reuse_message; the
-     * ssl_dont_hash_message would have to have been applied to the previous
-     * call. */
-    assert(hash_message == ssl_hash_message);
+    /* There must be a current message. */
     assert(ssl->init_msg != NULL);
     ssl->s3->tmp.reuse_message = 0;
-    hash_message = ssl_dont_hash_message;
   } else {
     dtls1_release_current_message(ssl, 0 /* don't free buffer */);
   }
@@ -428,27 +424,17 @@ int dtls1_get_message(SSL *ssl, int msg_type,
   ssl->init_msg = frag->data + DTLS1_HM_HEADER_LENGTH;
   ssl->init_num = frag->msg_len;
-  if (msg_type >= 0 && ssl->s3->tmp.message_type != msg_type) {
-    ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
-    OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_MESSAGE);
-    return -1;
-  }
-  if (hash_message == ssl_hash_message && !dtls1_hash_current_message(ssl)) {
-    return -1;
-  }
   ssl_do_msg_callback(ssl, 0 /* read */, SSL3_RT_HANDSHAKE, frag->data,
                       ssl->init_num + DTLS1_HM_HEADER_LENGTH);
   return 1;
 }
-int dtls1_hash_current_message(SSL *ssl) {
+void dtls1_get_current_message(const SSL *ssl, CBS *out) {
   assert(dtls1_is_current_message_complete(ssl));
   hm_fragment *frag = ssl->d1->incoming_messages[ssl->d1->handshake_read_seq %
                                                  SSL_MAX_HANDSHAKE_FLIGHT];
-  return ssl3_update_handshake_hash(ssl, frag->data,
-                                    DTLS1_HM_HEADER_LENGTH + frag->msg_len);
+  CBS_init(out, frag->data, DTLS1_HM_HEADER_LENGTH + frag->msg_len);
 }
 void dtls1_release_current_message(SSL *ssl, int free_buffer) {
@@ -490,7 +476,7 @@ int dtls_has_incoming_messages(const SSL *ssl) {
 int dtls1_parse_fragment(CBS *cbs, struct hm_header_st *out_hdr,
                          CBS *out_body) {
-  memset(out_hdr, 0x00, sizeof(struct hm_header_st));
+  OPENSSL_memset(out_hdr, 0x00, sizeof(struct hm_header_st));
   if (!CBS_get_u8(cbs, &out_hdr->type) ||
       !CBS_get_u24(cbs, &out_hdr->msg_len) ||
@@ -507,279 +493,138 @@ int dtls1_parse_fragment(CBS *cbs, struct hm_header_st *out_hdr,
 /* Sending handshake messages. */
-static void dtls1_update_mtu(SSL *ssl) {
-  /* TODO(davidben): What is this code doing and do we need it? */
-  if (ssl->d1->mtu < dtls1_min_mtu() &&
-      !(SSL_get_options(ssl) & SSL_OP_NO_QUERY_MTU)) {
-    long mtu = BIO_ctrl(ssl->wbio, BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
-    if (mtu >= 0 && mtu <= (1 << 30) && (unsigned)mtu >= dtls1_min_mtu()) {
-      ssl->d1->mtu = (unsigned)mtu;
-    } else {
-      ssl->d1->mtu = kDefaultMTU;
-      BIO_ctrl(ssl->wbio, BIO_CTRL_DGRAM_SET_MTU, ssl->d1->mtu, NULL);
-    }
+void dtls_clear_outgoing_messages(SSL *ssl) {
+  for (size_t i = 0; i < ssl->d1->outgoing_messages_len; i++) {
+    OPENSSL_free(ssl->d1->outgoing_messages[i].data);
+    ssl->d1->outgoing_messages[i].data = NULL;
   }
-  /* The MTU should be above the minimum now. */
-  assert(ssl->d1->mtu >= dtls1_min_mtu());
+  ssl->d1->outgoing_messages_len = 0;
+  ssl->d1->outgoing_written = 0;
+  ssl->d1->outgoing_offset = 0;
 }
-/* dtls1_max_record_size returns the maximum record body length that may be
- * written without exceeding the MTU. It accounts for any buffering installed on
- * the write BIO. If no record may be written, it returns zero. */
-static size_t dtls1_max_record_size(SSL *ssl) {
-  size_t ret = ssl->d1->mtu;
-  size_t overhead = ssl_max_seal_overhead(ssl);
-  if (ret <= overhead) {
-    return 0;
-  }
-  ret -= overhead;
-  size_t pending = BIO_wpending(ssl->wbio);
-  if (ret <= pending) {
+int dtls1_init_message(SSL *ssl, CBB *cbb, CBB *body, uint8_t type) {
+  /* Pick a modest size hint to save most of the |realloc| calls. */
+  if (!CBB_init(cbb, 64) ||
+      !CBB_add_u8(cbb, type) ||
+      !CBB_add_u24(cbb, 0 /* length (filled in later) */) ||
+      !CBB_add_u16(cbb, ssl->d1->handshake_write_seq) ||
+      !CBB_add_u24(cbb, 0 /* offset */) ||
+      !CBB_add_u24_length_prefixed(cbb, body)) {
     return 0;
   }
-  ret -= pending;
-  return ret;
-}
-static int dtls1_write_change_cipher_spec(SSL *ssl,
-                                          enum dtls1_use_epoch_t use_epoch) {
-  dtls1_update_mtu(ssl);
-  /* During the handshake, wbio is buffered to pack messages together. Flush the
-   * buffer if the ChangeCipherSpec would not fit in a packet. */
-  if (dtls1_max_record_size(ssl) == 0) {
-    int ret = BIO_flush(ssl->wbio);
-    if (ret <= 0) {
-      ssl->rwstate = SSL_WRITING;
-      return ret;
-    }
-  }
-  static const uint8_t kChangeCipherSpec[1] = {SSL3_MT_CCS};
-  int ret =
-      dtls1_write_record(ssl, SSL3_RT_CHANGE_CIPHER_SPEC, kChangeCipherSpec,
-                         sizeof(kChangeCipherSpec), use_epoch);
-  if (ret <= 0) {
-    return ret;
-  }
-  ssl_do_msg_callback(ssl, 1 /* write */, SSL3_RT_CHANGE_CIPHER_SPEC,
-                      kChangeCipherSpec, sizeof(kChangeCipherSpec));
   return 1;
 }
-/* dtls1_do_handshake_write writes handshake message |in| using the given epoch,
- * starting |offset| bytes into the message body. It returns one on success. On
- * error, it returns <= 0 and sets |*out_offset| to the number of bytes of body
- * that were successfully written. This may be used to retry the write
- * later. |in| must be a reassembled handshake message with the full DTLS
- * handshake header. */
-static int dtls1_do_handshake_write(SSL *ssl, size_t *out_offset,
-                                    const uint8_t *in, size_t offset,
-                                    size_t len,
-                                    enum dtls1_use_epoch_t use_epoch) {
-  dtls1_update_mtu(ssl);
-  int ret = -1;
-  CBB cbb;
-  CBB_zero(&cbb);
-  /* Allocate a temporary buffer to hold the message fragments to avoid
-   * clobbering the message. */
-  uint8_t *buf = OPENSSL_malloc(ssl->d1->mtu);
-  if (buf == NULL) {
-    goto err;
-  }
-  /* Although it may be sent as multiple fragments, a DTLS message must be sent
-   * serialized as a single fragment for purposes of |ssl_do_msg_callback| and
-   * the handshake hash. */
-  CBS cbs, body;
-  struct hm_header_st hdr;
-  CBS_init(&cbs, in, len);
-  if (!dtls1_parse_fragment(&cbs, &hdr, &body) ||
-      hdr.frag_off != 0 ||
-      hdr.frag_len != CBS_len(&body) ||
-      hdr.msg_len != CBS_len(&body) ||
-      !CBS_skip(&body, offset) ||
-      CBS_len(&cbs) != 0) {
-    OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
-    goto err;
-  }
-  do {
-    /* During the handshake, wbio is buffered to pack messages together. Flush
-     * the buffer if there isn't enough room to make progress. */
-    if (dtls1_max_record_size(ssl) < DTLS1_HM_HEADER_LENGTH + 1) {
-      int flush_ret = BIO_flush(ssl->wbio);
-      if (flush_ret <= 0) {
-        ssl->rwstate = SSL_WRITING;
-        ret = flush_ret;
-        goto err;
-      }
-      assert(BIO_wpending(ssl->wbio) == 0);
-    }
-    size_t todo = dtls1_max_record_size(ssl);
-    if (todo < DTLS1_HM_HEADER_LENGTH + 1) {
-      /* To make forward progress, the MTU must, at minimum, fit the handshake
-       * header and one byte of handshake body. */
-      OPENSSL_PUT_ERROR(SSL, SSL_R_MTU_TOO_SMALL);
-      goto err;
-    }
-    todo -= DTLS1_HM_HEADER_LENGTH;
-    if (todo > CBS_len(&body)) {
-      todo = CBS_len(&body);
-    }
-    if (todo >= (1u << 24)) {
-      todo = (1u << 24) - 1;
-    }
-    size_t buf_len;
-    if (!CBB_init_fixed(&cbb, buf, ssl->d1->mtu) ||
-        !CBB_add_u8(&cbb, hdr.type) ||
-        !CBB_add_u24(&cbb, hdr.msg_len) ||
-        !CBB_add_u16(&cbb, hdr.seq) ||
-        !CBB_add_u24(&cbb, offset) ||
-        !CBB_add_u24(&cbb, todo) ||
-        !CBB_add_bytes(&cbb, CBS_data(&body), todo) ||
-        !CBB_finish(&cbb, NULL, &buf_len)) {
-      OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
-      goto err;
-    }
-    int write_ret =
-        dtls1_write_record(ssl, SSL3_RT_HANDSHAKE, buf, buf_len, use_epoch);
-    if (write_ret <= 0) {
-      ret = write_ret;
-      goto err;
-    }
-    if (!CBS_skip(&body, todo)) {
-      OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
-      goto err;
-    }
-    offset += todo;
-  } while (CBS_len(&body) != 0);
-  ssl_do_msg_callback(ssl, 1 /* write */, SSL3_RT_HANDSHAKE, in, len);
-  ret = 1;
-err:
-  *out_offset = offset;
-  CBB_cleanup(&cbb);
-  OPENSSL_free(buf);
-  return ret;
-}
-void dtls_clear_outgoing_messages(SSL *ssl) {
-  for (size_t i = 0; i < ssl->d1->outgoing_messages_len; i++) {
-    OPENSSL_free(ssl->d1->outgoing_messages[i].data);
-    ssl->d1->outgoing_messages[i].data = NULL;
-  }
-  ssl->d1->outgoing_messages_len = 0;
-}
-/* dtls1_add_change_cipher_spec adds a ChangeCipherSpec to the current
- * handshake flight. */
-static int dtls1_add_change_cipher_spec(SSL *ssl) {
-  if (ssl->d1->outgoing_messages_len >= SSL_MAX_HANDSHAKE_FLIGHT) {
+int dtls1_finish_message(SSL *ssl, CBB *cbb, uint8_t **out_msg,
+                         size_t *out_len) {
+  *out_msg = NULL;
+  if (!CBB_finish(cbb, out_msg, out_len) ||
+      *out_len < DTLS1_HM_HEADER_LENGTH) {
     OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
+    OPENSSL_free(*out_msg);
     return 0;
   }
-  DTLS_OUTGOING_MESSAGE *msg =
-      &ssl->d1->outgoing_messages[ssl->d1->outgoing_messages_len];
-  msg->data = NULL;
-  msg->len = 0;
-  msg->epoch = ssl->d1->w_epoch;
-  msg->is_ccs = 1;
-  ssl->d1->outgoing_messages_len++;
+  /* Fix up the header. Copy the fragment length into the total message
+   * length. */
+  OPENSSL_memcpy(*out_msg + 1, *out_msg + DTLS1_HM_HEADER_LENGTH - 3, 3);
   return 1;
 }
-static int dtls1_add_message(SSL *ssl, uint8_t *data, size_t len) {
+/* add_outgoing adds a new handshake message or ChangeCipherSpec to the current
+ * outgoing flight. It returns one on success and zero on error. In both cases,
+ * it takes ownership of |data| and releases it with |OPENSSL_free| when
+ * done. */
+static int add_outgoing(SSL *ssl, int is_ccs, uint8_t *data, size_t len) {
+  OPENSSL_COMPILE_ASSERT(SSL_MAX_HANDSHAKE_FLIGHT <
+                             (1 << 8 * sizeof(ssl->d1->outgoing_messages_len)),
+                         outgoing_messages_len_is_too_small);
   if (ssl->d1->outgoing_messages_len >= SSL_MAX_HANDSHAKE_FLIGHT) {
+    assert(0);
     OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
     OPENSSL_free(data);
     return 0;
   }
+  if (!is_ccs) {
+    /* TODO(svaldez): Move this up a layer to fix abstraction for SSL_TRANSCRIPT
+     * on hs. */
+    if (ssl->s3->hs != NULL &&
+        !SSL_TRANSCRIPT_update(&ssl->s3->hs->transcript, data, len)) {
+      OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
+      OPENSSL_free(data);
+      return 0;
+    }
+    ssl->d1->handshake_write_seq++;
+  }
   DTLS_OUTGOING_MESSAGE *msg =
       &ssl->d1->outgoing_messages[ssl->d1->outgoing_messages_len];
   msg->data = data;
   msg->len = len;
   msg->epoch = ssl->d1->w_epoch;
-  msg->is_ccs = 0;
+  msg->is_ccs = is_ccs;
   ssl->d1->outgoing_messages_len++;
   return 1;
 }
-int dtls1_init_message(SSL *ssl, CBB *cbb, CBB *body, uint8_t type) {
-  /* Pick a modest size hint to save most of the |realloc| calls. */
-  if (!CBB_init(cbb, 64) ||
-      !CBB_add_u8(cbb, type) ||
-      !CBB_add_u24(cbb, 0 /* length (filled in later) */) ||
-      !CBB_add_u16(cbb, ssl->d1->handshake_write_seq) ||
-      !CBB_add_u24(cbb, 0 /* offset */) ||
-      !CBB_add_u24_length_prefixed(cbb, body)) {
-    return 0;
-  }
-  return 1;
+int dtls1_add_message(SSL *ssl, uint8_t *data, size_t len) {
+  return add_outgoing(ssl, 0 /* handshake */, data, len);
 }
-int dtls1_finish_message(SSL *ssl, CBB *cbb) {
-  uint8_t *msg = NULL;
-  size_t len;
-  if (!CBB_finish(cbb, &msg, &len) ||
-      len > 0xffffffffu ||
-      len < DTLS1_HM_HEADER_LENGTH) {
-    OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
-    OPENSSL_free(msg);
-    return 0;
-  }
-  /* Fix up the header. Copy the fragment length into the total message
-   * length. */
-  memcpy(msg + 1, msg + DTLS1_HM_HEADER_LENGTH - 3, 3);
-  ssl3_update_handshake_hash(ssl, msg, len);
-  ssl->d1->handshake_write_seq++;
-  ssl->init_off = 0;
-  return dtls1_add_message(ssl, msg, len);
+int dtls1_add_change_cipher_spec(SSL *ssl) {
+  return add_outgoing(ssl, 1 /* ChangeCipherSpec */, NULL, 0);
 }
-int dtls1_write_message(SSL *ssl) {
-  if (ssl->d1->outgoing_messages_len == 0) {
-    OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
-    return -1;
-  }
+int dtls1_add_alert(SSL *ssl, uint8_t level, uint8_t desc) {
+  /* The |add_alert| path is only used for warning alerts for now, which DTLS
+   * never sends. This will be implemented later once closure alerts are
+   * converted. */
+  assert(0);
+  OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
+  return 0;
+}
-  const DTLS_OUTGOING_MESSAGE *msg =
-      &ssl->d1->outgoing_messages[ssl->d1->outgoing_messages_len - 1];
-  if (msg->is_ccs) {
-    OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
-    return -1;
+/* dtls1_update_mtu updates the current MTU from the BIO, ensuring it is above
+ * the minimum. */
+static void dtls1_update_mtu(SSL *ssl) {
+  /* TODO(davidben): No consumer implements |BIO_CTRL_DGRAM_SET_MTU| and the
+   * only |BIO_CTRL_DGRAM_QUERY_MTU| implementation could use
+   * |SSL_set_mtu|. Does this need to be so complex?  */
+  if (ssl->d1->mtu < dtls1_min_mtu() &&
+      !(SSL_get_options(ssl) & SSL_OP_NO_QUERY_MTU)) {
+    long mtu = BIO_ctrl(ssl->wbio, BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
+    if (mtu >= 0 && mtu <= (1 << 30) && (unsigned)mtu >= dtls1_min_mtu()) {
+      ssl->d1->mtu = (unsigned)mtu;
+    } else {
+      ssl->d1->mtu = kDefaultMTU;
+      BIO_ctrl(ssl->wbio, BIO_CTRL_DGRAM_SET_MTU, ssl->d1->mtu, NULL);
+    }
   }
-  size_t offset = ssl->init_off;
-  int ret = dtls1_do_handshake_write(ssl, &offset, msg->data, offset, msg->len,
-                                     dtls1_use_current_epoch);
-  ssl->init_off = offset;
-  return ret;
+  /* The MTU should be above the minimum now. */
+  assert(ssl->d1->mtu >= dtls1_min_mtu());
 }
-static int dtls1_retransmit_message(SSL *ssl,
-                                    const DTLS_OUTGOING_MESSAGE *msg) {
+enum seal_result_t {
+  seal_error,
+  seal_no_progress,
+  seal_partial,
+  seal_success,
+};
+/* seal_next_message seals |msg|, which must be the next message, to |out|. If
+ * progress was made, it returns |seal_partial| or |seal_success| and sets
+ * |*out_len| to the number of bytes written. */
+static enum seal_result_t seal_next_message(SSL *ssl, uint8_t *out,
+                                            size_t *out_len, size_t max_out,
+                                            const DTLS_OUTGOING_MESSAGE *msg) {
+  assert(ssl->d1->outgoing_written < ssl->d1->outgoing_messages_len);
+  assert(msg == &ssl->d1->outgoing_messages[ssl->d1->outgoing_written]);
   /* DTLS renegotiation is unsupported, so only epochs 0 (NULL cipher) and 1
    * (negotiated cipher) exist. */
   assert(ssl->d1->w_epoch == 0 || ssl->d1->w_epoch == 1);
@@ -788,56 +633,181 @@ static int dtls1_retransmit_message(SSL *ssl,
   if (ssl->d1->w_epoch == 1 && msg->epoch == 0) {
     use_epoch = dtls1_use_previous_epoch;
   }
+  size_t overhead = dtls_max_seal_overhead(ssl, use_epoch);
+  size_t prefix = dtls_seal_prefix_len(ssl, use_epoch);
-  /* TODO(davidben): This cannot handle non-blocking writes. */
-  int ret;
   if (msg->is_ccs) {
-    ret = dtls1_write_change_cipher_spec(ssl, use_epoch);
-  } else {
-    size_t offset = 0;
-    ret = dtls1_do_handshake_write(ssl, &offset, msg->data, offset, msg->len,
-                                   use_epoch);
+    /* Check there is room for the ChangeCipherSpec. */
+    static const uint8_t kChangeCipherSpec[1] = {SSL3_MT_CCS};
+    if (max_out < sizeof(kChangeCipherSpec) + overhead) {
+      return seal_no_progress;
+    }
+    if (!dtls_seal_record(ssl, out, out_len, max_out,
+                          SSL3_RT_CHANGE_CIPHER_SPEC, kChangeCipherSpec,
+                          sizeof(kChangeCipherSpec), use_epoch)) {
+      return seal_error;
+    }
+    ssl_do_msg_callback(ssl, 1 /* write */, SSL3_RT_CHANGE_CIPHER_SPEC,
+                        kChangeCipherSpec, sizeof(kChangeCipherSpec));
+    return seal_success;
   }
-  return ret;
+  /* DTLS messages are serialized as a single fragment in |msg|. */
+  CBS cbs, body;
+  struct hm_header_st hdr;
+  CBS_init(&cbs, msg->data, msg->len);
+  if (!dtls1_parse_fragment(&cbs, &hdr, &body) ||
+      hdr.frag_off != 0 ||
+      hdr.frag_len != CBS_len(&body) ||
+      hdr.msg_len != CBS_len(&body) ||
+      !CBS_skip(&body, ssl->d1->outgoing_offset) ||
+      CBS_len(&cbs) != 0) {
+    OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
+    return seal_error;
+  }
+  /* Determine how much progress can be made. */
+  if (max_out < DTLS1_HM_HEADER_LENGTH + 1 + overhead || max_out < prefix) {
+    return seal_no_progress;
+  }
+  size_t todo = CBS_len(&body);
+  if (todo > max_out - DTLS1_HM_HEADER_LENGTH - overhead) {
+    todo = max_out - DTLS1_HM_HEADER_LENGTH - overhead;
+  }
+  /* Assemble a fragment, to be sealed in-place. */
+  CBB cbb;
+  uint8_t *frag = out + prefix;
+  size_t max_frag = max_out - prefix, frag_len;
+  if (!CBB_init_fixed(&cbb, frag, max_frag) ||
+      !CBB_add_u8(&cbb, hdr.type) ||
+      !CBB_add_u24(&cbb, hdr.msg_len) ||
+      !CBB_add_u16(&cbb, hdr.seq) ||
+      !CBB_add_u24(&cbb, ssl->d1->outgoing_offset) ||
+      !CBB_add_u24(&cbb, todo) ||
+      !CBB_add_bytes(&cbb, CBS_data(&body), todo) ||
+      !CBB_finish(&cbb, NULL, &frag_len)) {
+    CBB_cleanup(&cbb);
+    OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
+    return seal_error;
+  }
+  ssl_do_msg_callback(ssl, 1 /* write */, SSL3_RT_HANDSHAKE, frag, frag_len);
+  if (!dtls_seal_record(ssl, out, out_len, max_out, SSL3_RT_HANDSHAKE,
+                        out + prefix, frag_len, use_epoch)) {
+    return seal_error;
+  }
+  if (todo == CBS_len(&body)) {
+    /* The next message is complete. */
+    ssl->d1->outgoing_offset = 0;
+    return seal_success;
+  }
+  ssl->d1->outgoing_offset += todo;
+  return seal_partial;
 }
-int dtls1_retransmit_outgoing_messages(SSL *ssl) {
-  /* Ensure we are packing handshake messages. */
-  const int was_buffered = ssl_is_wbio_buffered(ssl);
-  assert(was_buffered == SSL_in_init(ssl));
-  if (!was_buffered && !ssl_init_wbio_buffer(ssl)) {
-    return -1;
+/* seal_next_packet writes as much of the next flight as possible to |out| and
+ * advances |ssl->d1->outgoing_written| and |ssl->d1->outgoing_offset| as
+ * appropriate. */
+static int seal_next_packet(SSL *ssl, uint8_t *out, size_t *out_len,
+                            size_t max_out) {
+  int made_progress = 0;
+  size_t total = 0;
+  assert(ssl->d1->outgoing_written < ssl->d1->outgoing_messages_len);
+  for (; ssl->d1->outgoing_written < ssl->d1->outgoing_messages_len;
+       ssl->d1->outgoing_written++) {
+    const DTLS_OUTGOING_MESSAGE *msg =
+        &ssl->d1->outgoing_messages[ssl->d1->outgoing_written];
+    size_t len;
+    enum seal_result_t ret = seal_next_message(ssl, out, &len, max_out, msg);
+    switch (ret) {
+      case seal_error:
+        return 0;
+      case seal_no_progress:
+        goto packet_full;
+      case seal_partial:
+      case seal_success:
+        out += len;
+        max_out -= len;
+        total += len;
+        made_progress = 1;
+        if (ret == seal_partial) {
+          goto packet_full;
+        }
+        break;
+    }
   }
-  assert(ssl_is_wbio_buffered(ssl));
+packet_full:
+  /* The MTU was too small to make any progress. */
+  if (!made_progress) {
+    OPENSSL_PUT_ERROR(SSL, SSL_R_MTU_TOO_SMALL);
+    return 0;
+  }
+  *out_len = total;
+  return 1;
+}
+int dtls1_flush_flight(SSL *ssl) {
+  dtls1_update_mtu(ssl);
   int ret = -1;
-  for (size_t i = 0; i < ssl->d1->outgoing_messages_len; i++) {
-    if (dtls1_retransmit_message(ssl, &ssl->d1->outgoing_messages[i]) <= 0) {
+  uint8_t *packet = OPENSSL_malloc(ssl->d1->mtu);
+  if (packet == NULL) {
+    OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
+    goto err;
+  }
+  while (ssl->d1->outgoing_written < ssl->d1->outgoing_messages_len) {
+    uint8_t old_written = ssl->d1->outgoing_written;
+    uint32_t old_offset = ssl->d1->outgoing_offset;
+    size_t packet_len;
+    if (!seal_next_packet(ssl, packet, &packet_len, ssl->d1->mtu)) {
+      goto err;
+    }
+    int bio_ret = BIO_write(ssl->wbio, packet, packet_len);
+    if (bio_ret <= 0) {
+      /* Retry this packet the next time around. */
+      ssl->d1->outgoing_written = old_written;
+      ssl->d1->outgoing_offset = old_offset;
+      ssl->rwstate = SSL_WRITING;
+      ret = bio_ret;
       goto err;
     }
   }
-  ret = BIO_flush(ssl->wbio);
-  if (ret <= 0) {
+  if (BIO_flush(ssl->wbio) <= 0) {
     ssl->rwstate = SSL_WRITING;
     goto err;
   }
+  ret = 1;
 err:
-  if (!was_buffered) {
-    ssl_free_wbio_buffer(ssl);
-  }
+  OPENSSL_free(packet);
   return ret;
 }
-int dtls1_send_change_cipher_spec(SSL *ssl) {
-  int ret = dtls1_write_change_cipher_spec(ssl, dtls1_use_current_epoch);
-  if (ret <= 0) {
-    return ret;
-  }
-  dtls1_add_change_cipher_spec(ssl);
-  return 1;
+int dtls1_retransmit_outgoing_messages(SSL *ssl) {
+  /* Rewind to the start of the flight and write it again.
+   *
+   * TODO(davidben): This does not allow retransmits to be resumed on
+   * non-blocking write. */
+  ssl->d1->outgoing_written = 0;
+  ssl->d1->outgoing_offset = 0;
+  return dtls1_flush_flight(ssl);
 }
 unsigned int dtls1_min_mtu(void) {