RubyGems - grpc - Versions diffs - 1.4.5 → 1.6.0.pre1 - Mend

grpc 1.4.5 → 1.6.0.pre1

Potentially problematic release.

This version of grpc might be problematic. Click here for more details.

Files changed (928) hide show

checksums.yaml +4 -4
data/Makefile +1235 -1100
data/etc/roots.pem +0 -412
data/include/grpc/byte_buffer.h +10 -25
data/include/grpc/byte_buffer_reader.h +10 -25
data/include/grpc/census.h +10 -25
data/include/grpc/compression.h +10 -25
data/include/grpc/grpc.h +15 -26
data/include/grpc/grpc_cronet.h +10 -25
data/include/grpc/grpc_posix.h +10 -25
data/include/grpc/grpc_security.h +10 -25
data/include/grpc/grpc_security_constants.h +10 -25
data/include/grpc/impl/codegen/atm.h +11 -25
data/include/grpc/impl/codegen/atm_gcc_atomic.h +10 -25
data/include/grpc/impl/codegen/atm_gcc_sync.h +10 -25
data/include/grpc/impl/codegen/atm_windows.h +10 -25
data/include/grpc/impl/codegen/byte_buffer_reader.h +11 -26
data/include/grpc/impl/codegen/compression_types.h +12 -27
data/include/grpc/impl/codegen/connectivity_state.h +10 -25
data/include/grpc/impl/codegen/exec_ctx_fwd.h +10 -25
data/include/grpc/impl/codegen/gpr_slice.h +10 -25
data/include/grpc/impl/codegen/gpr_types.h +10 -25
data/include/grpc/impl/codegen/grpc_types.h +42 -43
data/include/grpc/impl/codegen/port_platform.h +10 -25
data/include/grpc/impl/codegen/propagation_bits.h +10 -25
data/include/grpc/impl/codegen/slice.h +13 -28
data/include/grpc/impl/codegen/status.h +10 -25
data/include/grpc/impl/codegen/sync.h +10 -25
data/include/grpc/impl/codegen/sync_generic.h +10 -25
data/include/grpc/impl/codegen/sync_posix.h +10 -25
data/include/grpc/impl/codegen/sync_windows.h +10 -25
data/include/grpc/load_reporting.h +10 -25
data/include/grpc/slice.h +10 -25
data/include/grpc/slice_buffer.h +10 -25
data/include/grpc/status.h +10 -25
data/include/grpc/support/alloc.h +10 -25
data/include/grpc/support/atm.h +10 -25
data/include/grpc/support/atm_gcc_atomic.h +10 -25
data/include/grpc/support/atm_gcc_sync.h +10 -25
data/include/grpc/support/atm_windows.h +10 -25
data/include/grpc/support/avl.h +46 -49
data/include/grpc/support/cmdline.h +10 -25
data/include/grpc/support/cpu.h +10 -25
data/include/grpc/support/histogram.h +10 -25
data/include/grpc/support/host_port.h +10 -25
data/include/grpc/support/log.h +10 -25
data/include/grpc/support/log_windows.h +10 -25
data/include/grpc/support/port_platform.h +10 -25
data/include/grpc/support/string_util.h +10 -25
data/include/grpc/support/subprocess.h +10 -25
data/include/grpc/support/sync.h +10 -25
data/include/grpc/support/sync_generic.h +10 -25
data/include/grpc/support/sync_posix.h +10 -25
data/include/grpc/support/sync_windows.h +10 -25
data/include/grpc/support/thd.h +10 -25
data/include/grpc/support/time.h +10 -25
data/include/grpc/support/tls.h +10 -25
data/include/grpc/support/tls_gcc.h +10 -25
data/include/grpc/support/tls_msvc.h +10 -25
data/include/grpc/support/tls_pthread.h +10 -25
data/include/grpc/support/useful.h +10 -25
data/include/grpc/support/workaround_list.h +11 -26
data/src/boringssl/err_data.c +277 -259
data/src/core/ext/census/aggregation.h +10 -25
data/src/core/ext/census/base_resources.c +10 -25
data/src/core/ext/census/base_resources.h +10 -25
data/src/core/ext/census/census_interface.h +10 -25
data/src/core/ext/census/census_rpc_stats.h +10 -25
data/src/core/ext/census/context.c +10 -25
data/src/core/ext/census/gen/census.pb.c +10 -25
data/src/core/ext/census/gen/census.pb.h +10 -25
data/src/core/ext/census/gen/trace_context.pb.c +10 -25
data/src/core/ext/census/gen/trace_context.pb.h +10 -25
data/src/core/ext/census/grpc_context.c +10 -25
data/src/core/ext/census/grpc_filter.c +11 -26
data/src/core/ext/census/grpc_filter.h +10 -25
data/src/core/ext/census/grpc_plugin.c +10 -25
data/src/core/ext/census/initialize.c +10 -25
data/src/core/ext/census/intrusive_hash_map.c +10 -25
data/src/core/ext/census/intrusive_hash_map.h +10 -25
data/src/core/ext/census/intrusive_hash_map_internal.h +10 -25
data/src/core/ext/census/mlog.c +10 -25
data/src/core/ext/census/mlog.h +10 -25
data/src/core/ext/census/operation.c +10 -25
data/src/core/ext/census/placeholders.c +10 -25
data/src/core/ext/census/resource.c +10 -25
data/src/core/ext/census/resource.h +10 -25
data/src/core/ext/census/rpc_metric_id.h +10 -25
data/src/core/ext/census/trace_context.c +10 -25
data/src/core/ext/census/trace_context.h +10 -25
data/src/core/ext/census/trace_label.h +10 -25
data/src/core/ext/census/trace_propagation.h +10 -25
data/src/core/ext/census/trace_status.h +10 -25
data/src/core/ext/census/trace_string.h +10 -25
data/src/core/ext/census/tracing.c +10 -26
data/src/core/ext/census/tracing.h +10 -25
data/src/core/ext/filters/client_channel/channel_connectivity.c +20 -33
data/src/core/ext/filters/client_channel/client_channel.c +617 -520
data/src/core/ext/filters/client_channel/client_channel.h +15 -28
data/src/core/ext/filters/client_channel/client_channel_factory.c +13 -31
data/src/core/ext/filters/client_channel/client_channel_factory.h +10 -25
data/src/core/ext/filters/client_channel/client_channel_plugin.c +16 -29
data/src/core/ext/filters/client_channel/connector.c +10 -25
data/src/core/ext/filters/client_channel/connector.h +10 -25
data/src/core/ext/filters/client_channel/http_connect_handshaker.c +15 -30
data/src/core/ext/filters/client_channel/http_connect_handshaker.h +10 -25
data/src/core/ext/filters/client_channel/http_proxy.c +112 -38
data/src/core/ext/filters/client_channel/http_proxy.h +10 -25
data/src/core/ext/filters/client_channel/lb_policy.c +32 -36
data/src/core/ext/filters/client_channel/lb_policy.h +24 -27
data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.c +14 -30
data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.h +10 -25
data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.c +464 -279
data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.h +10 -25
data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +15 -28
data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.c +40 -48
data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.c +65 -49
data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +31 -31
data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.c +47 -32
data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +11 -26
data/src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.c +13 -9
data/src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.h +27 -21
data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.c +373 -136
data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.c +504 -279
data/src/core/ext/filters/client_channel/lb_policy_factory.c +12 -31
data/src/core/ext/filters/client_channel/lb_policy_factory.h +12 -27
data/src/core/ext/filters/client_channel/lb_policy_registry.c +10 -25
data/src/core/ext/filters/client_channel/lb_policy_registry.h +10 -25
data/src/core/ext/filters/client_channel/parse_address.c +10 -25
data/src/core/ext/filters/client_channel/parse_address.h +10 -25
data/src/core/ext/filters/client_channel/proxy_mapper.c +10 -25
data/src/core/ext/filters/client_channel/proxy_mapper.h +10 -25
data/src/core/ext/filters/client_channel/proxy_mapper_registry.c +10 -25
data/src/core/ext/filters/client_channel/proxy_mapper_registry.h +10 -25
data/src/core/ext/filters/client_channel/resolver.c +33 -38
data/src/core/ext/filters/client_channel/resolver.h +19 -30
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.c +153 -50
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +14 -27
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.c +33 -30
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.c +326 -116
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +35 -36
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.c +60 -0
data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.c +19 -34
data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.c +254 -0
data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +60 -0
data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.c +16 -28
data/src/core/ext/filters/client_channel/resolver_factory.c +10 -25
data/src/core/ext/filters/client_channel/resolver_factory.h +10 -25
data/src/core/ext/filters/client_channel/resolver_registry.c +10 -25
data/src/core/ext/filters/client_channel/resolver_registry.h +10 -25
data/src/core/ext/filters/client_channel/retry_throttle.c +23 -34
data/src/core/ext/filters/client_channel/retry_throttle.h +10 -25
data/src/core/ext/filters/client_channel/subchannel.c +33 -55
data/src/core/ext/filters/client_channel/subchannel.h +16 -26
data/src/core/ext/filters/client_channel/subchannel_index.c +55 -92
data/src/core/ext/filters/client_channel/subchannel_index.h +26 -29
data/src/core/ext/filters/client_channel/uri_parser.c +10 -25
data/src/core/ext/filters/client_channel/uri_parser.h +10 -25
data/src/core/ext/filters/deadline/deadline_filter.c +30 -45
data/src/core/ext/filters/deadline/deadline_filter.h +10 -25
data/src/core/ext/filters/http/client/http_client_filter.c +255 -294
data/src/core/ext/filters/http/client/http_client_filter.h +10 -25
data/src/core/ext/filters/http/http_filters_plugin.c +11 -26
data/src/core/ext/filters/http/message_compress/message_compress_filter.c +133 -105
data/src/core/ext/filters/http/message_compress/message_compress_filter.h +10 -25
data/src/core/ext/filters/http/server/http_server_filter.c +17 -32
data/src/core/ext/filters/http/server/http_server_filter.h +10 -25
data/src/core/ext/filters/load_reporting/load_reporting.c +11 -30
data/src/core/ext/filters/load_reporting/load_reporting.h +10 -25
data/src/core/ext/filters/load_reporting/load_reporting_filter.c +11 -26
data/src/core/ext/filters/load_reporting/load_reporting_filter.h +10 -25
data/src/core/ext/filters/max_age/max_age_filter.c +28 -43
data/src/core/ext/filters/max_age/max_age_filter.h +10 -25
data/src/core/ext/filters/message_size/message_size_filter.c +24 -37
data/src/core/ext/filters/message_size/message_size_filter.h +10 -25
data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.c +16 -31
data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.h +10 -25
data/src/core/ext/filters/workarounds/workaround_utils.c +12 -26
data/src/core/ext/filters/workarounds/workaround_utils.h +11 -26
data/src/core/ext/transport/chttp2/alpn/alpn.c +10 -25
data/src/core/ext/transport/chttp2/alpn/alpn.h +10 -25
data/src/core/ext/transport/chttp2/client/chttp2_connector.c +13 -28
data/src/core/ext/transport/chttp2/client/chttp2_connector.h +10 -25
data/src/core/ext/transport/chttp2/client/insecure/channel_create.c +13 -30
data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.c +12 -29
data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.c +13 -30
data/src/core/ext/transport/chttp2/server/chttp2_server.c +11 -26
data/src/core/ext/transport/chttp2/server/chttp2_server.h +10 -25
data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.c +10 -25
data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.c +10 -25
data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.c +10 -25
data/src/core/ext/transport/chttp2/transport/bin_decoder.c +11 -25
data/src/core/ext/transport/chttp2/transport/bin_decoder.h +10 -25
data/src/core/ext/transport/chttp2/transport/bin_encoder.c +10 -25
data/src/core/ext/transport/chttp2/transport/bin_encoder.h +10 -25
data/src/core/ext/transport/chttp2/transport/chttp2_plugin.c +15 -27
data/src/core/ext/transport/chttp2/transport/chttp2_transport.c +421 -443
data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +14 -25
data/src/core/ext/transport/chttp2/transport/flow_control.c +500 -0
data/src/core/ext/transport/chttp2/transport/frame.h +10 -25
data/src/core/ext/transport/chttp2/transport/frame_data.c +20 -28
data/src/core/ext/transport/chttp2/transport/frame_data.h +10 -25
data/src/core/ext/transport/chttp2/transport/frame_goaway.c +10 -25
data/src/core/ext/transport/chttp2/transport/frame_goaway.h +10 -25
data/src/core/ext/transport/chttp2/transport/frame_ping.c +11 -26
data/src/core/ext/transport/chttp2/transport/frame_ping.h +10 -25
data/src/core/ext/transport/chttp2/transport/frame_rst_stream.c +11 -26
data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +10 -25
data/src/core/ext/transport/chttp2/transport/frame_settings.c +16 -29
data/src/core/ext/transport/chttp2/transport/frame_settings.h +10 -25
data/src/core/ext/transport/chttp2/transport/frame_window_update.c +17 -33
data/src/core/ext/transport/chttp2/transport/frame_window_update.h +10 -25
data/src/core/ext/transport/chttp2/transport/hpack_encoder.c +18 -31
data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +12 -25
data/src/core/ext/transport/chttp2/transport/hpack_parser.c +15 -30
data/src/core/ext/transport/chttp2/transport/hpack_parser.h +10 -25
data/src/core/ext/transport/chttp2/transport/hpack_table.c +10 -25
data/src/core/ext/transport/chttp2/transport/hpack_table.h +10 -25
data/src/core/ext/transport/chttp2/transport/http2_settings.c +10 -25
data/src/core/ext/transport/chttp2/transport/http2_settings.h +10 -25
data/src/core/ext/transport/chttp2/transport/huffsyms.c +10 -25
data/src/core/ext/transport/chttp2/transport/huffsyms.h +10 -25
data/src/core/ext/transport/chttp2/transport/incoming_metadata.c +10 -25
data/src/core/ext/transport/chttp2/transport/incoming_metadata.h +10 -25
data/src/core/ext/transport/chttp2/transport/internal.h +191 -179
data/src/core/ext/transport/chttp2/transport/parsing.c +33 -102
data/src/core/ext/transport/chttp2/transport/stream_lists.c +26 -28
data/src/core/ext/transport/chttp2/transport/stream_map.c +10 -25
data/src/core/ext/transport/chttp2/transport/stream_map.h +10 -25
data/src/core/ext/transport/chttp2/transport/varint.c +14 -25
data/src/core/ext/transport/chttp2/transport/varint.h +10 -25
data/src/core/ext/transport/chttp2/transport/writing.c +164 -106
data/src/core/ext/transport/inproc/inproc_plugin.c +29 -0
data/src/core/ext/transport/inproc/inproc_transport.c +1303 -0
data/src/core/ext/transport/inproc/inproc_transport.h +41 -0
data/src/core/lib/channel/channel_args.c +52 -27
data/src/core/lib/channel/channel_args.h +18 -27
data/src/core/lib/channel/channel_stack.c +11 -26
data/src/core/lib/channel/channel_stack.h +12 -27
data/src/core/lib/channel/channel_stack_builder.c +11 -26
data/src/core/lib/channel/channel_stack_builder.h +10 -25
data/src/core/lib/channel/connected_channel.c +10 -25
data/src/core/lib/channel/connected_channel.h +10 -25
data/src/core/lib/channel/context.h +10 -25
data/src/core/lib/channel/handshaker.c +14 -29
data/src/core/lib/channel/handshaker.h +10 -25
data/src/core/lib/channel/handshaker_factory.c +10 -25
data/src/core/lib/channel/handshaker_factory.h +10 -25
data/src/core/lib/channel/handshaker_registry.c +10 -25
data/src/core/lib/channel/handshaker_registry.h +10 -25
data/src/core/lib/compression/algorithm_metadata.h +10 -25
data/src/core/lib/compression/compression.c +10 -25
data/src/core/lib/compression/message_compress.c +10 -25
data/src/core/lib/compression/message_compress.h +10 -25
data/src/core/lib/compression/stream_compression.c +191 -0
data/src/core/lib/compression/stream_compression.h +90 -0
data/src/core/lib/debug/trace.c +28 -29
data/src/core/lib/debug/trace.h +16 -30
data/src/core/lib/http/format_request.c +10 -25
data/src/core/lib/http/format_request.h +10 -25
data/src/core/lib/http/httpcli.c +19 -35
data/src/core/lib/http/httpcli.h +10 -25
data/src/core/lib/http/httpcli_security_connector.c +17 -30
data/src/core/lib/http/parser.c +11 -26
data/src/core/lib/http/parser.h +10 -25
data/src/core/lib/iomgr/closure.c +62 -25
data/src/core/lib/iomgr/closure.h +81 -26
data/src/core/lib/iomgr/combiner.c +103 -200
data/src/core/lib/iomgr/combiner.h +14 -32
data/src/core/lib/iomgr/endpoint.c +10 -29
data/src/core/lib/iomgr/endpoint.h +10 -29
data/src/core/lib/iomgr/endpoint_pair.h +10 -25
data/src/core/lib/iomgr/endpoint_pair_posix.c +10 -25
data/src/core/lib/iomgr/endpoint_pair_uv.c +10 -25
data/src/core/lib/iomgr/endpoint_pair_windows.c +10 -25
data/src/core/lib/iomgr/error.c +45 -46
data/src/core/lib/iomgr/error.h +21 -34
data/src/core/lib/iomgr/error_internal.h +10 -25
data/src/core/lib/iomgr/ev_epoll1_linux.c +279 -179
data/src/core/lib/iomgr/ev_epoll1_linux.h +10 -25
data/src/core/lib/iomgr/ev_epoll_limited_pollers_linux.c +75 -264
data/src/core/lib/iomgr/ev_epoll_limited_pollers_linux.h +10 -25
data/src/core/lib/iomgr/ev_epoll_thread_pool_linux.c +44 -199
data/src/core/lib/iomgr/ev_epoll_thread_pool_linux.h +10 -25
data/src/core/lib/iomgr/ev_epollex_linux.c +184 -247
data/src/core/lib/iomgr/ev_epollex_linux.h +10 -25
data/src/core/lib/iomgr/ev_epollsig_linux.c +116 -323
data/src/core/lib/iomgr/ev_epollsig_linux.h +10 -25
data/src/core/lib/iomgr/ev_poll_posix.c +328 -184
data/src/core/lib/iomgr/ev_poll_posix.h +10 -25
data/src/core/lib/iomgr/ev_posix.c +25 -56
data/src/core/lib/iomgr/ev_posix.h +15 -44
data/src/core/lib/iomgr/ev_windows.c +11 -26
data/src/core/lib/iomgr/exec_ctx.c +36 -45
data/src/core/lib/iomgr/exec_ctx.h +10 -25
data/src/core/lib/iomgr/executor.c +152 -127
data/src/core/lib/iomgr/executor.h +18 -26
data/src/core/lib/iomgr/gethostname.h +26 -0
data/src/core/lib/iomgr/gethostname_fallback.c +27 -0
data/src/core/lib/iomgr/gethostname_host_name_max.c +37 -0
data/src/core/lib/iomgr/gethostname_sysconf.c +37 -0
data/src/core/lib/iomgr/iocp_windows.c +10 -25
data/src/core/lib/iomgr/iocp_windows.h +10 -25
data/src/core/lib/iomgr/iomgr.c +17 -28
data/src/core/lib/iomgr/iomgr.h +12 -27
data/src/core/lib/iomgr/iomgr_internal.h +10 -25
data/src/core/lib/iomgr/iomgr_posix.c +11 -26
data/src/core/lib/iomgr/iomgr_posix.h +10 -25
data/src/core/lib/iomgr/iomgr_uv.c +19 -26
data/src/core/lib/iomgr/iomgr_uv.h +37 -0
data/src/core/lib/iomgr/iomgr_windows.c +10 -25
data/src/core/lib/iomgr/is_epollexclusive_available.c +10 -25
data/src/core/lib/iomgr/is_epollexclusive_available.h +10 -25
data/src/core/lib/iomgr/load_file.c +10 -25
data/src/core/lib/iomgr/load_file.h +10 -25
data/src/core/lib/iomgr/lockfree_event.c +22 -35
data/src/core/lib/iomgr/lockfree_event.h +13 -27
data/src/core/lib/iomgr/nameser.h +104 -0
data/src/core/lib/iomgr/network_status_tracker.c +10 -25
data/src/core/lib/iomgr/network_status_tracker.h +10 -25
data/src/core/lib/iomgr/polling_entity.c +10 -25
data/src/core/lib/iomgr/polling_entity.h +14 -34
data/src/core/lib/iomgr/pollset.h +14 -25
data/src/core/lib/iomgr/pollset_set.h +10 -25
data/src/core/lib/iomgr/pollset_set_uv.c +10 -25
data/src/core/lib/iomgr/pollset_set_windows.c +10 -25
data/src/core/lib/iomgr/pollset_set_windows.h +10 -25
data/src/core/lib/iomgr/pollset_uv.c +25 -26
data/src/core/lib/iomgr/pollset_uv.h +10 -25
data/src/core/lib/iomgr/pollset_windows.c +17 -27
data/src/core/lib/iomgr/pollset_windows.h +10 -25
data/src/core/lib/iomgr/port.h +24 -25
data/src/core/lib/iomgr/resolve_address.h +10 -25
data/src/core/lib/iomgr/resolve_address_posix.c +13 -28
data/src/core/lib/iomgr/resolve_address_uv.c +31 -35
data/src/core/lib/iomgr/resolve_address_windows.c +13 -28
data/src/core/lib/iomgr/resource_quota.c +52 -67
data/src/core/lib/iomgr/resource_quota.h +10 -25
data/src/core/lib/iomgr/sockaddr.h +10 -25
data/src/core/lib/iomgr/sockaddr_posix.h +10 -25
data/src/core/lib/iomgr/sockaddr_utils.c +15 -25
data/src/core/lib/iomgr/sockaddr_utils.h +12 -25
data/src/core/lib/iomgr/sockaddr_windows.h +10 -25
data/src/core/lib/iomgr/socket_factory_posix.c +13 -31
data/src/core/lib/iomgr/socket_factory_posix.h +10 -25
data/src/core/lib/iomgr/socket_mutator.c +14 -31
data/src/core/lib/iomgr/socket_mutator.h +10 -25
data/src/core/lib/iomgr/socket_utils.h +10 -25
data/src/core/lib/iomgr/socket_utils_common_posix.c +10 -25
data/src/core/lib/iomgr/socket_utils_linux.c +10 -25
data/src/core/lib/iomgr/socket_utils_posix.c +10 -25
data/src/core/lib/iomgr/socket_utils_posix.h +10 -25
data/src/core/lib/iomgr/socket_utils_uv.c +10 -25
data/src/core/lib/iomgr/socket_utils_windows.c +10 -25
data/src/core/lib/iomgr/socket_windows.c +12 -27
data/src/core/lib/iomgr/socket_windows.h +10 -25
data/src/core/lib/iomgr/sys_epoll_wrapper.h +10 -25
data/src/core/lib/iomgr/tcp_client.h +10 -25
data/src/core/lib/iomgr/tcp_client_posix.c +21 -34
data/src/core/lib/iomgr/tcp_client_posix.h +10 -25
data/src/core/lib/iomgr/tcp_client_uv.c +18 -27
data/src/core/lib/iomgr/tcp_client_windows.c +14 -29
data/src/core/lib/iomgr/tcp_posix.c +36 -55
data/src/core/lib/iomgr/tcp_posix.h +10 -25
data/src/core/lib/iomgr/tcp_server.h +10 -25
data/src/core/lib/iomgr/tcp_server_posix.c +16 -31
data/src/core/lib/iomgr/tcp_server_utils_posix.h +10 -25
data/src/core/lib/iomgr/tcp_server_utils_posix_common.c +11 -26
data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.c +10 -25
data/src/core/lib/iomgr/tcp_server_utils_posix_noifaddrs.c +10 -25
data/src/core/lib/iomgr/tcp_server_uv.c +103 -64
data/src/core/lib/iomgr/tcp_server_windows.c +14 -29
data/src/core/lib/iomgr/tcp_uv.c +41 -45
data/src/core/lib/iomgr/tcp_uv.h +10 -25
data/src/core/lib/iomgr/tcp_windows.c +39 -53
data/src/core/lib/iomgr/tcp_windows.h +10 -25
data/src/core/lib/iomgr/time_averaged_stats.c +10 -25
data/src/core/lib/iomgr/time_averaged_stats.h +10 -25
data/src/core/lib/iomgr/timer.h +18 -27
data/src/core/lib/iomgr/timer_generic.c +91 -87
data/src/core/lib/iomgr/timer_generic.h +10 -25
data/src/core/lib/iomgr/timer_heap.c +10 -25
data/src/core/lib/iomgr/timer_heap.h +10 -25
data/src/core/lib/iomgr/timer_manager.c +178 -100
data/src/core/lib/iomgr/timer_manager.h +10 -25
data/src/core/lib/iomgr/timer_uv.c +23 -33
data/src/core/lib/iomgr/timer_uv.h +10 -25
data/src/core/lib/iomgr/udp_server.c +17 -32
data/src/core/lib/iomgr/udp_server.h +10 -25
data/src/core/lib/iomgr/unix_sockets_posix.c +10 -25
data/src/core/lib/iomgr/unix_sockets_posix.h +10 -25
data/src/core/lib/iomgr/unix_sockets_posix_noop.c +10 -25
data/src/core/lib/iomgr/wakeup_fd_cv.c +10 -25
data/src/core/lib/iomgr/wakeup_fd_cv.h +13 -28
data/src/core/lib/iomgr/wakeup_fd_eventfd.c +10 -25
data/src/core/lib/iomgr/wakeup_fd_nospecial.c +10 -25
data/src/core/lib/iomgr/wakeup_fd_pipe.c +10 -25
data/src/core/lib/iomgr/wakeup_fd_pipe.h +10 -25
data/src/core/lib/iomgr/wakeup_fd_posix.c +10 -25
data/src/core/lib/iomgr/wakeup_fd_posix.h +10 -25
data/src/core/lib/json/json.c +10 -25
data/src/core/lib/json/json.h +10 -25
data/src/core/lib/json/json_common.h +10 -25
data/src/core/lib/json/json_reader.c +11 -25
data/src/core/lib/json/json_reader.h +10 -25
data/src/core/lib/json/json_string.c +10 -25
data/src/core/lib/json/json_writer.c +10 -25
data/src/core/lib/json/json_writer.h +10 -25
data/src/core/lib/profiling/basic_timers.c +10 -25
data/src/core/lib/profiling/stap_timers.c +10 -25
data/src/core/lib/profiling/timers.h +10 -25
data/src/core/lib/security/context/security_context.c +32 -40
data/src/core/lib/security/context/security_context.h +15 -26
data/src/core/lib/security/credentials/composite/composite_credentials.c +76 -81
data/src/core/lib/security/credentials/composite/composite_credentials.h +10 -25
data/src/core/lib/security/credentials/credentials.c +29 -49
data/src/core/lib/security/credentials/credentials.h +48 -61
data/src/core/lib/security/credentials/credentials_metadata.c +34 -78
data/src/core/lib/security/credentials/fake/fake_credentials.c +33 -56
data/src/core/lib/security/credentials/fake/fake_credentials.h +12 -27
data/src/core/lib/security/credentials/google_default/credentials_generic.c +10 -25
data/src/core/lib/security/credentials/google_default/google_default_credentials.c +12 -27
data/src/core/lib/security/credentials/google_default/google_default_credentials.h +10 -25
data/src/core/lib/security/credentials/iam/iam_credentials.c +40 -40
data/src/core/lib/security/credentials/iam/iam_credentials.h +11 -26
data/src/core/lib/security/credentials/jwt/json_token.c +10 -25
data/src/core/lib/security/credentials/jwt/json_token.h +10 -25
data/src/core/lib/security/credentials/jwt/jwt_credentials.c +45 -48
data/src/core/lib/security/credentials/jwt/jwt_credentials.h +11 -26
data/src/core/lib/security/credentials/jwt/jwt_verifier.c +53 -33
data/src/core/lib/security/credentials/jwt/jwt_verifier.h +10 -25
data/src/core/lib/security/credentials/oauth2/oauth2_credentials.c +155 -87
data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +24 -28
data/src/core/lib/security/credentials/plugin/plugin_credentials.c +118 -82
data/src/core/lib/security/credentials/plugin/plugin_credentials.h +24 -27
data/src/core/lib/security/credentials/ssl/ssl_credentials.c +13 -32
data/src/core/lib/security/credentials/ssl/ssl_credentials.h +10 -25
data/src/core/lib/security/transport/auth_filters.h +10 -25
data/src/core/lib/security/transport/client_auth_filter.c +217 -112
data/src/core/lib/security/transport/lb_targets_info.c +16 -32
data/src/core/lib/security/transport/lb_targets_info.h +10 -25
data/src/core/lib/security/transport/secure_endpoint.c +29 -43
data/src/core/lib/security/transport/secure_endpoint.h +10 -25
data/src/core/lib/security/transport/security_connector.c +80 -61
data/src/core/lib/security/transport/security_connector.h +35 -35
data/src/core/lib/security/transport/security_handshaker.c +18 -33
data/src/core/lib/security/transport/security_handshaker.h +10 -25
data/src/core/lib/security/transport/server_auth_filter.c +62 -116
data/src/core/lib/security/transport/tsi_error.c +10 -25
data/src/core/lib/security/transport/tsi_error.h +10 -25
data/src/core/lib/security/util/json_util.c +10 -25
data/src/core/lib/security/util/json_util.h +10 -25
data/src/core/lib/slice/b64.c +10 -25
data/src/core/lib/slice/b64.h +10 -25
data/src/core/lib/slice/percent_encoding.c +10 -25
data/src/core/lib/slice/percent_encoding.h +10 -25
data/src/core/lib/slice/slice.c +10 -25
data/src/core/lib/slice/slice_buffer.c +10 -25
data/src/core/lib/slice/slice_hash_table.c +48 -26
data/src/core/lib/slice/slice_hash_table.h +26 -28
data/src/core/lib/slice/slice_intern.c +10 -25
data/src/core/lib/slice/slice_internal.h +10 -25
data/src/core/lib/slice/slice_string_helpers.c +10 -25
data/src/core/lib/slice/slice_string_helpers.h +10 -25
data/src/core/lib/support/alloc.c +10 -25
data/src/core/lib/support/arena.c +12 -27
data/src/core/lib/support/arena.h +10 -25
data/src/core/lib/support/atm.c +17 -32
data/src/core/lib/support/atomic.h +10 -25
data/src/core/lib/support/atomic_with_atm.h +10 -25
data/src/core/lib/support/atomic_with_std.h +10 -25
data/src/core/lib/support/avl.c +101 -101
data/src/core/lib/support/backoff.c +10 -25
data/src/core/lib/support/backoff.h +10 -25
data/src/core/lib/support/block_annotate.h +10 -25
data/src/core/lib/support/cmdline.c +10 -25
data/src/core/lib/support/cpu_iphone.c +10 -25
data/src/core/lib/support/cpu_linux.c +10 -25
data/src/core/lib/support/cpu_posix.c +10 -25
data/src/core/lib/support/cpu_windows.c +10 -25
data/src/core/lib/support/env.h +16 -25
data/src/core/lib/support/env_linux.c +30 -37
data/src/core/lib/support/env_posix.c +15 -25
data/src/core/lib/support/env_windows.c +15 -25
data/src/core/lib/support/histogram.c +10 -25
data/src/core/lib/support/host_port.c +10 -25
data/src/core/lib/support/log.c +20 -29
data/src/core/lib/support/log_android.c +10 -25
data/src/core/lib/support/log_linux.c +13 -26
data/src/core/lib/support/log_posix.c +10 -25
data/src/core/lib/support/log_windows.c +10 -25
data/src/core/lib/support/memory.h +10 -25
data/src/core/lib/support/mpscq.c +11 -49
data/src/core/lib/support/mpscq.h +11 -50
data/src/core/lib/support/murmur_hash.c +12 -25
data/src/core/lib/support/murmur_hash.h +10 -25
data/src/core/lib/support/spinlock.h +10 -25
data/src/core/lib/support/stack_lockfree.c +10 -25
data/src/core/lib/support/stack_lockfree.h +10 -25
data/src/core/lib/support/string.c +10 -25
data/src/core/lib/support/string.h +10 -25
data/src/core/lib/support/string_posix.c +10 -25
data/src/core/lib/support/string_util_windows.c +10 -25
data/src/core/lib/support/string_windows.c +10 -25
data/src/core/lib/support/string_windows.h +10 -25
data/src/core/lib/support/subprocess_posix.c +10 -25
data/src/core/lib/support/subprocess_windows.c +10 -25
data/src/core/lib/support/sync.c +10 -25
data/src/core/lib/support/sync_posix.c +10 -25
data/src/core/lib/support/sync_windows.c +10 -25
data/src/core/lib/support/thd.c +10 -25
data/src/core/lib/support/thd_internal.h +10 -25
data/src/core/lib/support/thd_posix.c +10 -25
data/src/core/lib/support/thd_windows.c +10 -25
data/src/core/lib/support/time.c +10 -25
data/src/core/lib/support/time_posix.c +10 -25
data/src/core/lib/support/time_precise.c +18 -33
data/src/core/lib/support/time_precise.h +10 -25
data/src/core/lib/support/time_windows.c +10 -25
data/src/core/lib/support/tls_pthread.c +10 -25
data/src/core/lib/support/tmpfile.h +10 -25
data/src/core/lib/support/tmpfile_msys.c +10 -25
data/src/core/lib/support/tmpfile_posix.c +10 -25
data/src/core/lib/support/tmpfile_windows.c +10 -25
data/src/core/lib/support/wrap_memcpy.c +10 -25
data/src/core/lib/surface/alarm.c +78 -35
data/src/core/lib/surface/alarm_internal.h +40 -0
data/src/core/lib/surface/api_trace.c +11 -26
data/src/core/lib/surface/api_trace.h +10 -25
data/src/core/lib/surface/byte_buffer.c +10 -25
data/src/core/lib/surface/byte_buffer_reader.c +10 -25
data/src/core/lib/surface/call.c +64 -84
data/src/core/lib/surface/call.h +11 -26
data/src/core/lib/surface/call_details.c +10 -25
data/src/core/lib/surface/call_log_batch.c +10 -25
data/src/core/lib/surface/call_test_only.h +10 -25
data/src/core/lib/surface/channel.c +11 -26
data/src/core/lib/surface/channel.h +11 -26
data/src/core/lib/surface/channel_init.c +10 -25
data/src/core/lib/surface/channel_init.h +10 -25
data/src/core/lib/surface/channel_ping.c +12 -27
data/src/core/lib/surface/channel_stack_type.c +10 -25
data/src/core/lib/surface/channel_stack_type.h +10 -25
data/src/core/lib/surface/completion_queue.c +442 -331
data/src/core/lib/surface/completion_queue.h +16 -33
data/src/core/lib/surface/completion_queue_factory.c +10 -25
data/src/core/lib/surface/completion_queue_factory.h +10 -25
data/src/core/lib/surface/event_string.c +10 -25
data/src/core/lib/surface/event_string.h +10 -25
data/src/core/lib/surface/init.c +38 -47
data/src/core/lib/surface/init.h +10 -25
data/src/core/lib/surface/init_secure.c +20 -27
data/src/core/lib/surface/lame_client.cc +14 -29
data/src/core/lib/surface/lame_client.h +10 -25
data/src/core/lib/surface/metadata_array.c +10 -25
data/src/core/lib/surface/server.c +128 -81
data/src/core/lib/surface/server.h +10 -25
data/src/core/lib/surface/validate_metadata.c +10 -25
data/src/core/lib/surface/validate_metadata.h +10 -25
data/src/core/lib/surface/version.c +11 -26
data/src/core/lib/transport/bdp_estimator.c +19 -29
data/src/core/lib/transport/bdp_estimator.h +16 -29
data/src/core/lib/transport/byte_stream.c +127 -36
data/src/core/lib/transport/byte_stream.h +88 -46
data/src/core/lib/transport/connectivity_state.c +17 -31
data/src/core/lib/transport/connectivity_state.h +10 -25
data/src/core/lib/transport/error_utils.c +10 -25
data/src/core/lib/transport/error_utils.h +10 -25
data/src/core/lib/transport/http2_errors.h +10 -25
data/src/core/lib/transport/metadata.c +87 -85
data/src/core/lib/transport/metadata.h +15 -28
data/src/core/lib/transport/metadata_batch.c +10 -25
data/src/core/lib/transport/metadata_batch.h +10 -25
data/src/core/lib/transport/pid_controller.c +10 -25
data/src/core/lib/transport/pid_controller.h +10 -25
data/src/core/lib/transport/service_config.c +11 -26
data/src/core/lib/transport/service_config.h +10 -25
data/src/core/lib/transport/static_metadata.c +12 -26
data/src/core/lib/transport/static_metadata.h +10 -25
data/src/core/lib/transport/status_conversion.c +10 -25
data/src/core/lib/transport/status_conversion.h +10 -25
data/src/core/lib/transport/timeout_encoding.c +10 -25
data/src/core/lib/transport/timeout_encoding.h +10 -25
data/src/core/lib/transport/transport.c +60 -53
data/src/core/lib/transport/transport.h +36 -34
data/src/core/lib/transport/transport_impl.h +10 -25
data/src/core/lib/transport/transport_op_string.c +10 -28
data/src/core/plugin_registry/grpc_plugin_registry.c +22 -25
data/src/core/tsi/fake_transport_security.c +199 -94
data/src/core/tsi/fake_transport_security.h +11 -26
data/src/core/tsi/gts_transport_security.c +40 -0
data/src/core/tsi/gts_transport_security.h +37 -0
data/src/core/tsi/ssl_transport_security.c +13 -32
data/src/core/tsi/ssl_transport_security.h +10 -25
data/src/core/tsi/ssl_types.h +10 -25
data/src/core/tsi/transport_security.c +48 -78
data/src/core/tsi/transport_security.h +18 -27
data/src/core/tsi/transport_security_adapter.c +17 -29
data/src/core/tsi/transport_security_adapter.h +10 -25
data/src/core/tsi/transport_security_grpc.c +64 -0
data/src/core/tsi/transport_security_grpc.h +80 -0
data/src/core/tsi/transport_security_interface.h +21 -27
data/src/ruby/bin/apis/google/protobuf/empty.rb +10 -25
data/src/ruby/bin/apis/pubsub_demo.rb +10 -25
data/src/ruby/bin/apis/tech/pubsub/proto/pubsub.rb +10 -25
data/src/ruby/bin/apis/tech/pubsub/proto/pubsub_services.rb +10 -25
data/src/ruby/bin/math_client.rb +10 -25
data/src/ruby/bin/math_server.rb +10 -25
data/src/ruby/bin/math_services_pb.rb +10 -25
data/src/ruby/bin/noproto_client.rb +10 -25
data/src/ruby/bin/noproto_server.rb +10 -25
data/src/ruby/ext/grpc/extconf.rb +10 -25
data/src/ruby/ext/grpc/rb_byte_buffer.c +10 -25
data/src/ruby/ext/grpc/rb_byte_buffer.h +10 -25
data/src/ruby/ext/grpc/rb_call.c +44 -25
data/src/ruby/ext/grpc/rb_call.h +10 -25
data/src/ruby/ext/grpc/rb_call_credentials.c +10 -25
data/src/ruby/ext/grpc/rb_call_credentials.h +10 -25
data/src/ruby/ext/grpc/rb_channel.c +10 -25
data/src/ruby/ext/grpc/rb_channel.h +10 -25
data/src/ruby/ext/grpc/rb_channel_args.c +10 -25
data/src/ruby/ext/grpc/rb_channel_args.h +10 -25
data/src/ruby/ext/grpc/rb_channel_credentials.c +10 -25
data/src/ruby/ext/grpc/rb_channel_credentials.h +10 -25
data/src/ruby/ext/grpc/rb_completion_queue.c +10 -25
data/src/ruby/ext/grpc/rb_completion_queue.h +10 -25
data/src/ruby/ext/grpc/rb_compression_options.c +10 -25
data/src/ruby/ext/grpc/rb_compression_options.h +10 -25
data/src/ruby/ext/grpc/rb_event_thread.c +10 -25
data/src/ruby/ext/grpc/rb_event_thread.h +10 -25
data/src/ruby/ext/grpc/rb_grpc.c +10 -25
data/src/ruby/ext/grpc/rb_grpc.h +10 -25
data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +10 -25
data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +16 -31
data/src/ruby/ext/grpc/rb_loader.c +10 -25
data/src/ruby/ext/grpc/rb_loader.h +10 -25
data/src/ruby/ext/grpc/rb_server.c +10 -25
data/src/ruby/ext/grpc/rb_server.h +10 -25
data/src/ruby/ext/grpc/rb_server_credentials.c +10 -25
data/src/ruby/ext/grpc/rb_server_credentials.h +10 -25
data/src/ruby/lib/grpc.rb +10 -25
data/src/ruby/lib/grpc/core/time_consts.rb +10 -25
data/src/ruby/lib/grpc/errors.rb +16 -30
data/src/ruby/lib/grpc/generic/active_call.rb +25 -27
data/src/ruby/lib/grpc/generic/bidi_call.rb +17 -27
data/src/ruby/lib/grpc/generic/client_stub.rb +10 -25
data/src/ruby/lib/grpc/generic/rpc_desc.rb +10 -25
data/src/ruby/lib/grpc/generic/rpc_server.rb +10 -25
data/src/ruby/lib/grpc/generic/service.rb +10 -25
data/src/ruby/lib/grpc/grpc.rb +10 -25
data/src/ruby/lib/grpc/logconfig.rb +10 -25
data/src/ruby/lib/grpc/notifier.rb +10 -25
data/src/ruby/lib/grpc/version.rb +11 -26
data/src/ruby/pb/generate_proto_ruby.sh +10 -25
data/src/ruby/pb/grpc/health/checker.rb +10 -25
data/src/ruby/pb/grpc/health/v1/health_services_pb.rb +10 -25
data/src/ruby/pb/grpc/testing/duplicate/echo_duplicate_services_pb.rb +10 -25
data/src/ruby/pb/grpc/testing/metrics_services_pb.rb +10 -25
data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +10 -25
data/src/ruby/pb/test/client.rb +10 -25
data/src/ruby/pb/test/server.rb +10 -25
data/src/ruby/spec/call_credentials_spec.rb +10 -25
data/src/ruby/spec/call_spec.rb +43 -25
data/src/ruby/spec/channel_connection_spec.rb +10 -25
data/src/ruby/spec/channel_credentials_spec.rb +11 -26
data/src/ruby/spec/channel_spec.rb +10 -25
data/src/ruby/spec/client_auth_spec.rb +10 -25
data/src/ruby/spec/client_server_spec.rb +66 -25
data/src/ruby/spec/compression_options_spec.rb +10 -25
data/src/ruby/spec/error_sanity_spec.rb +10 -25
data/src/ruby/spec/generic/active_call_spec.rb +10 -25
data/src/ruby/spec/generic/client_stub_spec.rb +146 -35
data/src/ruby/spec/generic/rpc_desc_spec.rb +10 -25
data/src/ruby/spec/generic/rpc_server_pool_spec.rb +10 -25
data/src/ruby/spec/generic/rpc_server_spec.rb +124 -34
data/src/ruby/spec/generic/service_spec.rb +10 -25
data/src/ruby/spec/pb/duplicate/codegen_spec.rb +10 -25
data/src/ruby/spec/pb/health/checker_spec.rb +10 -25
data/src/ruby/spec/server_credentials_spec.rb +10 -25
data/src/ruby/spec/server_spec.rb +10 -25
data/src/ruby/spec/spec_helper.rb +10 -25
data/src/ruby/spec/time_consts_spec.rb +10 -25
data/third_party/boringssl/crypto/aes/key_wrap.c +138 -0
data/third_party/boringssl/crypto/asn1/a_bitstr.c +6 -3
data/third_party/boringssl/crypto/asn1/a_enum.c +4 -1
data/third_party/boringssl/crypto/asn1/a_gentm.c +20 -15
data/third_party/boringssl/crypto/asn1/a_int.c +7 -4
data/third_party/boringssl/crypto/asn1/a_object.c +5 -2
data/third_party/boringssl/crypto/asn1/a_time.c +0 -1
data/third_party/boringssl/crypto/asn1/a_utctm.c +1 -2
data/third_party/boringssl/crypto/asn1/asn1_lib.c +5 -2
data/third_party/boringssl/crypto/asn1/asn1_locl.h +35 -0
data/third_party/boringssl/crypto/asn1/tasn_dec.c +3 -1
data/third_party/boringssl/crypto/asn1/tasn_enc.c +6 -3
data/third_party/boringssl/crypto/asn1/tasn_new.c +12 -7
data/third_party/boringssl/crypto/asn1/tasn_utl.c +22 -8
data/third_party/boringssl/crypto/{time_support.c → asn1/time_support.c} +1 -1
data/third_party/boringssl/crypto/asn1/x_long.c +5 -2
data/third_party/boringssl/crypto/base64/base64.c +7 -5
data/third_party/boringssl/crypto/bio/bio.c +24 -10
data/third_party/boringssl/crypto/bio/bio_mem.c +12 -10
data/third_party/boringssl/crypto/bio/connect.c +7 -18
data/third_party/boringssl/crypto/bio/fd.c +3 -6
data/third_party/boringssl/crypto/bio/file.c +6 -6
data/third_party/boringssl/crypto/bio/hexdump.c +4 -2
data/third_party/boringssl/crypto/bio/pair.c +30 -344
data/third_party/boringssl/crypto/bio/socket.c +6 -7
data/third_party/boringssl/crypto/bio/socket_helper.c +4 -3
data/third_party/boringssl/crypto/bn/add.c +1 -1
data/third_party/boringssl/crypto/bn/asm/x86_64-gcc.c +11 -10
data/third_party/boringssl/crypto/bn/bn.c +6 -20
data/third_party/boringssl/crypto/bn/cmp.c +14 -0
data/third_party/boringssl/crypto/bn/convert.c +73 -2
data/third_party/boringssl/crypto/bn/ctx.c +3 -1
data/third_party/boringssl/crypto/bn/div.c +108 -51
data/third_party/boringssl/crypto/bn/exponentiation.c +15 -33
data/third_party/boringssl/crypto/bn/gcd.c +29 -22
data/third_party/boringssl/crypto/bn/generic.c +71 -67
data/third_party/boringssl/crypto/bn/internal.h +19 -6
data/third_party/boringssl/crypto/bn/kronecker.c +1 -0
data/third_party/boringssl/crypto/bn/montgomery.c +9 -10
data/third_party/boringssl/crypto/bn/montgomery_inv.c +47 -0
data/third_party/boringssl/crypto/bn/mul.c +11 -9
data/third_party/boringssl/crypto/bn/random.c +6 -3
data/third_party/boringssl/crypto/bn/rsaz_exp.c +0 -65
data/third_party/boringssl/crypto/bn/rsaz_exp.h +0 -3
data/third_party/boringssl/crypto/bn/shift.c +9 -1
data/third_party/boringssl/crypto/bn/sqrt.c +3 -1
data/third_party/boringssl/crypto/buf/buf.c +6 -4
data/third_party/boringssl/crypto/bytestring/asn1_compat.c +2 -1
data/third_party/boringssl/crypto/bytestring/ber.c +2 -1
data/third_party/boringssl/crypto/bytestring/cbb.c +9 -7
data/third_party/boringssl/crypto/bytestring/cbs.c +54 -2
data/third_party/boringssl/crypto/chacha/chacha.c +1 -1
data/third_party/boringssl/crypto/cipher/aead.c +3 -3
data/third_party/boringssl/crypto/cipher/cipher.c +18 -13
data/third_party/boringssl/crypto/cipher/e_aes.c +335 -281
data/third_party/boringssl/crypto/cipher/e_chacha20poly1305.c +113 -137
data/third_party/boringssl/crypto/cipher/e_null.c +2 -1
data/third_party/boringssl/crypto/cipher/e_rc2.c +54 -49
data/third_party/boringssl/crypto/cipher/e_ssl3.c +4 -3
data/third_party/boringssl/crypto/cipher/e_tls.c +5 -5
data/third_party/boringssl/crypto/cipher/tls_cbc.c +41 -112
data/third_party/boringssl/crypto/cmac/cmac.c +6 -4
data/third_party/boringssl/crypto/conf/conf.c +6 -3
data/third_party/boringssl/crypto/cpu-arm-linux.c +2 -2
data/third_party/boringssl/crypto/curve25519/curve25519.c +28 -34
data/third_party/boringssl/crypto/curve25519/spake25519.c +7 -6
data/third_party/boringssl/crypto/curve25519/x25519-x86_64.c +2 -1
data/third_party/boringssl/crypto/des/des.c +1 -1
data/third_party/boringssl/crypto/des/internal.h +58 -46
data/third_party/boringssl/crypto/dh/dh.c +4 -8
data/third_party/boringssl/crypto/digest/digest.c +5 -2
data/third_party/boringssl/crypto/digest/digests.c +70 -33
data/third_party/boringssl/crypto/digest/md32_common.h +39 -27
data/third_party/boringssl/crypto/dsa/dsa.c +11 -19
data/third_party/boringssl/crypto/ec/ec.c +1 -1
data/third_party/boringssl/crypto/ec/ec_asn1.c +3 -2
data/third_party/boringssl/crypto/ec/ec_key.c +1 -1
data/third_party/boringssl/crypto/ec/ec_montgomery.c +6 -11
data/third_party/boringssl/crypto/ec/oct.c +2 -14
data/third_party/boringssl/crypto/ec/p224-64.c +78 -122
data/third_party/boringssl/crypto/ec/p256-64.c +93 -133
data/third_party/boringssl/crypto/ec/p256-x86_64.c +48 -61
data/third_party/boringssl/crypto/ec/p256-x86_64.h +113 -0
data/third_party/boringssl/crypto/ec/simple.c +2 -1
data/third_party/boringssl/crypto/ec/wnaf.c +52 -43
data/third_party/boringssl/crypto/ecdh/ecdh.c +4 -2
data/third_party/boringssl/crypto/ecdsa/ecdsa.c +17 -16
data/third_party/boringssl/crypto/engine/engine.c +3 -1
data/third_party/boringssl/crypto/err/err.c +5 -5
data/third_party/boringssl/crypto/evp/evp.c +1 -1
data/third_party/boringssl/crypto/evp/evp_asn1.c +1 -1
data/third_party/boringssl/crypto/evp/evp_ctx.c +23 -29
data/third_party/boringssl/crypto/evp/p_ec.c +2 -1
data/third_party/boringssl/crypto/evp/p_rsa.c +9 -3
data/third_party/boringssl/crypto/evp/pbkdf.c +3 -1
data/third_party/boringssl/crypto/hkdf/hkdf.c +3 -1
data/third_party/boringssl/crypto/hmac/hmac.c +4 -2
data/third_party/boringssl/crypto/internal.h +81 -0
data/third_party/boringssl/crypto/lhash/lhash.c +7 -13
data/third_party/boringssl/crypto/md4/md4.c +20 -18
data/third_party/boringssl/crypto/md5/md5.c +31 -21
data/third_party/boringssl/crypto/mem.c +4 -10
data/third_party/boringssl/crypto/modes/cbc.c +2 -6
data/third_party/boringssl/crypto/modes/cfb.c +2 -2
data/third_party/boringssl/crypto/modes/ctr.c +1 -1
data/third_party/boringssl/crypto/modes/gcm.c +117 -334
data/third_party/boringssl/crypto/modes/internal.h +107 -84
data/third_party/boringssl/crypto/modes/ofb.c +3 -3
data/third_party/boringssl/crypto/modes/polyval.c +94 -0
data/third_party/boringssl/crypto/obj/obj.c +13 -8
data/third_party/boringssl/crypto/obj/obj_dat.h +6109 -5187
data/third_party/boringssl/crypto/obj/obj_xref.c +55 -57
data/third_party/boringssl/crypto/pem/pem_lib.c +6 -3
data/third_party/boringssl/crypto/pkcs8/internal.h +27 -8
data/third_party/boringssl/crypto/pkcs8/p5_pbev2.c +137 -352
data/third_party/boringssl/crypto/pkcs8/pkcs8.c +371 -364
data/third_party/boringssl/crypto/poly1305/poly1305.c +12 -18
data/third_party/boringssl/crypto/poly1305/poly1305_arm.c +2 -2
data/third_party/boringssl/crypto/{newhope/reduce.c → pool/internal.h} +24 -21
data/third_party/boringssl/crypto/pool/pool.c +200 -0
data/third_party/boringssl/crypto/rand/deterministic.c +6 -5
data/third_party/boringssl/crypto/rand/fuchsia.c +43 -0
data/third_party/boringssl/crypto/rand/rand.c +7 -7
data/third_party/boringssl/crypto/rand/urandom.c +136 -22
data/third_party/boringssl/crypto/rand/windows.c +2 -2
data/third_party/boringssl/crypto/rsa/blinding.c +2 -1
data/third_party/boringssl/crypto/rsa/padding.c +11 -11
data/third_party/boringssl/crypto/rsa/rsa.c +4 -4
data/third_party/boringssl/crypto/rsa/rsa_asn1.c +7 -1
data/third_party/boringssl/crypto/rsa/rsa_impl.c +41 -80
data/third_party/boringssl/crypto/sha/sha1-altivec.c +346 -0
data/third_party/boringssl/crypto/sha/sha1.c +60 -42
data/third_party/boringssl/crypto/sha/sha256.c +4 -2
data/third_party/boringssl/crypto/sha/sha512.c +9 -7
data/third_party/boringssl/crypto/stack/stack.c +10 -7
data/third_party/boringssl/crypto/thread_pthread.c +2 -2
data/third_party/boringssl/crypto/thread_win.c +2 -2
data/third_party/boringssl/crypto/x509/a_verify.c +1 -1
data/third_party/boringssl/crypto/x509/asn1_gen.c +1 -1
data/third_party/boringssl/crypto/x509/by_dir.c +1 -1
data/third_party/boringssl/crypto/x509/t_x509.c +78 -38
data/third_party/boringssl/crypto/x509/x509_cmp.c +8 -5
data/third_party/boringssl/crypto/x509/x509_lu.c +6 -1
data/third_party/boringssl/crypto/x509/x509_obj.c +4 -1
data/third_party/boringssl/crypto/x509/x509_vfy.c +42 -8
data/third_party/boringssl/crypto/x509/x509_vpm.c +8 -6
data/third_party/boringssl/crypto/x509/x509name.c +4 -1
data/third_party/boringssl/crypto/x509/x_crl.c +4 -2
data/third_party/boringssl/crypto/x509/x_name.c +23 -13
data/third_party/boringssl/crypto/x509/x_pkey.c +4 -1
data/third_party/boringssl/crypto/x509/x_x509.c +42 -3
data/third_party/boringssl/crypto/x509v3/pcy_int.h +2 -2
data/third_party/boringssl/crypto/x509v3/pcy_tree.c +2 -1
data/third_party/boringssl/crypto/x509v3/v3_cpols.c +1 -1
data/third_party/boringssl/crypto/x509v3/v3_ia5.c +4 -1
data/third_party/boringssl/crypto/x509v3/v3_ncons.c +4 -1
data/third_party/boringssl/crypto/x509v3/v3_pci.c +6 -3
data/third_party/boringssl/crypto/x509v3/v3_purp.c +13 -21
data/third_party/boringssl/crypto/x509v3/v3_utl.c +19 -33
data/third_party/boringssl/include/openssl/aead.h +9 -20
data/third_party/boringssl/include/openssl/aes.h +21 -9
data/third_party/boringssl/include/openssl/asn1.h +9 -1
data/third_party/boringssl/include/openssl/base.h +33 -6
data/third_party/boringssl/include/openssl/bio.h +10 -103
data/third_party/boringssl/include/openssl/bn.h +58 -42
data/third_party/boringssl/include/openssl/bytestring.h +17 -0
data/third_party/boringssl/include/openssl/cipher.h +4 -3
data/third_party/boringssl/include/openssl/conf.h +4 -1
data/third_party/boringssl/include/openssl/curve25519.h +13 -0
data/third_party/boringssl/include/openssl/digest.h +5 -3
data/third_party/boringssl/include/openssl/dsa.h +5 -5
data/third_party/boringssl/include/openssl/ec.h +2 -2
data/third_party/boringssl/include/openssl/ecdh.h +3 -4
data/third_party/boringssl/include/openssl/ecdsa.h +10 -10
data/third_party/boringssl/include/openssl/err.h +5 -5
data/third_party/boringssl/include/openssl/evp.h +11 -7
data/third_party/boringssl/include/openssl/lhash.h +2 -3
data/third_party/boringssl/include/openssl/lhash_macros.h +56 -14
data/third_party/boringssl/include/openssl/nid.h +2949 -2916
data/third_party/boringssl/include/openssl/obj.h +1 -1
data/third_party/boringssl/include/openssl/pkcs8.h +21 -42
data/third_party/boringssl/include/openssl/pool.h +87 -0
data/third_party/boringssl/include/openssl/rand.h +1 -1
data/third_party/boringssl/include/openssl/rsa.h +4 -2
data/third_party/boringssl/include/openssl/sha.h +0 -4
data/third_party/boringssl/include/openssl/ssl.h +327 -662
data/third_party/boringssl/include/openssl/ssl3.h +1 -21
data/third_party/boringssl/include/openssl/stack.h +1 -0
data/third_party/boringssl/include/openssl/stack_macros.h +85 -0
data/third_party/boringssl/include/openssl/tls1.h +23 -52
data/third_party/boringssl/include/openssl/type_check.h +4 -0
data/third_party/boringssl/include/openssl/x509.h +10 -59
data/third_party/boringssl/include/openssl/x509_vfy.h +7 -1
data/third_party/boringssl/include/openssl/x509v3.h +4 -4
data/third_party/boringssl/ssl/bio_ssl.c +175 -0
data/third_party/boringssl/ssl/custom_extensions.c +24 -21
data/third_party/boringssl/ssl/d1_both.c +259 -289
data/third_party/boringssl/ssl/d1_lib.c +8 -20
data/third_party/boringssl/ssl/d1_pkt.c +6 -15
data/third_party/boringssl/ssl/dtls_method.c +22 -8
data/third_party/boringssl/ssl/dtls_record.c +27 -2
data/third_party/boringssl/ssl/handshake_client.c +460 -579
data/third_party/boringssl/ssl/handshake_server.c +662 -644
data/third_party/boringssl/ssl/internal.h +1009 -375
data/third_party/boringssl/ssl/s3_both.c +312 -162
data/third_party/boringssl/ssl/s3_lib.c +12 -128
data/third_party/boringssl/ssl/s3_pkt.c +22 -30
data/third_party/boringssl/ssl/ssl_aead_ctx.c +28 -22
data/third_party/boringssl/ssl/ssl_asn1.c +210 -114
data/third_party/boringssl/ssl/ssl_buffer.c +2 -1
data/third_party/boringssl/ssl/ssl_cert.c +417 -219
data/third_party/boringssl/ssl/ssl_cipher.c +191 -393
data/third_party/boringssl/ssl/ssl_ecdh.c +19 -164
data/third_party/boringssl/ssl/ssl_file.c +0 -11
data/third_party/boringssl/ssl/ssl_lib.c +325 -652
data/third_party/boringssl/ssl/{ssl_rsa.c → ssl_privkey.c} +21 -131
data/third_party/boringssl/ssl/ssl_privkey_cc.cc +76 -0
data/third_party/boringssl/ssl/ssl_session.c +206 -95
data/third_party/boringssl/ssl/ssl_stat.c +18 -84
data/third_party/boringssl/ssl/{s3_enc.c → ssl_transcript.c} +150 -157
data/third_party/boringssl/ssl/ssl_x509.c +815 -0
data/third_party/boringssl/ssl/t1_enc.c +188 -174
data/third_party/boringssl/ssl/t1_lib.c +1064 -764
data/third_party/boringssl/ssl/tls13_both.c +290 -96
data/third_party/boringssl/ssl/tls13_client.c +344 -314
data/third_party/boringssl/ssl/tls13_enc.c +239 -200
data/third_party/boringssl/ssl/tls13_server.c +374 -366
data/third_party/boringssl/ssl/tls_method.c +40 -5
data/third_party/boringssl/ssl/tls_record.c +166 -71
metadata +39 -25
data/src/core/lib/iomgr/workqueue.h +0 -87
data/src/core/lib/iomgr/workqueue_uv.c +0 -65
data/src/core/lib/iomgr/workqueue_uv.h +0 -37
data/src/core/lib/iomgr/workqueue_windows.c +0 -63
data/src/core/lib/iomgr/workqueue_windows.h +0 -37
data/third_party/boringssl/crypto/bio/buffer.c +0 -496
data/third_party/boringssl/crypto/newhope/error_correction.c +0 -131
data/third_party/boringssl/crypto/newhope/internal.h +0 -71
data/third_party/boringssl/crypto/newhope/newhope.c +0 -174
data/third_party/boringssl/crypto/newhope/ntt.c +0 -148
data/third_party/boringssl/crypto/newhope/poly.c +0 -183
data/third_party/boringssl/crypto/newhope/precomp.c +0 -306
data/third_party/boringssl/crypto/obj/obj_xref.h +0 -96
data/third_party/boringssl/crypto/pkcs8/p5_pbe.c +0 -151
data/third_party/boringssl/include/openssl/newhope.h +0 -158
data/third_party/boringssl/include/openssl/time_support.h +0 -91

data/third_party/boringssl/ssl/handshake_server.c CHANGED

@@ -171,184 +171,178 @@
 #include "../crypto/internal.h"
-static int ssl3_get_client_hello(SSL *ssl);
-static int ssl3_send_server_hello(SSL *ssl);
-static int ssl3_send_server_certificate(SSL *ssl);
-static int ssl3_send_certificate_status(SSL *ssl);
-static int ssl3_send_server_key_exchange(SSL *ssl);
-static int ssl3_send_certificate_request(SSL *ssl);
-static int ssl3_send_server_hello_done(SSL *ssl);
-static int ssl3_get_client_certificate(SSL *ssl);
-static int ssl3_get_client_key_exchange(SSL *ssl);
-static int ssl3_get_cert_verify(SSL *ssl);
-static int ssl3_get_next_proto(SSL *ssl);
-static int ssl3_get_channel_id(SSL *ssl);
-static int ssl3_send_new_session_ticket(SSL *ssl);
-int ssl3_accept(SSL *ssl) {
+static int ssl3_process_client_hello(SSL_HANDSHAKE *hs);
+static int ssl3_select_certificate(SSL_HANDSHAKE *hs);
+static int ssl3_select_parameters(SSL_HANDSHAKE *hs);
+static int ssl3_send_server_hello(SSL_HANDSHAKE *hs);
+static int ssl3_send_server_certificate(SSL_HANDSHAKE *hs);
+static int ssl3_send_certificate_status(SSL_HANDSHAKE *hs);
+static int ssl3_send_server_key_exchange(SSL_HANDSHAKE *hs);
+static int ssl3_send_certificate_request(SSL_HANDSHAKE *hs);
+static int ssl3_send_server_hello_done(SSL_HANDSHAKE *hs);
+static int ssl3_get_client_certificate(SSL_HANDSHAKE *hs);
+static int ssl3_get_client_key_exchange(SSL_HANDSHAKE *hs);
+static int ssl3_get_cert_verify(SSL_HANDSHAKE *hs);
+static int ssl3_get_next_proto(SSL_HANDSHAKE *hs);
+static int ssl3_get_channel_id(SSL_HANDSHAKE *hs);
+static int ssl3_send_new_session_ticket(SSL_HANDSHAKE *hs);
+static struct CRYPTO_STATIC_MUTEX g_v2clienthello_lock =
+    CRYPTO_STATIC_MUTEX_INIT;
+static uint64_t g_v2clienthello_count = 0;
+uint64_t SSL_get_v2clienthello_count(void) {
+  CRYPTO_STATIC_MUTEX_lock_read(&g_v2clienthello_lock);
+  uint64_t ret = g_v2clienthello_count;
+  CRYPTO_STATIC_MUTEX_unlock_read(&g_v2clienthello_lock);
+  return ret;
+}
+int ssl3_accept(SSL_HANDSHAKE *hs) {
+  SSL *const ssl = hs->ssl;
   uint32_t alg_a;
   int ret = -1;
-  int state, skip = 0;
   assert(ssl->handshake_func == ssl3_accept);
   assert(ssl->server);
   for (;;) {
-    state = ssl->state;
+    int state = hs->state;
-    switch (ssl->state) {
+    switch (hs->state) {
       case SSL_ST_INIT:
-        ssl->state = SSL_ST_ACCEPT;
-        skip = 1;
-        break;
-      case SSL_ST_ACCEPT:
         ssl_do_info_callback(ssl, SSL_CB_HANDSHAKE_START, 1);
+        hs->state = SSL3_ST_SR_CLNT_HELLO_A;
+        break;
-        ssl->s3->hs = ssl_handshake_new(tls13_server_handshake);
-        if (ssl->s3->hs == NULL) {
-          ret = -1;
+      case SSL3_ST_SR_CLNT_HELLO_A:
+        ret = ssl->method->ssl_get_message(ssl);
+        if (ret <= 0) {
           goto end;
         }
+        hs->state = SSL3_ST_SR_CLNT_HELLO_B;
+        break;
-        /* Enable a write buffer. This groups handshake messages within a flight
-         * into a single write. */
-        if (!ssl_init_wbio_buffer(ssl)) {
-          ret = -1;
+      case SSL3_ST_SR_CLNT_HELLO_B:
+        ret = ssl3_process_client_hello(hs);
+        if (ret <= 0) {
           goto end;
         }
+        hs->state = SSL3_ST_SR_CLNT_HELLO_C;
+        break;
-        if (!ssl3_init_handshake_buffer(ssl)) {
-          OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
-          ret = -1;
+      case SSL3_ST_SR_CLNT_HELLO_C:
+        ret = ssl3_select_certificate(hs);
+        if (ret <= 0) {
           goto end;
         }
-        ssl->state = SSL3_ST_SR_CLNT_HELLO_A;
+        if (hs->state != SSL_ST_TLS13) {
+          hs->state = SSL3_ST_SR_CLNT_HELLO_D;
+        }
         break;
-      case SSL3_ST_SR_CLNT_HELLO_A:
-      case SSL3_ST_SR_CLNT_HELLO_B:
-      case SSL3_ST_SR_CLNT_HELLO_C:
       case SSL3_ST_SR_CLNT_HELLO_D:
-        ret = ssl3_get_client_hello(ssl);
-        if (ssl->state == SSL_ST_TLS13) {
-          break;
-        }
+        ret = ssl3_select_parameters(hs);
         if (ret <= 0) {
           goto end;
         }
         ssl->method->received_flight(ssl);
-        ssl->state = SSL3_ST_SW_SRVR_HELLO_A;
+        hs->state = SSL3_ST_SW_SRVR_HELLO_A;
         break;
       case SSL3_ST_SW_SRVR_HELLO_A:
-      case SSL3_ST_SW_SRVR_HELLO_B:
-        ret = ssl3_send_server_hello(ssl);
+        ret = ssl3_send_server_hello(hs);
         if (ret <= 0) {
           goto end;
         }
         if (ssl->session != NULL) {
-          ssl->state = SSL3_ST_SW_SESSION_TICKET_A;
+          hs->state = SSL3_ST_SW_SESSION_TICKET_A;
         } else {
-          ssl->state = SSL3_ST_SW_CERT_A;
+          hs->state = SSL3_ST_SW_CERT_A;
         }
         break;
       case SSL3_ST_SW_CERT_A:
-      case SSL3_ST_SW_CERT_B:
-        if (ssl_cipher_uses_certificate_auth(ssl->s3->tmp.new_cipher)) {
-          ret = ssl3_send_server_certificate(ssl);
+        if (ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
+          ret = ssl3_send_server_certificate(hs);
           if (ret <= 0) {
             goto end;
           }
-        } else {
-          skip = 1;
         }
-        ssl->state = SSL3_ST_SW_CERT_STATUS_A;
+        hs->state = SSL3_ST_SW_CERT_STATUS_A;
         break;
       case SSL3_ST_SW_CERT_STATUS_A:
-      case SSL3_ST_SW_CERT_STATUS_B:
-        if (ssl->s3->tmp.certificate_status_expected) {
-          ret = ssl3_send_certificate_status(ssl);
+        if (hs->certificate_status_expected) {
+          ret = ssl3_send_certificate_status(hs);
           if (ret <= 0) {
             goto end;
           }
-        } else {
-          skip = 1;
         }
-        ssl->state = SSL3_ST_SW_KEY_EXCH_A;
+        hs->state = SSL3_ST_SW_KEY_EXCH_A;
         break;
       case SSL3_ST_SW_KEY_EXCH_A:
       case SSL3_ST_SW_KEY_EXCH_B:
-      case SSL3_ST_SW_KEY_EXCH_C:
-        alg_a = ssl->s3->tmp.new_cipher->algorithm_auth;
+        alg_a = hs->new_cipher->algorithm_auth;
         /* PSK ciphers send ServerKeyExchange if there is an identity hint. */
-        if (ssl_cipher_requires_server_key_exchange(ssl->s3->tmp.new_cipher) ||
+        if (ssl_cipher_requires_server_key_exchange(hs->new_cipher) ||
             ((alg_a & SSL_aPSK) && ssl->psk_identity_hint)) {
-          ret = ssl3_send_server_key_exchange(ssl);
+          ret = ssl3_send_server_key_exchange(hs);
           if (ret <= 0) {
             goto end;
           }
-        } else {
-          skip = 1;
         }
-        ssl->state = SSL3_ST_SW_CERT_REQ_A;
+        hs->state = SSL3_ST_SW_CERT_REQ_A;
         break;
       case SSL3_ST_SW_CERT_REQ_A:
-      case SSL3_ST_SW_CERT_REQ_B:
-        if (ssl->s3->tmp.cert_request) {
-          ret = ssl3_send_certificate_request(ssl);
+        if (hs->cert_request) {
+          ret = ssl3_send_certificate_request(hs);
           if (ret <= 0) {
             goto end;
           }
-        } else {
-          skip = 1;
         }
-        ssl->state = SSL3_ST_SW_SRVR_DONE_A;
+        hs->state = SSL3_ST_SW_SRVR_DONE_A;
         break;
       case SSL3_ST_SW_SRVR_DONE_A:
-      case SSL3_ST_SW_SRVR_DONE_B:
-        ret = ssl3_send_server_hello_done(ssl);
+        ret = ssl3_send_server_hello_done(hs);
         if (ret <= 0) {
           goto end;
         }
-        ssl->s3->tmp.next_state = SSL3_ST_SR_CERT_A;
-        ssl->state = SSL3_ST_SW_FLUSH;
+        hs->next_state = SSL3_ST_SR_CERT_A;
+        hs->state = SSL3_ST_SW_FLUSH;
         break;
       case SSL3_ST_SR_CERT_A:
-        if (ssl->s3->tmp.cert_request) {
-          ret = ssl3_get_client_certificate(ssl);
+        if (hs->cert_request) {
+          ret = ssl3_get_client_certificate(hs);
           if (ret <= 0) {
             goto end;
           }
         }
-        ssl->state = SSL3_ST_SR_KEY_EXCH_A;
+        hs->state = SSL3_ST_SR_KEY_EXCH_A;
         break;
       case SSL3_ST_SR_KEY_EXCH_A:
       case SSL3_ST_SR_KEY_EXCH_B:
-        ret = ssl3_get_client_key_exchange(ssl);
+        ret = ssl3_get_client_key_exchange(hs);
         if (ret <= 0) {
           goto end;
         }
-        ssl->state = SSL3_ST_SR_CERT_VRFY_A;
+        hs->state = SSL3_ST_SR_CERT_VRFY_A;
         break;
       case SSL3_ST_SR_CERT_VRFY_A:
-        ret = ssl3_get_cert_verify(ssl);
+        ret = ssl3_get_cert_verify(hs);
         if (ret <= 0) {
           goto end;
         }
-        ssl->state = SSL3_ST_SR_CHANGE;
+        hs->state = SSL3_ST_SR_CHANGE;
         break;
       case SSL3_ST_SR_CHANGE:
@@ -357,56 +351,52 @@ int ssl3_accept(SSL *ssl) {
           goto end;
         }
-        if (!tls1_change_cipher_state(ssl, SSL3_CHANGE_CIPHER_SERVER_READ)) {
+        if (!tls1_change_cipher_state(hs, SSL3_CHANGE_CIPHER_SERVER_READ)) {
           ret = -1;
           goto end;
         }
-        ssl->state = SSL3_ST_SR_NEXT_PROTO_A;
+        hs->state = SSL3_ST_SR_NEXT_PROTO_A;
         break;
       case SSL3_ST_SR_NEXT_PROTO_A:
-        if (ssl->s3->next_proto_neg_seen) {
-          ret = ssl3_get_next_proto(ssl);
+        if (hs->next_proto_neg_seen) {
+          ret = ssl3_get_next_proto(hs);
           if (ret <= 0) {
             goto end;
           }
-        } else {
-          skip = 1;
         }
-        ssl->state = SSL3_ST_SR_CHANNEL_ID_A;
+        hs->state = SSL3_ST_SR_CHANNEL_ID_A;
         break;
       case SSL3_ST_SR_CHANNEL_ID_A:
         if (ssl->s3->tlsext_channel_id_valid) {
-          ret = ssl3_get_channel_id(ssl);
+          ret = ssl3_get_channel_id(hs);
           if (ret <= 0) {
             goto end;
           }
-        } else {
-          skip = 1;
         }
-        ssl->state = SSL3_ST_SR_FINISHED_A;
+        hs->state = SSL3_ST_SR_FINISHED_A;
         break;
       case SSL3_ST_SR_FINISHED_A:
-        ret = ssl3_get_finished(ssl);
+        ret = ssl3_get_finished(hs);
         if (ret <= 0) {
           goto end;
         }
         ssl->method->received_flight(ssl);
         if (ssl->session != NULL) {
-          ssl->state = SSL_ST_OK;
+          hs->state = SSL_ST_OK;
         } else {
-          ssl->state = SSL3_ST_SW_SESSION_TICKET_A;
+          hs->state = SSL3_ST_SW_SESSION_TICKET_A;
         }
         /* If this is a full handshake with ChannelID then record the handshake
-         * hashes in |ssl->s3->new_session| in case we need them to verify a
+         * hashes in |hs->new_session| in case we need them to verify a
          * ChannelID signature on a resumption of this session in the future. */
         if (ssl->session == NULL && ssl->s3->tlsext_channel_id_valid) {
-          ret = tls1_record_handshake_hashes_for_channel_id(ssl);
+          ret = tls1_record_handshake_hashes_for_channel_id(hs);
           if (ret <= 0) {
             goto end;
           }
@@ -414,80 +404,68 @@ int ssl3_accept(SSL *ssl) {
         break;
       case SSL3_ST_SW_SESSION_TICKET_A:
-      case SSL3_ST_SW_SESSION_TICKET_B:
-        if (ssl->tlsext_ticket_expected) {
-          ret = ssl3_send_new_session_ticket(ssl);
+        if (hs->ticket_expected) {
+          ret = ssl3_send_new_session_ticket(hs);
           if (ret <= 0) {
             goto end;
           }
-        } else {
-          skip = 1;
         }
-        ssl->state = SSL3_ST_SW_CHANGE;
+        hs->state = SSL3_ST_SW_CHANGE;
         break;
       case SSL3_ST_SW_CHANGE:
-        ret = ssl->method->send_change_cipher_spec(ssl);
-        if (ret <= 0) {
-          goto end;
-        }
-        ssl->state = SSL3_ST_SW_FINISHED_A;
-        if (!tls1_change_cipher_state(ssl, SSL3_CHANGE_CIPHER_SERVER_WRITE)) {
+        if (!ssl->method->add_change_cipher_spec(ssl) ||
+            !tls1_change_cipher_state(hs, SSL3_CHANGE_CIPHER_SERVER_WRITE)) {
           ret = -1;
           goto end;
         }
+        hs->state = SSL3_ST_SW_FINISHED_A;
         break;
       case SSL3_ST_SW_FINISHED_A:
-      case SSL3_ST_SW_FINISHED_B:
-        ret = ssl3_send_finished(ssl, SSL3_ST_SW_FINISHED_A,
-                                 SSL3_ST_SW_FINISHED_B);
+        ret = ssl3_send_finished(hs);
         if (ret <= 0) {
           goto end;
         }
-        ssl->state = SSL3_ST_SW_FLUSH;
+        hs->state = SSL3_ST_SW_FLUSH;
         if (ssl->session != NULL) {
-          ssl->s3->tmp.next_state = SSL3_ST_SR_CHANGE;
+          hs->next_state = SSL3_ST_SR_CHANGE;
         } else {
-          ssl->s3->tmp.next_state = SSL_ST_OK;
+          hs->next_state = SSL_ST_OK;
         }
         break;
       case SSL3_ST_SW_FLUSH:
-        if (BIO_flush(ssl->wbio) <= 0) {
-          ssl->rwstate = SSL_WRITING;
-          ret = -1;
+        ret = ssl->method->flush_flight(ssl);
+        if (ret <= 0) {
           goto end;
         }
-        ssl->state = ssl->s3->tmp.next_state;
-        if (ssl->state != SSL_ST_OK) {
+        hs->state = hs->next_state;
+        if (hs->state != SSL_ST_OK) {
           ssl->method->expect_flight(ssl);
         }
         break;
       case SSL_ST_TLS13:
-        ret = tls13_handshake(ssl);
+        ret = tls13_handshake(hs);
         if (ret <= 0) {
           goto end;
         }
-        ssl->state = SSL_ST_OK;
+        hs->state = SSL_ST_OK;
         break;
       case SSL_ST_OK:
-        /* Clean a few things up. */
-        ssl3_cleanup_key_block(ssl);
         ssl->method->release_current_message(ssl, 1 /* free_buffer */);
         /* If we aren't retaining peer certificates then we can discard it
          * now. */
-        if (ssl->s3->new_session != NULL &&
-            ssl->ctx->retain_only_sha256_of_client_certs) {
-          X509_free(ssl->s3->new_session->peer);
-          ssl->s3->new_session->peer = NULL;
-          sk_X509_pop_free(ssl->s3->new_session->cert_chain, X509_free);
-          ssl->s3->new_session->cert_chain = NULL;
+        if (hs->new_session != NULL &&
+            ssl->retain_only_sha256_of_client_certs) {
+          sk_CRYPTO_BUFFER_pop_free(hs->new_session->certs, CRYPTO_BUFFER_free);
+          hs->new_session->certs = NULL;
+          ssl->ctx->x509_method->session_clear(hs->new_session);
         }
         SSL_SESSION_free(ssl->s3->established_session);
@@ -495,23 +473,21 @@ int ssl3_accept(SSL *ssl) {
           SSL_SESSION_up_ref(ssl->session);
           ssl->s3->established_session = ssl->session;
         } else {
-          ssl->s3->established_session = ssl->s3->new_session;
+          ssl->s3->established_session = hs->new_session;
           ssl->s3->established_session->not_resumable = 0;
-          ssl->s3->new_session = NULL;
+          hs->new_session = NULL;
         }
-        /* remove buffering on output */
-        ssl_free_wbio_buffer(ssl);
-        ssl_handshake_free(ssl->s3->hs);
-        ssl->s3->hs = NULL;
+        if (hs->v2_clienthello) {
+          CRYPTO_STATIC_MUTEX_lock_write(&g_v2clienthello_lock);
+          g_v2clienthello_count++;
+          CRYPTO_STATIC_MUTEX_unlock_write(&g_v2clienthello_lock);
+        }
         ssl->s3->initial_handshake_complete = 1;
-        ssl_update_cache(ssl, SSL_SESS_CACHE_SERVER);
+        ssl_update_cache(hs, SSL_SESS_CACHE_SERVER);
         ssl_do_info_callback(ssl, SSL_CB_HANDSHAKE_DONE, 1);
         ret = 1;
         goto end;
@@ -521,13 +497,9 @@ int ssl3_accept(SSL *ssl) {
         goto end;
     }
-    if (!ssl->s3->tmp.reuse_message && !skip && ssl->state != state) {
-      int new_state = ssl->state;
-      ssl->state = state;
+    if (hs->state != state) {
       ssl_do_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 1);
-      ssl->state = new_state;
     }
-    skip = 0;
   }
 end:
@@ -535,8 +507,8 @@ end:
   return ret;
 }
-int ssl_client_cipher_list_contains_cipher(
-    const struct ssl_early_callback_ctx *client_hello, uint16_t id) {
+int ssl_client_cipher_list_contains_cipher(const SSL_CLIENT_HELLO *client_hello,
+                                           uint16_t id) {
   CBS cipher_suites;
   CBS_init(&cipher_suites, client_hello->cipher_suites,
            client_hello->cipher_suites_len);
@@ -555,9 +527,10 @@ int ssl_client_cipher_list_contains_cipher(
   return 0;
 }
-static int negotiate_version(
-    SSL *ssl, int *out_alert,
-    const struct ssl_early_callback_ctx *client_hello) {
+static int negotiate_version(SSL_HANDSHAKE *hs, uint8_t *out_alert,
+                             const SSL_CLIENT_HELLO *client_hello) {
+  SSL *const ssl = hs->ssl;
+  assert(!ssl->s3->have_version);
   uint16_t min_version, max_version;
   if (!ssl_get_version_range(ssl, &min_version, &max_version)) {
     *out_alert = SSL_AD_PROTOCOL_VERSION;
@@ -567,8 +540,8 @@ static int negotiate_version(
   uint16_t version = 0;
   /* Check supported_versions extension if it is present. */
   CBS supported_versions;
-  if (ssl_early_callback_get_extension(client_hello, &supported_versions,
-                                       TLSEXT_TYPE_supported_versions)) {
+  if (ssl_client_hello_get_extension(client_hello, &supported_versions,
+                                     TLSEXT_TYPE_supported_versions)) {
     CBS versions;
     if (!CBS_get_u8_length_prefixed(&supported_versions, &versions) ||
         CBS_len(&supported_versions) != 0 ||
@@ -578,6 +551,9 @@ static int negotiate_version(
       return 0;
     }
+    /* Choose the newest commonly-supported version advertised by the client.
+     * The client orders the versions according to its preferences, but we're
+     * not required to honor the client's preferences. */
     int found_version = 0;
     while (CBS_len(&versions) != 0) {
       uint16_t ext_version;
@@ -590,10 +566,10 @@ static int negotiate_version(
         continue;
       }
       if (min_version <= ext_version &&
-          ext_version <= max_version) {
+          ext_version <= max_version &&
+          (!found_version || version < ext_version)) {
         version = ext_version;
         found_version = 1;
-        break;
       }
     }
@@ -644,10 +620,8 @@ static int negotiate_version(
     return 0;
   }
-  ssl->client_version = client_hello->version;
+  hs->client_version = client_hello->version;
   ssl->version = ssl->method->version_to_wire(version);
-  ssl->s3->enc_method = ssl3_get_enc_method(version);
-  assert(ssl->s3->enc_method != NULL);
   /* At this point, the connection's version is known and |ssl->version| is
    * fixed. Begin enforcing the record-layer version. */
@@ -661,235 +635,397 @@ unsupported_protocol:
   return 0;
 }
-static int ssl3_get_client_hello(SSL *ssl) {
-  int al = SSL_AD_INTERNAL_ERROR, ret = -1;
-  SSL_SESSION *session = NULL;
+static STACK_OF(SSL_CIPHER) *
+    ssl_parse_client_cipher_list(const SSL_CLIENT_HELLO *client_hello) {
+  CBS cipher_suites;
+  CBS_init(&cipher_suites, client_hello->cipher_suites,
+           client_hello->cipher_suites_len);
+  STACK_OF(SSL_CIPHER) *sk = sk_SSL_CIPHER_new_null();
+  if (sk == NULL) {
+    OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
+    goto err;
+  }
-  if (ssl->state == SSL3_ST_SR_CLNT_HELLO_A) {
-    /* The first time around, read the ClientHello. */
-    int msg_ret = ssl->method->ssl_get_message(ssl, SSL3_MT_CLIENT_HELLO,
-                                               ssl_hash_message);
-    if (msg_ret <= 0) {
-      return msg_ret;
+  while (CBS_len(&cipher_suites) > 0) {
+    uint16_t cipher_suite;
+    if (!CBS_get_u16(&cipher_suites, &cipher_suite)) {
+      OPENSSL_PUT_ERROR(SSL, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
+      goto err;
     }
-    ssl->state = SSL3_ST_SR_CLNT_HELLO_B;
+    const SSL_CIPHER *c = SSL_get_cipher_by_value(cipher_suite);
+    if (c != NULL && !sk_SSL_CIPHER_push(sk, c)) {
+      OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
+      goto err;
+    }
   }
-  struct ssl_early_callback_ctx client_hello;
-  if (!ssl_early_callback_init(ssl, &client_hello, ssl->init_msg,
-                               ssl->init_num)) {
-    al = SSL_AD_DECODE_ERROR;
-    OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
-    goto f_err;
-  }
+  return sk;
-  if (ssl->state == SSL3_ST_SR_CLNT_HELLO_B) {
-    /* Unlike other callbacks, the early callback is not run a second time if
-     * paused. */
-    ssl->state = SSL3_ST_SR_CLNT_HELLO_C;
+err:
+  sk_SSL_CIPHER_free(sk);
+  return NULL;
+}
-    /* Run the early callback. */
-    if (ssl->ctx->select_certificate_cb != NULL) {
-      switch (ssl->ctx->select_certificate_cb(&client_hello)) {
-        case 0:
-          ssl->rwstate = SSL_CERTIFICATE_SELECTION_PENDING;
-          goto err;
+/* ssl_get_compatible_server_ciphers determines the key exchange and
+ * authentication cipher suite masks compatible with the server configuration
+ * and current ClientHello parameters of |hs|. It sets |*out_mask_k| to the key
+ * exchange mask and |*out_mask_a| to the authentication mask. */
+static void ssl_get_compatible_server_ciphers(SSL_HANDSHAKE *hs,
+                                              uint32_t *out_mask_k,
+                                              uint32_t *out_mask_a) {
+  SSL *const ssl = hs->ssl;
+  if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
+    *out_mask_k = SSL_kGENERIC;
+    *out_mask_a = SSL_aGENERIC;
+    return;
+  }
-        case -1:
-          /* Connection rejected. */
-          al = SSL_AD_HANDSHAKE_FAILURE;
-          OPENSSL_PUT_ERROR(SSL, SSL_R_CONNECTION_REJECTED);
-          goto f_err;
+  uint32_t mask_k = 0;
+  uint32_t mask_a = 0;
-        default:
-          /* fallthrough */;
-      }
+  if (ssl_has_certificate(ssl)) {
+    int type = ssl_private_key_type(ssl);
+    if (type == NID_rsaEncryption) {
+      mask_k |= SSL_kRSA;
+      mask_a |= SSL_aRSA;
+    } else if (ssl_is_ecdsa_key_type(type)) {
+      mask_a |= SSL_aECDSA;
     }
   }
-  /* Negotiate the protocol version if we have not done so yet. */
-  if (!ssl->s3->have_version) {
-    if (!negotiate_version(ssl, &al, &client_hello)) {
-      goto f_err;
-    }
+  if (ssl->cert->dh_tmp != NULL || ssl->cert->dh_tmp_cb != NULL) {
+    mask_k |= SSL_kDHE;
+  }
-    if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
-      ssl->state = SSL_ST_TLS13;
-      return 1;
-    }
+  /* Check for a shared group to consider ECDHE ciphers. */
+  uint16_t unused;
+  if (tls1_get_shared_group(hs, &unused)) {
+    mask_k |= SSL_kECDHE;
   }
-  if (ssl->state == SSL3_ST_SR_CLNT_HELLO_C) {
-    /* Load the client random. */
-    if (client_hello.random_len != SSL3_RANDOM_SIZE) {
-      OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
-      return -1;
+  /* PSK requires a server callback. */
+  if (ssl->psk_server_callback != NULL) {
+    mask_k |= SSL_kPSK;
+    mask_a |= SSL_aPSK;
+  }
+  *out_mask_k = mask_k;
+  *out_mask_a = mask_a;
+}
+static const SSL_CIPHER *ssl3_choose_cipher(
+    SSL_HANDSHAKE *hs, const SSL_CLIENT_HELLO *client_hello,
+    const struct ssl_cipher_preference_list_st *server_pref) {
+  SSL *const ssl = hs->ssl;
+  const SSL_CIPHER *c, *ret = NULL;
+  STACK_OF(SSL_CIPHER) *srvr = server_pref->ciphers, *prio, *allow;
+  int ok;
+  size_t cipher_index;
+  uint32_t alg_k, alg_a, mask_k, mask_a;
+  /* in_group_flags will either be NULL, or will point to an array of bytes
+   * which indicate equal-preference groups in the |prio| stack. See the
+   * comment about |in_group_flags| in the |ssl_cipher_preference_list_st|
+   * struct. */
+  const uint8_t *in_group_flags;
+  /* group_min contains the minimal index so far found in a group, or -1 if no
+   * such value exists yet. */
+  int group_min = -1;
+  STACK_OF(SSL_CIPHER) *clnt = ssl_parse_client_cipher_list(client_hello);
+  if (clnt == NULL) {
+    return NULL;
+  }
+  if (ssl->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
+    prio = srvr;
+    in_group_flags = server_pref->in_group_flags;
+    allow = clnt;
+  } else {
+    prio = clnt;
+    in_group_flags = NULL;
+    allow = srvr;
+  }
+  ssl_get_compatible_server_ciphers(hs, &mask_k, &mask_a);
+  for (size_t i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
+    c = sk_SSL_CIPHER_value(prio, i);
+    ok = 1;
+    /* Check the TLS version. */
+    if (SSL_CIPHER_get_min_version(c) > ssl3_protocol_version(ssl) ||
+        SSL_CIPHER_get_max_version(c) < ssl3_protocol_version(ssl)) {
+      ok = 0;
     }
-    memcpy(ssl->s3->client_random, client_hello.random,
-           client_hello.random_len);
-    /* Determine whether we are doing session resumption. */
-    int send_new_ticket = 0;
-    switch (
-        ssl_get_prev_session(ssl, &session, &send_new_ticket, &client_hello)) {
-      case ssl_session_success:
+    alg_k = c->algorithm_mkey;
+    alg_a = c->algorithm_auth;
+    ok = ok && (alg_k & mask_k) && (alg_a & mask_a);
+    if (ok && sk_SSL_CIPHER_find(allow, &cipher_index, c)) {
+      if (in_group_flags != NULL && in_group_flags[i] == 1) {
+        /* This element of |prio| is in a group. Update the minimum index found
+         * so far and continue looking. */
+        if (group_min == -1 || (size_t)group_min > cipher_index) {
+          group_min = cipher_index;
+        }
+      } else {
+        if (group_min != -1 && (size_t)group_min < cipher_index) {
+          cipher_index = group_min;
+        }
+        ret = sk_SSL_CIPHER_value(allow, cipher_index);
         break;
-      case ssl_session_error:
-        goto err;
-      case ssl_session_retry:
-        ssl->rwstate = SSL_PENDING_SESSION;
-        goto err;
-    }
-    ssl->tlsext_ticket_expected = send_new_ticket;
-    /* The EMS state is needed when making the resumption decision, but
-     * extensions are not normally parsed until later. This detects the EMS
-     * extension for the resumption decision and it's checked against the result
-     * of the normal parse later in this function. */
-    CBS ems;
-    int have_extended_master_secret =
-        ssl->version != SSL3_VERSION &&
-        ssl_early_callback_get_extension(&client_hello, &ems,
-                                         TLSEXT_TYPE_extended_master_secret) &&
-        CBS_len(&ems) == 0;
-    int has_session = 0;
-    if (session != NULL) {
-      if (session->extended_master_secret &&
-          !have_extended_master_secret) {
-        /* A ClientHello without EMS that attempts to resume a session with EMS
-         * is fatal to the connection. */
-        al = SSL_AD_HANDSHAKE_FAILURE;
-        OPENSSL_PUT_ERROR(SSL, SSL_R_RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION);
-        goto f_err;
       }
+    }
-      has_session =
-          /* Only resume if the session's version matches the negotiated
-           * version: most clients do not accept a mismatch. */
-          ssl->version == session->ssl_version &&
-          /* If the client offers the EMS extension, but the previous session
-           * didn't use it, then negotiate a new session. */
-          have_extended_master_secret == session->extended_master_secret;
+    if (in_group_flags != NULL && in_group_flags[i] == 0 && group_min != -1) {
+      /* We are about to leave a group, but we found a match in it, so that's
+       * our answer. */
+      ret = sk_SSL_CIPHER_value(allow, group_min);
+      break;
     }
+  }
-    if (has_session) {
-      /* Use the old session. */
-      ssl->session = session;
-      session = NULL;
-      ssl->s3->session_reused = 1;
-    } else {
-      ssl_set_session(ssl, NULL);
-      if (!ssl_get_new_session(ssl, 1 /* server */)) {
-        goto err;
-      }
+  sk_SSL_CIPHER_free(clnt);
+  return ret;
+}
-      /* Clear the session ID if we want the session to be single-use. */
-      if (!(ssl->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)) {
-        ssl->s3->new_session->session_id_length = 0;
-      }
-    }
+static int ssl3_process_client_hello(SSL_HANDSHAKE *hs) {
+  SSL *const ssl = hs->ssl;
+  if (!ssl_check_message_type(ssl, SSL3_MT_CLIENT_HELLO)) {
+    return -1;
+  }
-    if (ssl->ctx->dos_protection_cb != NULL &&
-        ssl->ctx->dos_protection_cb(&client_hello) == 0) {
-      /* Connection rejected for DOS reasons. */
-      al = SSL_AD_INTERNAL_ERROR;
-      OPENSSL_PUT_ERROR(SSL, SSL_R_CONNECTION_REJECTED);
-      goto f_err;
+  SSL_CLIENT_HELLO client_hello;
+  if (!ssl_client_hello_init(ssl, &client_hello, ssl->init_msg,
+                             ssl->init_num)) {
+    OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
+    ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+    return -1;
+  }
+  /* Run the early callback. */
+  if (ssl->ctx->select_certificate_cb != NULL) {
+    switch (ssl->ctx->select_certificate_cb(&client_hello)) {
+      case 0:
+        ssl->rwstate = SSL_CERTIFICATE_SELECTION_PENDING;
+        return -1;
+      case -1:
+        /* Connection rejected. */
+        OPENSSL_PUT_ERROR(SSL, SSL_R_CONNECTION_REJECTED);
+        ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+        return -1;
+      default:
+        /* fallthrough */;
     }
+  }
-    /* Only null compression is supported. */
-    if (memchr(client_hello.compression_methods, 0,
-               client_hello.compression_methods_len) == NULL) {
-      al = SSL_AD_ILLEGAL_PARAMETER;
-      OPENSSL_PUT_ERROR(SSL, SSL_R_NO_COMPRESSION_SPECIFIED);
-      goto f_err;
+  uint8_t alert = SSL_AD_DECODE_ERROR;
+  if (!negotiate_version(hs, &alert, &client_hello)) {
+    ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
+    return -1;
+  }
+  /* Load the client random. */
+  if (client_hello.random_len != SSL3_RANDOM_SIZE) {
+    OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
+    return -1;
+  }
+  OPENSSL_memcpy(ssl->s3->client_random, client_hello.random,
+                 client_hello.random_len);
+  /* Only null compression is supported. TLS 1.3 further requires the peer
+   * advertise no other compression. */
+  if (OPENSSL_memchr(client_hello.compression_methods, 0,
+                     client_hello.compression_methods_len) == NULL ||
+      (ssl3_protocol_version(ssl) >= TLS1_3_VERSION &&
+       client_hello.compression_methods_len != 1)) {
+    OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_COMPRESSION_LIST);
+    ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
+    return -1;
+  }
+  /* TLS extensions. */
+  if (!ssl_parse_clienthello_tlsext(hs, &client_hello)) {
+    OPENSSL_PUT_ERROR(SSL, SSL_R_PARSE_TLSEXT);
+    return -1;
+  }
+  return 1;
+}
+static int ssl3_select_certificate(SSL_HANDSHAKE *hs) {
+  SSL *const ssl = hs->ssl;
+  /* Call |cert_cb| to update server certificates if required. */
+  if (ssl->cert->cert_cb != NULL) {
+    int rv = ssl->cert->cert_cb(ssl, ssl->cert->cert_cb_arg);
+    if (rv == 0) {
+      OPENSSL_PUT_ERROR(SSL, SSL_R_CERT_CB_ERROR);
+      ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+      return -1;
+    }
+    if (rv < 0) {
+      ssl->rwstate = SSL_X509_LOOKUP;
+      return -1;
     }
+  }
+  if (!ssl_auto_chain_if_needed(ssl)) {
+    return -1;
+  }
+  if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
+    /* Jump to the TLS 1.3 state machine. */
+    hs->state = SSL_ST_TLS13;
+    hs->do_tls13_handshake = tls13_server_handshake;
+    return 1;
+  }
+  SSL_CLIENT_HELLO client_hello;
+  if (!ssl_client_hello_init(ssl, &client_hello, ssl->init_msg,
+                             ssl->init_num)) {
+    return -1;
+  }
+  /* Negotiate the cipher suite. This must be done after |cert_cb| so the
+   * certificate is finalized. */
+  hs->new_cipher =
+      ssl3_choose_cipher(hs, &client_hello, ssl_get_cipher_preferences(ssl));
+  if (hs->new_cipher == NULL) {
+    OPENSSL_PUT_ERROR(SSL, SSL_R_NO_SHARED_CIPHER);
+    ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+    return -1;
+  }
+  return 1;
+}
-    /* TLS extensions. */
-    if (!ssl_parse_clienthello_tlsext(ssl, &client_hello)) {
-      OPENSSL_PUT_ERROR(SSL, SSL_R_PARSE_TLSEXT);
+static int ssl3_select_parameters(SSL_HANDSHAKE *hs) {
+  SSL *const ssl = hs->ssl;
+  uint8_t al = SSL_AD_INTERNAL_ERROR;
+  int ret = -1;
+  SSL_SESSION *session = NULL;
+  SSL_CLIENT_HELLO client_hello;
+  if (!ssl_client_hello_init(ssl, &client_hello, ssl->init_msg,
+                             ssl->init_num)) {
+    return -1;
+  }
+  /* Determine whether we are doing session resumption. */
+  int tickets_supported = 0, renew_ticket = 0;
+  switch (ssl_get_prev_session(ssl, &session, &tickets_supported, &renew_ticket,
+                               &client_hello)) {
+    case ssl_session_success:
+      break;
+    case ssl_session_error:
       goto err;
-    }
+    case ssl_session_retry:
+      ssl->rwstate = SSL_PENDING_SESSION;
+      goto err;
+  }
-    if (have_extended_master_secret != ssl->s3->tmp.extended_master_secret) {
-      al = SSL_AD_INTERNAL_ERROR;
-      OPENSSL_PUT_ERROR(SSL, SSL_R_EMS_STATE_INCONSISTENT);
+  if (session != NULL) {
+    if (session->extended_master_secret && !hs->extended_master_secret) {
+      /* A ClientHello without EMS that attempts to resume a session with EMS
+       * is fatal to the connection. */
+      al = SSL_AD_HANDSHAKE_FAILURE;
+      OPENSSL_PUT_ERROR(SSL, SSL_R_RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION);
       goto f_err;
     }
-    ssl->state = SSL3_ST_SR_CLNT_HELLO_D;
+    if (!ssl_session_is_resumable(hs, session) ||
+        /* If the client offers the EMS extension, but the previous session
+         * didn't use it, then negotiate a new session. */
+        hs->extended_master_secret != session->extended_master_secret) {
+      SSL_SESSION_free(session);
+      session = NULL;
+    }
   }
-  /* Determine the remaining connection parameters. This is a separate state so
-   * |cert_cb| does not cause earlier logic to run multiple times. */
-  assert(ssl->state == SSL3_ST_SR_CLNT_HELLO_D);
+  if (session != NULL) {
+    /* Use the old session. */
+    hs->ticket_expected = renew_ticket;
+    ssl->session = session;
+    session = NULL;
+    ssl->s3->session_reused = 1;
+  } else {
+    hs->ticket_expected = tickets_supported;
+    ssl_set_session(ssl, NULL);
+    if (!ssl_get_new_session(hs, 1 /* server */)) {
+      goto err;
+    }
-  if (ssl->session != NULL) {
-    /* Check that the cipher is in the list. */
-    if (!ssl_client_cipher_list_contains_cipher(
-            &client_hello, (uint16_t)ssl->session->cipher->id)) {
-      al = SSL_AD_ILLEGAL_PARAMETER;
-      OPENSSL_PUT_ERROR(SSL, SSL_R_REQUIRED_CIPHER_MISSING);
-      goto f_err;
+    /* Clear the session ID if we want the session to be single-use. */
+    if (!(ssl->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)) {
+      hs->new_session->session_id_length = 0;
     }
+  }
-    ssl->s3->tmp.new_cipher = ssl->session->cipher;
-    ssl->s3->tmp.cert_request = 0;
-  } else {
-    /* Call |cert_cb| to update server certificates if required. */
-    if (ssl->cert->cert_cb != NULL) {
-      int rv = ssl->cert->cert_cb(ssl, ssl->cert->cert_cb_arg);
-      if (rv == 0) {
+  if (ssl->ctx->dos_protection_cb != NULL &&
+      ssl->ctx->dos_protection_cb(&client_hello) == 0) {
+    /* Connection rejected for DOS reasons. */
+    al = SSL_AD_INTERNAL_ERROR;
+    OPENSSL_PUT_ERROR(SSL, SSL_R_CONNECTION_REJECTED);
+    goto f_err;
+  }
+  if (ssl->session == NULL) {
+    hs->new_session->cipher = hs->new_cipher;
+    /* On new sessions, stash the SNI value in the session. */
+    if (hs->hostname != NULL) {
+      OPENSSL_free(hs->new_session->tlsext_hostname);
+      hs->new_session->tlsext_hostname = BUF_strdup(hs->hostname);
+      if (hs->new_session->tlsext_hostname == NULL) {
         al = SSL_AD_INTERNAL_ERROR;
-        OPENSSL_PUT_ERROR(SSL, SSL_R_CERT_CB_ERROR);
         goto f_err;
       }
-      if (rv < 0) {
-        ssl->rwstate = SSL_X509_LOOKUP;
-        goto err;
-      }
     }
-    const SSL_CIPHER *c =
-        ssl3_choose_cipher(ssl, &client_hello, ssl_get_cipher_preferences(ssl));
-    if (c == NULL) {
-      al = SSL_AD_HANDSHAKE_FAILURE;
-      OPENSSL_PUT_ERROR(SSL, SSL_R_NO_SHARED_CIPHER);
-      goto f_err;
-    }
-    ssl->s3->new_session->cipher = c;
-    ssl->s3->tmp.new_cipher = c;
     /* Determine whether to request a client certificate. */
-    ssl->s3->tmp.cert_request = !!(ssl->verify_mode & SSL_VERIFY_PEER);
+    hs->cert_request = !!(ssl->verify_mode & SSL_VERIFY_PEER);
     /* Only request a certificate if Channel ID isn't negotiated. */
     if ((ssl->verify_mode & SSL_VERIFY_PEER_IF_NO_OBC) &&
         ssl->s3->tlsext_channel_id_valid) {
-      ssl->s3->tmp.cert_request = 0;
+      hs->cert_request = 0;
     }
     /* CertificateRequest may only be sent in certificate-based ciphers. */
-    if (!ssl_cipher_uses_certificate_auth(ssl->s3->tmp.new_cipher)) {
-      ssl->s3->tmp.cert_request = 0;
+    if (!ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
+      hs->cert_request = 0;
     }
-    if (!ssl->s3->tmp.cert_request) {
+    if (!hs->cert_request) {
       /* OpenSSL returns X509_V_OK when no certificates are requested. This is
        * classed by them as a bug, but it's assumed by at least NGINX. */
-      ssl->s3->new_session->verify_result = X509_V_OK;
+      hs->new_session->verify_result = X509_V_OK;
     }
   }
-  /* Now that the cipher is known, initialize the handshake hash. */
-  if (!ssl3_init_handshake_hash(ssl)) {
+  /* HTTP/2 negotiation depends on the cipher suite, so ALPN negotiation was
+   * deferred. Complete it now. */
+  if (!ssl_negotiate_alpn(hs, &al, &client_hello)) {
+    goto f_err;
+  }
+  /* Now that all parameters are known, initialize the handshake hash and hash
+   * the ClientHello. */
+  if (!SSL_TRANSCRIPT_init_hash(&hs->transcript, ssl3_protocol_version(ssl),
+                                hs->new_cipher->algorithm_prf) ||
+      !ssl_hash_current_message(hs)) {
     goto f_err;
   }
   /* Release the handshake buffer if client authentication isn't required. */
-  if (!ssl->s3->tmp.cert_request) {
-    ssl3_free_handshake_buffer(ssl);
+  if (!hs->cert_request) {
+    SSL_TRANSCRIPT_free_buffer(&hs->transcript);
   }
   ret = 1;
@@ -904,17 +1040,13 @@ err:
   return ret;
 }
-static int ssl3_send_server_hello(SSL *ssl) {
-  if (ssl->state == SSL3_ST_SW_SRVR_HELLO_B) {
-    return ssl->method->write_message(ssl);
-  }
-  assert(ssl->state == SSL3_ST_SW_SRVR_HELLO_A);
+static int ssl3_send_server_hello(SSL_HANDSHAKE *hs) {
+  SSL *const ssl = hs->ssl;
   /* We only accept ChannelIDs on connections with ECDHE in order to avoid a
    * known attack while we fix ChannelID itself. */
   if (ssl->s3->tlsext_channel_id_valid &&
-      (ssl->s3->tmp.new_cipher->algorithm_mkey & SSL_kECDHE) == 0) {
+      (hs->new_cipher->algorithm_mkey & SSL_kECDHE) == 0) {
     ssl->s3->tlsext_channel_id_valid = 0;
   }
@@ -939,7 +1071,7 @@ static int ssl3_send_server_hello(SSL *ssl) {
   /* TODO(davidben): Implement the TLS 1.1 and 1.2 downgrade sentinels once TLS
    * 1.3 is finalized and we are not implementing a draft version. */
-  const SSL_SESSION *session = ssl->s3->new_session;
+  const SSL_SESSION *session = hs->new_session;
   if (ssl->session != NULL) {
     session = ssl->session;
   }
@@ -951,70 +1083,59 @@ static int ssl3_send_server_hello(SSL *ssl) {
       !CBB_add_u8_length_prefixed(&body, &session_id) ||
       !CBB_add_bytes(&session_id, session->session_id,
                      session->session_id_length) ||
-      !CBB_add_u16(&body, ssl_cipher_get_value(ssl->s3->tmp.new_cipher)) ||
+      !CBB_add_u16(&body, ssl_cipher_get_value(hs->new_cipher)) ||
       !CBB_add_u8(&body, 0 /* no compression */) ||
-      !ssl_add_serverhello_tlsext(ssl, &body) ||
-      !ssl->method->finish_message(ssl, &cbb)) {
+      !ssl_add_serverhello_tlsext(hs, &body) ||
+      !ssl_add_message_cbb(ssl, &cbb)) {
     OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
     CBB_cleanup(&cbb);
     return -1;
   }
-  ssl->state = SSL3_ST_SW_SRVR_HELLO_B;
-  return ssl->method->write_message(ssl);
+  return 1;
 }
-static int ssl3_send_server_certificate(SSL *ssl) {
-  if (ssl->state == SSL3_ST_SW_CERT_B) {
-    return ssl->method->write_message(ssl);
-  }
+static int ssl3_send_server_certificate(SSL_HANDSHAKE *hs) {
+  SSL *const ssl = hs->ssl;
   if (!ssl_has_certificate(ssl)) {
     OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CERTIFICATE_SET);
-    return 0;
+    return -1;
   }
   if (!ssl3_output_cert_chain(ssl)) {
-    return 0;
+    return -1;
   }
-  ssl->state = SSL3_ST_SW_CERT_B;
-  return ssl->method->write_message(ssl);
+  return 1;
 }
-static int ssl3_send_certificate_status(SSL *ssl) {
-  if (ssl->state == SSL3_ST_SW_CERT_STATUS_B) {
-    return ssl->method->write_message(ssl);
-  }
+static int ssl3_send_certificate_status(SSL_HANDSHAKE *hs) {
+  SSL *const ssl = hs->ssl;
   CBB cbb, body, ocsp_response;
   if (!ssl->method->init_message(ssl, &cbb, &body,
                                  SSL3_MT_CERTIFICATE_STATUS) ||
       !CBB_add_u8(&body, TLSEXT_STATUSTYPE_ocsp) ||
       !CBB_add_u24_length_prefixed(&body, &ocsp_response) ||
-      !CBB_add_bytes(&ocsp_response, ssl->ctx->ocsp_response,
-                     ssl->ctx->ocsp_response_length) ||
-      !ssl->method->finish_message(ssl, &cbb)) {
+      !CBB_add_bytes(&ocsp_response,
+                     CRYPTO_BUFFER_data(ssl->cert->ocsp_response),
+                     CRYPTO_BUFFER_len(ssl->cert->ocsp_response)) ||
+      !ssl_add_message_cbb(ssl, &cbb)) {
     OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
     CBB_cleanup(&cbb);
     return -1;
   }
-  ssl->state = SSL3_ST_SW_CERT_STATUS_B;
-  return ssl->method->write_message(ssl);
+  return 1;
 }
-static int ssl3_send_server_key_exchange(SSL *ssl) {
-  if (ssl->state == SSL3_ST_SW_KEY_EXCH_C) {
-    return ssl->method->write_message(ssl);
-  }
+static int ssl3_send_server_key_exchange(SSL_HANDSHAKE *hs) {
+  SSL *const ssl = hs->ssl;
   CBB cbb, child;
   CBB_zero(&cbb);
   /* Put together the parameters. */
-  if (ssl->state == SSL3_ST_SW_KEY_EXCH_A) {
-    uint32_t alg_k = ssl->s3->tmp.new_cipher->algorithm_mkey;
-    uint32_t alg_a = ssl->s3->tmp.new_cipher->algorithm_auth;
+  if (hs->state == SSL3_ST_SW_KEY_EXCH_A) {
+    uint32_t alg_k = hs->new_cipher->algorithm_mkey;
+    uint32_t alg_a = hs->new_cipher->algorithm_auth;
     /* Pre-allocate enough room to comfortably fit an ECDHE public key. */
     if (!CBB_init(&cbb, 128)) {
@@ -1043,7 +1164,6 @@ static int ssl3_send_server_key_exchange(SSL *ssl) {
         ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
         goto err;
       }
-      ssl->s3->new_session->key_exchange_info = DH_num_bits(params);
       /* Set up DH, generate a key, and emit the public half. */
       DH *dh = DHparams_dup(params);
@@ -1051,64 +1171,52 @@ static int ssl3_send_server_key_exchange(SSL *ssl) {
         goto err;
       }
-      SSL_ECDH_CTX_init_for_dhe(&ssl->s3->tmp.ecdh_ctx, dh);
+      SSL_ECDH_CTX_init_for_dhe(&hs->ecdh_ctx, dh);
       if (!CBB_add_u16_length_prefixed(&cbb, &child) ||
           !BN_bn2cbb_padded(&child, BN_num_bytes(params->p), params->p) ||
           !CBB_add_u16_length_prefixed(&cbb, &child) ||
           !BN_bn2cbb_padded(&child, BN_num_bytes(params->g), params->g) ||
           !CBB_add_u16_length_prefixed(&cbb, &child) ||
-          !SSL_ECDH_CTX_offer(&ssl->s3->tmp.ecdh_ctx, &child)) {
+          !SSL_ECDH_CTX_offer(&hs->ecdh_ctx, &child)) {
         goto err;
       }
     } else if (alg_k & SSL_kECDHE) {
       /* Determine the group to use. */
       uint16_t group_id;
-      if (!tls1_get_shared_group(ssl, &group_id)) {
+      if (!tls1_get_shared_group(hs, &group_id)) {
         OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_TMP_ECDH_KEY);
         ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
         goto err;
       }
-      ssl->s3->new_session->key_exchange_info = group_id;
+      hs->new_session->group_id = group_id;
       /* Set up ECDH, generate a key, and emit the public half. */
-      if (!SSL_ECDH_CTX_init(&ssl->s3->tmp.ecdh_ctx, group_id) ||
+      if (!SSL_ECDH_CTX_init(&hs->ecdh_ctx, group_id) ||
           !CBB_add_u8(&cbb, NAMED_CURVE_TYPE) ||
           !CBB_add_u16(&cbb, group_id) ||
           !CBB_add_u8_length_prefixed(&cbb, &child) ||
-          !SSL_ECDH_CTX_offer(&ssl->s3->tmp.ecdh_ctx, &child)) {
-        goto err;
-      }
-    } else if (alg_k & SSL_kCECPQ1) {
-      SSL_ECDH_CTX_init_for_cecpq1(&ssl->s3->tmp.ecdh_ctx);
-      if (!CBB_add_u16_length_prefixed(&cbb, &child) ||
-          !SSL_ECDH_CTX_offer(&ssl->s3->tmp.ecdh_ctx, &child)) {
+          !SSL_ECDH_CTX_offer(&hs->ecdh_ctx, &child)) {
         goto err;
       }
     } else {
       assert(alg_k & SSL_kPSK);
     }
-    size_t len;
-    if (!CBB_finish(&cbb, &ssl->s3->tmp.server_params, &len) ||
-        len > 0xffffffffu) {
-      OPENSSL_free(ssl->s3->tmp.server_params);
-      ssl->s3->tmp.server_params = NULL;
+    if (!CBB_finish(&cbb, &hs->server_params, &hs->server_params_len)) {
       goto err;
     }
-    ssl->s3->tmp.server_params_len = (uint32_t)len;
   }
   /* Assemble the message. */
   CBB body;
   if (!ssl->method->init_message(ssl, &cbb, &body,
                                  SSL3_MT_SERVER_KEY_EXCHANGE) ||
-      !CBB_add_bytes(&body, ssl->s3->tmp.server_params,
-                     ssl->s3->tmp.server_params_len)) {
+      !CBB_add_bytes(&body, hs->server_params, hs->server_params_len)) {
     goto err;
   }
   /* Add a signature. */
-  if (ssl_cipher_uses_certificate_auth(ssl->s3->tmp.new_cipher)) {
+  if (ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
     if (!ssl_has_private_key(ssl)) {
       ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
       goto err;
@@ -1116,7 +1224,7 @@ static int ssl3_send_server_key_exchange(SSL *ssl) {
     /* Determine the signature algorithm. */
     uint16_t signature_algorithm;
-    if (!tls1_choose_signature_algorithm(ssl, &signature_algorithm)) {
+    if (!tls1_choose_signature_algorithm(hs, &signature_algorithm)) {
       goto err;
     }
     if (ssl3_protocol_version(ssl) >= TLS1_2_VERSION) {
@@ -1137,16 +1245,18 @@ static int ssl3_send_server_key_exchange(SSL *ssl) {
     size_t sig_len;
     enum ssl_private_key_result_t sign_result;
-    if (ssl->state == SSL3_ST_SW_KEY_EXCH_A) {
+    if (hs->state == SSL3_ST_SW_KEY_EXCH_A) {
       CBB transcript;
       uint8_t *transcript_data;
       size_t transcript_len;
       if (!CBB_init(&transcript,
-                    2*SSL3_RANDOM_SIZE + ssl->s3->tmp.server_params_len) ||
-          !CBB_add_bytes(&transcript, ssl->s3->client_random, SSL3_RANDOM_SIZE) ||
-          !CBB_add_bytes(&transcript, ssl->s3->server_random, SSL3_RANDOM_SIZE) ||
-          !CBB_add_bytes(&transcript, ssl->s3->tmp.server_params,
-                         ssl->s3->tmp.server_params_len) ||
+                    2 * SSL3_RANDOM_SIZE + hs->server_params_len) ||
+          !CBB_add_bytes(&transcript, ssl->s3->client_random,
+                         SSL3_RANDOM_SIZE) ||
+          !CBB_add_bytes(&transcript, ssl->s3->server_random,
+                         SSL3_RANDOM_SIZE) ||
+          !CBB_add_bytes(&transcript, hs->server_params,
+                         hs->server_params_len) ||
           !CBB_finish(&transcript, &transcript_data, &transcript_len)) {
         CBB_cleanup(&transcript);
         OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
@@ -1159,7 +1269,7 @@ static int ssl3_send_server_key_exchange(SSL *ssl) {
                                          transcript_len);
       OPENSSL_free(transcript_data);
     } else {
-      assert(ssl->state == SSL3_ST_SW_KEY_EXCH_B);
+      assert(hs->state == SSL3_ST_SW_KEY_EXCH_B);
       sign_result = ssl_private_key_complete(ssl, ptr, &sig_len, max_sig_len);
     }
@@ -1173,21 +1283,20 @@ static int ssl3_send_server_key_exchange(SSL *ssl) {
         goto err;
       case ssl_private_key_retry:
         ssl->rwstate = SSL_PRIVATE_KEY_OPERATION;
-        ssl->state = SSL3_ST_SW_KEY_EXCH_B;
+        hs->state = SSL3_ST_SW_KEY_EXCH_B;
         goto err;
     }
   }
-  if (!ssl->method->finish_message(ssl, &cbb)) {
+  if (!ssl_add_message_cbb(ssl, &cbb)) {
     goto err;
   }
-  OPENSSL_free(ssl->s3->tmp.server_params);
-  ssl->s3->tmp.server_params = NULL;
-  ssl->s3->tmp.server_params_len = 0;
+  OPENSSL_free(hs->server_params);
+  hs->server_params = NULL;
+  hs->server_params_len = 0;
-  ssl->state = SSL3_ST_SW_KEY_EXCH_C;
-  return ssl->method->write_message(ssl);
+  return 1;
 err:
   CBB_cleanup(&cbb);
@@ -1199,8 +1308,8 @@ static int add_cert_types(SSL *ssl, CBB *cbb) {
   int have_rsa_sign = 0;
   int have_ecdsa_sign = 0;
   const uint16_t *sig_algs;
-  size_t sig_algs_len = tls12_get_psigalgs(ssl, &sig_algs);
-  for (size_t i = 0; i < sig_algs_len; i++) {
+  size_t num_sig_algs = tls12_get_verify_sigalgs(ssl, &sig_algs);
+  for (size_t i = 0; i < num_sig_algs; i++) {
     switch (sig_algs[i]) {
       case SSL_SIGN_RSA_PKCS1_SHA512:
       case SSL_SIGN_RSA_PKCS1_SHA384:
@@ -1232,11 +1341,8 @@ static int add_cert_types(SSL *ssl, CBB *cbb) {
   return 1;
 }
-static int ssl3_send_certificate_request(SSL *ssl) {
-  if (ssl->state == SSL3_ST_SW_CERT_REQ_B) {
-    return ssl->method->write_message(ssl);
-  }
+static int ssl3_send_certificate_request(SSL_HANDSHAKE *hs) {
+  SSL *const ssl = hs->ssl;
   CBB cbb, body, cert_types, sigalgs_cbb;
   if (!ssl->method->init_message(ssl, &cbb, &body,
                                  SSL3_MT_CERTIFICATE_REQUEST) ||
@@ -1247,7 +1353,7 @@ static int ssl3_send_certificate_request(SSL *ssl) {
   if (ssl3_protocol_version(ssl) >= TLS1_2_VERSION) {
     const uint16_t *sigalgs;
-    size_t num_sigalgs = tls12_get_psigalgs(ssl, &sigalgs);
+    size_t num_sigalgs = tls12_get_verify_sigalgs(ssl, &sigalgs);
     if (!CBB_add_u16_length_prefixed(&body, &sigalgs_cbb)) {
       goto err;
     }
@@ -1260,12 +1366,11 @@ static int ssl3_send_certificate_request(SSL *ssl) {
   }
   if (!ssl_add_client_CA_list(ssl, &body) ||
-      !ssl->method->finish_message(ssl, &cbb)) {
+      !ssl_add_message_cbb(ssl, &cbb)) {
     goto err;
   }
-  ssl->state = SSL3_ST_SW_CERT_REQ_B;
-  return ssl->method->write_message(ssl);
+  return 1;
 err:
   OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
@@ -1273,27 +1378,24 @@ err:
   return -1;
 }
-static int ssl3_send_server_hello_done(SSL *ssl) {
-  if (ssl->state == SSL3_ST_SW_SRVR_DONE_B) {
-    return ssl->method->write_message(ssl);
-  }
+static int ssl3_send_server_hello_done(SSL_HANDSHAKE *hs) {
+  SSL *const ssl = hs->ssl;
   CBB cbb, body;
   if (!ssl->method->init_message(ssl, &cbb, &body, SSL3_MT_SERVER_HELLO_DONE) ||
-      !ssl->method->finish_message(ssl, &cbb)) {
+      !ssl_add_message_cbb(ssl, &cbb)) {
     OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
     CBB_cleanup(&cbb);
     return -1;
   }
-  ssl->state = SSL3_ST_SW_SRVR_DONE_B;
-  return ssl->method->write_message(ssl);
+  return 1;
 }
-static int ssl3_get_client_certificate(SSL *ssl) {
-  assert(ssl->s3->tmp.cert_request);
+static int ssl3_get_client_certificate(SSL_HANDSHAKE *hs) {
+  SSL *const ssl = hs->ssl;
+  assert(hs->cert_request);
-  int msg_ret = ssl->method->ssl_get_message(ssl, -1, ssl_hash_message);
+  int msg_ret = ssl->method->ssl_get_message(ssl);
   if (msg_ret <= 0) {
     return msg_ret;
   }
@@ -1311,7 +1413,7 @@ static int ssl3_get_client_certificate(SSL *ssl) {
       /* OpenSSL returns X509_V_OK when no certificates are received. This is
        * classed by them as a bug, but it's assumed by at least NGINX. */
-      ssl->s3->new_session->verify_result = X509_V_OK;
+      hs->new_session->verify_result = X509_V_OK;
       ssl->s3->tmp.reuse_message = 1;
       return 1;
     }
@@ -1321,75 +1423,73 @@ static int ssl3_get_client_certificate(SSL *ssl) {
     return -1;
   }
+  if (!ssl_hash_current_message(hs)) {
+    return -1;
+  }
   CBS certificate_msg;
   CBS_init(&certificate_msg, ssl->init_msg, ssl->init_num);
-  uint8_t alert;
-  STACK_OF(X509) *chain = ssl_parse_cert_chain(
-      ssl, &alert, ssl->ctx->retain_only_sha256_of_client_certs
-                       ? ssl->s3->new_session->peer_sha256
-                       : NULL,
-      &certificate_msg);
-  if (chain == NULL) {
+  sk_CRYPTO_BUFFER_pop_free(hs->new_session->certs, CRYPTO_BUFFER_free);
+  EVP_PKEY_free(hs->peer_pubkey);
+  hs->peer_pubkey = NULL;
+  uint8_t alert = SSL_AD_DECODE_ERROR;
+  hs->new_session->certs = ssl_parse_cert_chain(
+      &alert, &hs->peer_pubkey,
+      ssl->retain_only_sha256_of_client_certs ? hs->new_session->peer_sha256
+                                              : NULL,
+      &certificate_msg, ssl->ctx->pool);
+  if (hs->new_session->certs == NULL) {
     ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
-    goto err;
+    return -1;
   }
-  if (CBS_len(&certificate_msg) != 0) {
+  if (CBS_len(&certificate_msg) != 0 ||
+      !ssl->ctx->x509_method->session_cache_objects(hs->new_session)) {
     OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
     ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
-    goto err;
+    return -1;
   }
-  if (sk_X509_num(chain) == 0) {
+  if (sk_CRYPTO_BUFFER_num(hs->new_session->certs) == 0) {
     /* No client certificate so the handshake buffer may be discarded. */
-    ssl3_free_handshake_buffer(ssl);
+    SSL_TRANSCRIPT_free_buffer(&hs->transcript);
     /* In SSL 3.0, sending no certificate is signaled by omitting the
      * Certificate message. */
     if (ssl->version == SSL3_VERSION) {
       OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CERTIFICATES_RETURNED);
       ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
-      goto err;
+      return -1;
     }
     if (ssl->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) {
       /* Fail for TLS only if we required a certificate */
       OPENSSL_PUT_ERROR(SSL, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
       ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
-      goto err;
+      return -1;
     }
     /* OpenSSL returns X509_V_OK when no certificates are received. This is
      * classed by them as a bug, but it's assumed by at least NGINX. */
-    ssl->s3->new_session->verify_result = X509_V_OK;
-  } else {
-    /* The hash would have been filled in. */
-    if (ssl->ctx->retain_only_sha256_of_client_certs) {
-      ssl->s3->new_session->peer_sha256_valid = 1;
-    }
-    if (!ssl_verify_cert_chain(ssl, &ssl->s3->new_session->verify_result,
-                               chain)) {
-      goto err;
-    }
+    hs->new_session->verify_result = X509_V_OK;
+    return 1;
   }
-  X509_free(ssl->s3->new_session->peer);
-  ssl->s3->new_session->peer = sk_X509_shift(chain);
-  sk_X509_pop_free(ssl->s3->new_session->cert_chain, X509_free);
-  ssl->s3->new_session->cert_chain = chain;
-  /* Inconsistency alert: cert_chain does *not* include the peer's own
-   * certificate, while we do include it in s3_clnt.c */
+  /* The hash will have been filled in. */
+  if (ssl->retain_only_sha256_of_client_certs) {
+    hs->new_session->peer_sha256_valid = 1;
+  }
+  if (!ssl_verify_cert_chain(ssl, &hs->new_session->verify_result,
+                             hs->new_session->x509_chain)) {
+    return -1;
+  }
   return 1;
-err:
-  sk_X509_pop_free(chain, X509_free);
-  return -1;
 }
-static int ssl3_get_client_key_exchange(SSL *ssl) {
+static int ssl3_get_client_key_exchange(SSL_HANDSHAKE *hs) {
+  SSL *const ssl = hs->ssl;
   int al;
   CBS client_key_exchange;
   uint32_t alg_k;
@@ -1401,17 +1501,21 @@ static int ssl3_get_client_key_exchange(SSL *ssl) {
   unsigned psk_len = 0;
   uint8_t psk[PSK_MAX_PSK_LEN];
-  if (ssl->state == SSL3_ST_SR_KEY_EXCH_A) {
-    int ret = ssl->method->ssl_get_message(ssl, SSL3_MT_CLIENT_KEY_EXCHANGE,
-                                           ssl_hash_message);
+  if (hs->state == SSL3_ST_SR_KEY_EXCH_A) {
+    int ret = ssl->method->ssl_get_message(ssl);
     if (ret <= 0) {
       return ret;
     }
+    if (!ssl_check_message_type(ssl, SSL3_MT_CLIENT_KEY_EXCHANGE) ||
+        !ssl_hash_current_message(hs)) {
+      return -1;
+    }
   }
   CBS_init(&client_key_exchange, ssl->init_msg, ssl->init_num);
-  alg_k = ssl->s3->tmp.new_cipher->algorithm_mkey;
-  alg_a = ssl->s3->tmp.new_cipher->algorithm_auth;
+  alg_k = hs->new_cipher->algorithm_mkey;
+  alg_a = hs->new_cipher->algorithm_auth;
   /* If using a PSK key exchange, prepare the pre-shared key. */
   if (alg_a & SSL_aPSK) {
@@ -1439,15 +1543,15 @@ static int ssl3_get_client_key_exchange(SSL *ssl) {
       goto f_err;
     }
-    if (!CBS_strdup(&psk_identity, &ssl->s3->new_session->psk_identity)) {
+    if (!CBS_strdup(&psk_identity, &hs->new_session->psk_identity)) {
       al = SSL_AD_INTERNAL_ERROR;
       OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
       goto f_err;
     }
     /* Look up the key for the identity. */
-    psk_len = ssl->psk_server_callback(ssl, ssl->s3->new_session->psk_identity,
-                                       psk, sizeof(psk));
+    psk_len = ssl->psk_server_callback(ssl, hs->new_session->psk_identity, psk,
+                                       sizeof(psk));
     if (psk_len > PSK_MAX_PSK_LEN) {
       OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
       al = SSL_AD_INTERNAL_ERROR;
@@ -1473,7 +1577,7 @@ static int ssl3_get_client_key_exchange(SSL *ssl) {
     enum ssl_private_key_result_t decrypt_result;
     size_t decrypt_len;
-    if (ssl->state == SSL3_ST_SR_KEY_EXCH_A) {
+    if (hs->state == SSL3_ST_SR_KEY_EXCH_A) {
       if (!ssl_has_private_key(ssl) ||
           ssl_private_key_type(ssl) != NID_rsaEncryption) {
         al = SSL_AD_HANDSHAKE_FAILURE;
@@ -1501,7 +1605,7 @@ static int ssl3_get_client_key_exchange(SSL *ssl) {
           CBS_data(&encrypted_premaster_secret),
           CBS_len(&encrypted_premaster_secret));
     } else {
-      assert(ssl->state == SSL3_ST_SR_KEY_EXCH_B);
+      assert(hs->state == SSL3_ST_SR_KEY_EXCH_B);
       /* Complete async decrypt. */
       decrypt_result =
           ssl_private_key_complete(ssl, decrypt_buf, &decrypt_len, rsa_size);
@@ -1514,7 +1618,7 @@ static int ssl3_get_client_key_exchange(SSL *ssl) {
         goto err;
       case ssl_private_key_retry:
         ssl->rwstate = SSL_PRIVATE_KEY_OPERATION;
-        ssl->state = SSL3_ST_SR_KEY_EXCH_B;
+        hs->state = SSL3_ST_SR_KEY_EXCH_B;
         goto err;
     }
@@ -1556,9 +1660,9 @@ static int ssl3_get_client_key_exchange(SSL *ssl) {
     /* The premaster secret must begin with |client_version|. This too must be
      * checked in constant time (http://eprint.iacr.org/2003/052/). */
     good &= constant_time_eq_8(decrypt_buf[padding_len],
-                               (unsigned)(ssl->client_version >> 8));
+                               (unsigned)(hs->client_version >> 8));
     good &= constant_time_eq_8(decrypt_buf[padding_len + 1],
-                               (unsigned)(ssl->client_version & 0xff));
+                               (unsigned)(hs->client_version & 0xff));
     /* Select, in constant time, either the decrypted premaster or the random
      * premaster based on |good|. */
@@ -1569,11 +1673,10 @@ static int ssl3_get_client_key_exchange(SSL *ssl) {
     OPENSSL_free(decrypt_buf);
     decrypt_buf = NULL;
-  } else if (alg_k & (SSL_kECDHE|SSL_kDHE|SSL_kCECPQ1)) {
+  } else if (alg_k & (SSL_kECDHE|SSL_kDHE)) {
     /* Parse the ClientKeyExchange. */
     CBS peer_key;
-    if (!SSL_ECDH_CTX_get_key(&ssl->s3->tmp.ecdh_ctx, &client_key_exchange,
-                              &peer_key) ||
+    if (!SSL_ECDH_CTX_get_key(&hs->ecdh_ctx, &client_key_exchange, &peer_key) ||
         CBS_len(&client_key_exchange) != 0) {
       al = SSL_AD_DECODE_ERROR;
       OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
@@ -1581,8 +1684,8 @@ static int ssl3_get_client_key_exchange(SSL *ssl) {
     }
     /* Compute the premaster. */
-    uint8_t alert;
-    if (!SSL_ECDH_CTX_finish(&ssl->s3->tmp.ecdh_ctx, &premaster_secret,
+    uint8_t alert = SSL_AD_DECODE_ERROR;
+    if (!SSL_ECDH_CTX_finish(&hs->ecdh_ctx, &premaster_secret,
                              &premaster_secret_len, &alert, CBS_data(&peer_key),
                              CBS_len(&peer_key))) {
       al = alert;
@@ -1590,7 +1693,7 @@ static int ssl3_get_client_key_exchange(SSL *ssl) {
     }
     /* The key exchange state may now be discarded. */
-    SSL_ECDH_CTX_cleanup(&ssl->s3->tmp.ecdh_ctx);
+    SSL_ECDH_CTX_cleanup(&hs->ecdh_ctx);
   } else if (alg_k & SSL_kPSK) {
     /* For plain PSK, other_secret is a block of 0s with the same length as the
      * pre-shared key. */
@@ -1600,7 +1703,7 @@ static int ssl3_get_client_key_exchange(SSL *ssl) {
       OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
       goto err;
     }
-    memset(premaster_secret, 0, premaster_secret_len);
+    OPENSSL_memset(premaster_secret, 0, premaster_secret_len);
   } else {
     al = SSL_AD_HANDSHAKE_FAILURE;
     OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_CIPHER_TYPE);
@@ -1633,14 +1736,12 @@ static int ssl3_get_client_key_exchange(SSL *ssl) {
   }
   /* Compute the master secret */
-  ssl->s3->new_session->master_key_length = tls1_generate_master_secret(
-      ssl, ssl->s3->new_session->master_key, premaster_secret,
-      premaster_secret_len);
-  if (ssl->s3->new_session->master_key_length == 0) {
+  hs->new_session->master_key_length = tls1_generate_master_secret(
+      hs, hs->new_session->master_key, premaster_secret, premaster_secret_len);
+  if (hs->new_session->master_key_length == 0) {
     goto err;
   }
-  ssl->s3->new_session->extended_master_secret =
-      ssl->s3->tmp.extended_master_secret;
+  hs->new_session->extended_master_secret = hs->extended_master_secret;
   OPENSSL_cleanse(premaster_secret, premaster_secret_len);
   OPENSSL_free(premaster_secret);
@@ -1658,30 +1759,26 @@ err:
   return -1;
 }
-static int ssl3_get_cert_verify(SSL *ssl) {
-  int al, ret = 0;
+static int ssl3_get_cert_verify(SSL_HANDSHAKE *hs) {
+  SSL *const ssl = hs->ssl;
+  int al;
   CBS certificate_verify, signature;
-  X509 *peer = ssl->s3->new_session->peer;
-  EVP_PKEY *pkey = NULL;
   /* Only RSA and ECDSA client certificates are supported, so a
    * CertificateVerify is required if and only if there's a client certificate.
    * */
-  if (peer == NULL) {
-    ssl3_free_handshake_buffer(ssl);
+  if (hs->peer_pubkey == NULL) {
+    SSL_TRANSCRIPT_free_buffer(&hs->transcript);
     return 1;
   }
-  int msg_ret = ssl->method->ssl_get_message(ssl, SSL3_MT_CERTIFICATE_VERIFY,
-                                             ssl_dont_hash_message);
+  int msg_ret = ssl->method->ssl_get_message(ssl);
   if (msg_ret <= 0) {
     return msg_ret;
   }
-  /* Filter out unsupported certificate types. */
-  pkey = X509_get_pubkey(peer);
-  if (pkey == NULL) {
-    goto err;
+  if (!ssl_check_message_type(ssl, SSL3_MT_CERTIFICATE_VERIFY)) {
+    return -1;
   }
   CBS_init(&certificate_verify, ssl->init_msg, ssl->init_num);
@@ -1697,10 +1794,10 @@ static int ssl3_get_cert_verify(SSL *ssl) {
     if (!tls12_check_peer_sigalg(ssl, &al, signature_algorithm)) {
       goto f_err;
     }
-    ssl->s3->tmp.peer_signature_algorithm = signature_algorithm;
-  } else if (pkey->type == EVP_PKEY_RSA) {
+    hs->new_session->peer_signature_algorithm = signature_algorithm;
+  } else if (hs->peer_pubkey->type == EVP_PKEY_RSA) {
     signature_algorithm = SSL_SIGN_RSA_PKCS1_MD5_SHA1;
-  } else if (pkey->type == EVP_PKEY_EC) {
+  } else if (hs->peer_pubkey->type == EVP_PKEY_EC) {
     signature_algorithm = SSL_SIGN_ECDSA_SHA1;
   } else {
     al = SSL_AD_UNSUPPORTED_CERTIFICATE;
@@ -1720,26 +1817,25 @@ static int ssl3_get_cert_verify(SSL *ssl) {
   /* The SSL3 construction for CertificateVerify does not decompose into a
    * single final digest and signature, and must be special-cased. */
   if (ssl3_protocol_version(ssl) == SSL3_VERSION) {
-    const EVP_MD *md;
     uint8_t digest[EVP_MAX_MD_SIZE];
     size_t digest_len;
-    if (!ssl3_cert_verify_hash(ssl, &md, digest, &digest_len,
-                               signature_algorithm)) {
+    if (!SSL_TRANSCRIPT_ssl3_cert_verify_hash(&hs->transcript, digest,
+                                              &digest_len, hs->new_session,
+                                              signature_algorithm)) {
       goto err;
     }
-    EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(pkey, NULL);
+    EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(hs->peer_pubkey, NULL);
     sig_ok = pctx != NULL &&
              EVP_PKEY_verify_init(pctx) &&
-             EVP_PKEY_CTX_set_signature_md(pctx, md) &&
              EVP_PKEY_verify(pctx, CBS_data(&signature), CBS_len(&signature),
                              digest, digest_len);
     EVP_PKEY_CTX_free(pctx);
   } else {
     sig_ok = ssl_public_key_verify(
         ssl, CBS_data(&signature), CBS_len(&signature), signature_algorithm,
-        pkey, (const uint8_t *)ssl->s3->handshake_buffer->data,
-        ssl->s3->handshake_buffer->length);
+        hs->peer_pubkey, (const uint8_t *)hs->transcript.buffer->data,
+        hs->transcript.buffer->length);
   }
 #if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
@@ -1754,33 +1850,33 @@ static int ssl3_get_cert_verify(SSL *ssl) {
   /* The handshake buffer is no longer necessary, and we may hash the current
    * message.*/
-  ssl3_free_handshake_buffer(ssl);
-  if (!ssl->method->hash_current_message(ssl)) {
+  SSL_TRANSCRIPT_free_buffer(&hs->transcript);
+  if (!ssl_hash_current_message(hs)) {
     goto err;
   }
-  ret = 1;
-  if (0) {
-  f_err:
-    ssl3_send_alert(ssl, SSL3_AL_FATAL, al);
-  }
+  return 1;
+f_err:
+  ssl3_send_alert(ssl, SSL3_AL_FATAL, al);
 err:
-  EVP_PKEY_free(pkey);
-  return ret;
+  return 0;
 }
 /* ssl3_get_next_proto reads a Next Protocol Negotiation handshake message. It
  * sets the next_proto member in s if found */
-static int ssl3_get_next_proto(SSL *ssl) {
-  int ret =
-      ssl->method->ssl_get_message(ssl, SSL3_MT_NEXT_PROTO, ssl_hash_message);
+static int ssl3_get_next_proto(SSL_HANDSHAKE *hs) {
+  SSL *const ssl = hs->ssl;
+  int ret = ssl->method->ssl_get_message(ssl);
   if (ret <= 0) {
     return ret;
   }
+  if (!ssl_check_message_type(ssl, SSL3_MT_NEXT_PROTO) ||
+      !ssl_hash_current_message(hs)) {
+    return -1;
+  }
   CBS next_protocol, selected_protocol, padding;
   CBS_init(&next_protocol, ssl->init_msg, ssl->init_num);
   if (!CBS_get_u8_length_prefixed(&next_protocol, &selected_protocol) ||
@@ -1800,133 +1896,55 @@ static int ssl3_get_next_proto(SSL *ssl) {
 }
 /* ssl3_get_channel_id reads and verifies a ClientID handshake message. */
-static int ssl3_get_channel_id(SSL *ssl) {
-  int ret = -1;
-  uint8_t channel_id_hash[EVP_MAX_MD_SIZE];
-  size_t channel_id_hash_len;
-  const uint8_t *p;
-  uint16_t extension_type;
-  EC_GROUP *p256 = NULL;
-  EC_KEY *key = NULL;
-  EC_POINT *point = NULL;
-  ECDSA_SIG sig;
-  BIGNUM x, y;
-  CBS encrypted_extensions, extension;
-  int msg_ret = ssl->method->ssl_get_message(ssl, SSL3_MT_CHANNEL_ID,
-                                             ssl_dont_hash_message);
+static int ssl3_get_channel_id(SSL_HANDSHAKE *hs) {
+  SSL *const ssl = hs->ssl;
+  int msg_ret = ssl->method->ssl_get_message(ssl);
   if (msg_ret <= 0) {
     return msg_ret;
   }
-  /* Before incorporating the EncryptedExtensions message to the handshake
-   * hash, compute the hash that should have been signed. */
-  if (!tls1_channel_id_hash(ssl, channel_id_hash, &channel_id_hash_len)) {
+  if (!ssl_check_message_type(ssl, SSL3_MT_CHANNEL_ID) ||
+      !tls1_verify_channel_id(hs) ||
+      !ssl_hash_current_message(hs)) {
     return -1;
   }
-  assert(channel_id_hash_len == SHA256_DIGEST_LENGTH);
-  if (!ssl->method->hash_current_message(ssl)) {
-    return -1;
-  }
-  CBS_init(&encrypted_extensions, ssl->init_msg, ssl->init_num);
-  /* EncryptedExtensions could include multiple extensions, but the only
-   * extension that could be negotiated is Channel ID, so there can only be one
-   * entry. */
-  if (!CBS_get_u16(&encrypted_extensions, &extension_type) ||
-      !CBS_get_u16_length_prefixed(&encrypted_extensions, &extension) ||
-      CBS_len(&encrypted_extensions) != 0 ||
-      extension_type != TLSEXT_TYPE_channel_id ||
-      CBS_len(&extension) != TLSEXT_CHANNEL_ID_SIZE) {
-    OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
-    ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
-    return -1;
-  }
-  p256 = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
-  if (!p256) {
-    OPENSSL_PUT_ERROR(SSL, SSL_R_NO_P256_SUPPORT);
-    return -1;
-  }
-  BN_init(&x);
-  BN_init(&y);
-  sig.r = BN_new();
-  sig.s = BN_new();
-  if (sig.r == NULL || sig.s == NULL) {
-    goto err;
-  }
-  p = CBS_data(&extension);
-  if (BN_bin2bn(p + 0, 32, &x) == NULL ||
-      BN_bin2bn(p + 32, 32, &y) == NULL ||
-      BN_bin2bn(p + 64, 32, sig.r) == NULL ||
-      BN_bin2bn(p + 96, 32, sig.s) == NULL) {
-    goto err;
-  }
-  point = EC_POINT_new(p256);
-  if (!point ||
-      !EC_POINT_set_affine_coordinates_GFp(p256, point, &x, &y, NULL)) {
-    goto err;
-  }
-  key = EC_KEY_new();
-  if (!key || !EC_KEY_set_group(key, p256) ||
-      !EC_KEY_set_public_key(key, point)) {
-    goto err;
-  }
-  /* We stored the handshake hash in |tlsext_channel_id| the first time that we
-   * were called. */
-  int sig_ok = ECDSA_do_verify(channel_id_hash, channel_id_hash_len, &sig, key);
-#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
-  sig_ok = 1;
-#endif
-  if (!sig_ok) {
-    OPENSSL_PUT_ERROR(SSL, SSL_R_CHANNEL_ID_SIGNATURE_INVALID);
-    ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
-    ssl->s3->tlsext_channel_id_valid = 0;
-    goto err;
-  }
-  memcpy(ssl->s3->tlsext_channel_id, p, 64);
-  ret = 1;
-err:
-  BN_free(&x);
-  BN_free(&y);
-  BN_free(sig.r);
-  BN_free(sig.s);
-  EC_KEY_free(key);
-  EC_POINT_free(point);
-  EC_GROUP_free(p256);
-  return ret;
+  return 1;
 }
-static int ssl3_send_new_session_ticket(SSL *ssl) {
-  if (ssl->state == SSL3_ST_SW_SESSION_TICKET_B) {
-    return ssl->method->write_message(ssl);
+static int ssl3_send_new_session_ticket(SSL_HANDSHAKE *hs) {
+  SSL *const ssl = hs->ssl;
+  const SSL_SESSION *session;
+  SSL_SESSION *session_copy = NULL;
+  if (ssl->session == NULL) {
+    /* Fix the timeout to measure from the ticket issuance time. */
+    ssl_session_rebase_time(ssl, hs->new_session);
+    session = hs->new_session;
+  } else {
+    /* We are renewing an existing session. Duplicate the session to adjust the
+     * timeout. */
+    session_copy = SSL_SESSION_dup(ssl->session, SSL_SESSION_INCLUDE_NONAUTH);
+    if (session_copy == NULL) {
+      return -1;
+    }
+    ssl_session_rebase_time(ssl, session_copy);
+    session = session_copy;
   }
   CBB cbb, body, ticket;
-  if (!ssl->method->init_message(ssl, &cbb, &body,
-                                 SSL3_MT_NEW_SESSION_TICKET) ||
-      /* Ticket lifetime hint (advisory only): We leave this unspecified for
-       * resumed session (for simplicity), and guess that tickets for new
-       * sessions will live as long as their sessions. */
-      !CBB_add_u32(&body,
-                   ssl->session != NULL ? 0 : ssl->s3->new_session->timeout) ||
-      !CBB_add_u16_length_prefixed(&body, &ticket) ||
-      !ssl_encrypt_ticket(ssl, &ticket, ssl->session != NULL
-                                            ? ssl->session
-                                            : ssl->s3->new_session) ||
-      !ssl->method->finish_message(ssl, &cbb)) {
-    return 0;
+  int ok =
+      ssl->method->init_message(ssl, &cbb, &body, SSL3_MT_NEW_SESSION_TICKET) &&
+      CBB_add_u32(&body, session->timeout) &&
+      CBB_add_u16_length_prefixed(&body, &ticket) &&
+      ssl_encrypt_ticket(ssl, &ticket, session) &&
+      ssl_add_message_cbb(ssl, &cbb);
+  SSL_SESSION_free(session_copy);
+  CBB_cleanup(&cbb);
+  if (!ok) {
+    return -1;
   }
-  ssl->state = SSL3_ST_SW_SESSION_TICKET_B;
-  return ssl->method->write_message(ssl);
+  return 1;
 }