grpc 1.4.5 → 1.6.0.pre1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of grpc might be problematic. Click here for more details.

Files changed (928) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +1235 -1100
  3. data/etc/roots.pem +0 -412
  4. data/include/grpc/byte_buffer.h +10 -25
  5. data/include/grpc/byte_buffer_reader.h +10 -25
  6. data/include/grpc/census.h +10 -25
  7. data/include/grpc/compression.h +10 -25
  8. data/include/grpc/grpc.h +15 -26
  9. data/include/grpc/grpc_cronet.h +10 -25
  10. data/include/grpc/grpc_posix.h +10 -25
  11. data/include/grpc/grpc_security.h +10 -25
  12. data/include/grpc/grpc_security_constants.h +10 -25
  13. data/include/grpc/impl/codegen/atm.h +11 -25
  14. data/include/grpc/impl/codegen/atm_gcc_atomic.h +10 -25
  15. data/include/grpc/impl/codegen/atm_gcc_sync.h +10 -25
  16. data/include/grpc/impl/codegen/atm_windows.h +10 -25
  17. data/include/grpc/impl/codegen/byte_buffer_reader.h +11 -26
  18. data/include/grpc/impl/codegen/compression_types.h +12 -27
  19. data/include/grpc/impl/codegen/connectivity_state.h +10 -25
  20. data/include/grpc/impl/codegen/exec_ctx_fwd.h +10 -25
  21. data/include/grpc/impl/codegen/gpr_slice.h +10 -25
  22. data/include/grpc/impl/codegen/gpr_types.h +10 -25
  23. data/include/grpc/impl/codegen/grpc_types.h +42 -43
  24. data/include/grpc/impl/codegen/port_platform.h +10 -25
  25. data/include/grpc/impl/codegen/propagation_bits.h +10 -25
  26. data/include/grpc/impl/codegen/slice.h +13 -28
  27. data/include/grpc/impl/codegen/status.h +10 -25
  28. data/include/grpc/impl/codegen/sync.h +10 -25
  29. data/include/grpc/impl/codegen/sync_generic.h +10 -25
  30. data/include/grpc/impl/codegen/sync_posix.h +10 -25
  31. data/include/grpc/impl/codegen/sync_windows.h +10 -25
  32. data/include/grpc/load_reporting.h +10 -25
  33. data/include/grpc/slice.h +10 -25
  34. data/include/grpc/slice_buffer.h +10 -25
  35. data/include/grpc/status.h +10 -25
  36. data/include/grpc/support/alloc.h +10 -25
  37. data/include/grpc/support/atm.h +10 -25
  38. data/include/grpc/support/atm_gcc_atomic.h +10 -25
  39. data/include/grpc/support/atm_gcc_sync.h +10 -25
  40. data/include/grpc/support/atm_windows.h +10 -25
  41. data/include/grpc/support/avl.h +46 -49
  42. data/include/grpc/support/cmdline.h +10 -25
  43. data/include/grpc/support/cpu.h +10 -25
  44. data/include/grpc/support/histogram.h +10 -25
  45. data/include/grpc/support/host_port.h +10 -25
  46. data/include/grpc/support/log.h +10 -25
  47. data/include/grpc/support/log_windows.h +10 -25
  48. data/include/grpc/support/port_platform.h +10 -25
  49. data/include/grpc/support/string_util.h +10 -25
  50. data/include/grpc/support/subprocess.h +10 -25
  51. data/include/grpc/support/sync.h +10 -25
  52. data/include/grpc/support/sync_generic.h +10 -25
  53. data/include/grpc/support/sync_posix.h +10 -25
  54. data/include/grpc/support/sync_windows.h +10 -25
  55. data/include/grpc/support/thd.h +10 -25
  56. data/include/grpc/support/time.h +10 -25
  57. data/include/grpc/support/tls.h +10 -25
  58. data/include/grpc/support/tls_gcc.h +10 -25
  59. data/include/grpc/support/tls_msvc.h +10 -25
  60. data/include/grpc/support/tls_pthread.h +10 -25
  61. data/include/grpc/support/useful.h +10 -25
  62. data/include/grpc/support/workaround_list.h +11 -26
  63. data/src/boringssl/err_data.c +277 -259
  64. data/src/core/ext/census/aggregation.h +10 -25
  65. data/src/core/ext/census/base_resources.c +10 -25
  66. data/src/core/ext/census/base_resources.h +10 -25
  67. data/src/core/ext/census/census_interface.h +10 -25
  68. data/src/core/ext/census/census_rpc_stats.h +10 -25
  69. data/src/core/ext/census/context.c +10 -25
  70. data/src/core/ext/census/gen/census.pb.c +10 -25
  71. data/src/core/ext/census/gen/census.pb.h +10 -25
  72. data/src/core/ext/census/gen/trace_context.pb.c +10 -25
  73. data/src/core/ext/census/gen/trace_context.pb.h +10 -25
  74. data/src/core/ext/census/grpc_context.c +10 -25
  75. data/src/core/ext/census/grpc_filter.c +11 -26
  76. data/src/core/ext/census/grpc_filter.h +10 -25
  77. data/src/core/ext/census/grpc_plugin.c +10 -25
  78. data/src/core/ext/census/initialize.c +10 -25
  79. data/src/core/ext/census/intrusive_hash_map.c +10 -25
  80. data/src/core/ext/census/intrusive_hash_map.h +10 -25
  81. data/src/core/ext/census/intrusive_hash_map_internal.h +10 -25
  82. data/src/core/ext/census/mlog.c +10 -25
  83. data/src/core/ext/census/mlog.h +10 -25
  84. data/src/core/ext/census/operation.c +10 -25
  85. data/src/core/ext/census/placeholders.c +10 -25
  86. data/src/core/ext/census/resource.c +10 -25
  87. data/src/core/ext/census/resource.h +10 -25
  88. data/src/core/ext/census/rpc_metric_id.h +10 -25
  89. data/src/core/ext/census/trace_context.c +10 -25
  90. data/src/core/ext/census/trace_context.h +10 -25
  91. data/src/core/ext/census/trace_label.h +10 -25
  92. data/src/core/ext/census/trace_propagation.h +10 -25
  93. data/src/core/ext/census/trace_status.h +10 -25
  94. data/src/core/ext/census/trace_string.h +10 -25
  95. data/src/core/ext/census/tracing.c +10 -26
  96. data/src/core/ext/census/tracing.h +10 -25
  97. data/src/core/ext/filters/client_channel/channel_connectivity.c +20 -33
  98. data/src/core/ext/filters/client_channel/client_channel.c +617 -520
  99. data/src/core/ext/filters/client_channel/client_channel.h +15 -28
  100. data/src/core/ext/filters/client_channel/client_channel_factory.c +13 -31
  101. data/src/core/ext/filters/client_channel/client_channel_factory.h +10 -25
  102. data/src/core/ext/filters/client_channel/client_channel_plugin.c +16 -29
  103. data/src/core/ext/filters/client_channel/connector.c +10 -25
  104. data/src/core/ext/filters/client_channel/connector.h +10 -25
  105. data/src/core/ext/filters/client_channel/http_connect_handshaker.c +15 -30
  106. data/src/core/ext/filters/client_channel/http_connect_handshaker.h +10 -25
  107. data/src/core/ext/filters/client_channel/http_proxy.c +112 -38
  108. data/src/core/ext/filters/client_channel/http_proxy.h +10 -25
  109. data/src/core/ext/filters/client_channel/lb_policy.c +32 -36
  110. data/src/core/ext/filters/client_channel/lb_policy.h +24 -27
  111. data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.c +14 -30
  112. data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.h +10 -25
  113. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.c +464 -279
  114. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.h +10 -25
  115. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +15 -28
  116. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.c +40 -48
  117. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.c +65 -49
  118. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +31 -31
  119. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.c +47 -32
  120. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +11 -26
  121. data/src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.c +13 -9
  122. data/src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.h +27 -21
  123. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.c +373 -136
  124. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.c +504 -279
  125. data/src/core/ext/filters/client_channel/lb_policy_factory.c +12 -31
  126. data/src/core/ext/filters/client_channel/lb_policy_factory.h +12 -27
  127. data/src/core/ext/filters/client_channel/lb_policy_registry.c +10 -25
  128. data/src/core/ext/filters/client_channel/lb_policy_registry.h +10 -25
  129. data/src/core/ext/filters/client_channel/parse_address.c +10 -25
  130. data/src/core/ext/filters/client_channel/parse_address.h +10 -25
  131. data/src/core/ext/filters/client_channel/proxy_mapper.c +10 -25
  132. data/src/core/ext/filters/client_channel/proxy_mapper.h +10 -25
  133. data/src/core/ext/filters/client_channel/proxy_mapper_registry.c +10 -25
  134. data/src/core/ext/filters/client_channel/proxy_mapper_registry.h +10 -25
  135. data/src/core/ext/filters/client_channel/resolver.c +33 -38
  136. data/src/core/ext/filters/client_channel/resolver.h +19 -30
  137. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.c +153 -50
  138. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +14 -27
  139. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.c +33 -30
  140. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.c +326 -116
  141. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +35 -36
  142. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.c +60 -0
  143. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.c +19 -34
  144. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.c +254 -0
  145. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +60 -0
  146. data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.c +16 -28
  147. data/src/core/ext/filters/client_channel/resolver_factory.c +10 -25
  148. data/src/core/ext/filters/client_channel/resolver_factory.h +10 -25
  149. data/src/core/ext/filters/client_channel/resolver_registry.c +10 -25
  150. data/src/core/ext/filters/client_channel/resolver_registry.h +10 -25
  151. data/src/core/ext/filters/client_channel/retry_throttle.c +23 -34
  152. data/src/core/ext/filters/client_channel/retry_throttle.h +10 -25
  153. data/src/core/ext/filters/client_channel/subchannel.c +33 -55
  154. data/src/core/ext/filters/client_channel/subchannel.h +16 -26
  155. data/src/core/ext/filters/client_channel/subchannel_index.c +55 -92
  156. data/src/core/ext/filters/client_channel/subchannel_index.h +26 -29
  157. data/src/core/ext/filters/client_channel/uri_parser.c +10 -25
  158. data/src/core/ext/filters/client_channel/uri_parser.h +10 -25
  159. data/src/core/ext/filters/deadline/deadline_filter.c +30 -45
  160. data/src/core/ext/filters/deadline/deadline_filter.h +10 -25
  161. data/src/core/ext/filters/http/client/http_client_filter.c +255 -294
  162. data/src/core/ext/filters/http/client/http_client_filter.h +10 -25
  163. data/src/core/ext/filters/http/http_filters_plugin.c +11 -26
  164. data/src/core/ext/filters/http/message_compress/message_compress_filter.c +133 -105
  165. data/src/core/ext/filters/http/message_compress/message_compress_filter.h +10 -25
  166. data/src/core/ext/filters/http/server/http_server_filter.c +17 -32
  167. data/src/core/ext/filters/http/server/http_server_filter.h +10 -25
  168. data/src/core/ext/filters/load_reporting/load_reporting.c +11 -30
  169. data/src/core/ext/filters/load_reporting/load_reporting.h +10 -25
  170. data/src/core/ext/filters/load_reporting/load_reporting_filter.c +11 -26
  171. data/src/core/ext/filters/load_reporting/load_reporting_filter.h +10 -25
  172. data/src/core/ext/filters/max_age/max_age_filter.c +28 -43
  173. data/src/core/ext/filters/max_age/max_age_filter.h +10 -25
  174. data/src/core/ext/filters/message_size/message_size_filter.c +24 -37
  175. data/src/core/ext/filters/message_size/message_size_filter.h +10 -25
  176. data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.c +16 -31
  177. data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.h +10 -25
  178. data/src/core/ext/filters/workarounds/workaround_utils.c +12 -26
  179. data/src/core/ext/filters/workarounds/workaround_utils.h +11 -26
  180. data/src/core/ext/transport/chttp2/alpn/alpn.c +10 -25
  181. data/src/core/ext/transport/chttp2/alpn/alpn.h +10 -25
  182. data/src/core/ext/transport/chttp2/client/chttp2_connector.c +13 -28
  183. data/src/core/ext/transport/chttp2/client/chttp2_connector.h +10 -25
  184. data/src/core/ext/transport/chttp2/client/insecure/channel_create.c +13 -30
  185. data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.c +12 -29
  186. data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.c +13 -30
  187. data/src/core/ext/transport/chttp2/server/chttp2_server.c +11 -26
  188. data/src/core/ext/transport/chttp2/server/chttp2_server.h +10 -25
  189. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.c +10 -25
  190. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.c +10 -25
  191. data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.c +10 -25
  192. data/src/core/ext/transport/chttp2/transport/bin_decoder.c +11 -25
  193. data/src/core/ext/transport/chttp2/transport/bin_decoder.h +10 -25
  194. data/src/core/ext/transport/chttp2/transport/bin_encoder.c +10 -25
  195. data/src/core/ext/transport/chttp2/transport/bin_encoder.h +10 -25
  196. data/src/core/ext/transport/chttp2/transport/chttp2_plugin.c +15 -27
  197. data/src/core/ext/transport/chttp2/transport/chttp2_transport.c +421 -443
  198. data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +14 -25
  199. data/src/core/ext/transport/chttp2/transport/flow_control.c +500 -0
  200. data/src/core/ext/transport/chttp2/transport/frame.h +10 -25
  201. data/src/core/ext/transport/chttp2/transport/frame_data.c +20 -28
  202. data/src/core/ext/transport/chttp2/transport/frame_data.h +10 -25
  203. data/src/core/ext/transport/chttp2/transport/frame_goaway.c +10 -25
  204. data/src/core/ext/transport/chttp2/transport/frame_goaway.h +10 -25
  205. data/src/core/ext/transport/chttp2/transport/frame_ping.c +11 -26
  206. data/src/core/ext/transport/chttp2/transport/frame_ping.h +10 -25
  207. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.c +11 -26
  208. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +10 -25
  209. data/src/core/ext/transport/chttp2/transport/frame_settings.c +16 -29
  210. data/src/core/ext/transport/chttp2/transport/frame_settings.h +10 -25
  211. data/src/core/ext/transport/chttp2/transport/frame_window_update.c +17 -33
  212. data/src/core/ext/transport/chttp2/transport/frame_window_update.h +10 -25
  213. data/src/core/ext/transport/chttp2/transport/hpack_encoder.c +18 -31
  214. data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +12 -25
  215. data/src/core/ext/transport/chttp2/transport/hpack_parser.c +15 -30
  216. data/src/core/ext/transport/chttp2/transport/hpack_parser.h +10 -25
  217. data/src/core/ext/transport/chttp2/transport/hpack_table.c +10 -25
  218. data/src/core/ext/transport/chttp2/transport/hpack_table.h +10 -25
  219. data/src/core/ext/transport/chttp2/transport/http2_settings.c +10 -25
  220. data/src/core/ext/transport/chttp2/transport/http2_settings.h +10 -25
  221. data/src/core/ext/transport/chttp2/transport/huffsyms.c +10 -25
  222. data/src/core/ext/transport/chttp2/transport/huffsyms.h +10 -25
  223. data/src/core/ext/transport/chttp2/transport/incoming_metadata.c +10 -25
  224. data/src/core/ext/transport/chttp2/transport/incoming_metadata.h +10 -25
  225. data/src/core/ext/transport/chttp2/transport/internal.h +191 -179
  226. data/src/core/ext/transport/chttp2/transport/parsing.c +33 -102
  227. data/src/core/ext/transport/chttp2/transport/stream_lists.c +26 -28
  228. data/src/core/ext/transport/chttp2/transport/stream_map.c +10 -25
  229. data/src/core/ext/transport/chttp2/transport/stream_map.h +10 -25
  230. data/src/core/ext/transport/chttp2/transport/varint.c +14 -25
  231. data/src/core/ext/transport/chttp2/transport/varint.h +10 -25
  232. data/src/core/ext/transport/chttp2/transport/writing.c +164 -106
  233. data/src/core/ext/transport/inproc/inproc_plugin.c +29 -0
  234. data/src/core/ext/transport/inproc/inproc_transport.c +1303 -0
  235. data/src/core/ext/transport/inproc/inproc_transport.h +41 -0
  236. data/src/core/lib/channel/channel_args.c +52 -27
  237. data/src/core/lib/channel/channel_args.h +18 -27
  238. data/src/core/lib/channel/channel_stack.c +11 -26
  239. data/src/core/lib/channel/channel_stack.h +12 -27
  240. data/src/core/lib/channel/channel_stack_builder.c +11 -26
  241. data/src/core/lib/channel/channel_stack_builder.h +10 -25
  242. data/src/core/lib/channel/connected_channel.c +10 -25
  243. data/src/core/lib/channel/connected_channel.h +10 -25
  244. data/src/core/lib/channel/context.h +10 -25
  245. data/src/core/lib/channel/handshaker.c +14 -29
  246. data/src/core/lib/channel/handshaker.h +10 -25
  247. data/src/core/lib/channel/handshaker_factory.c +10 -25
  248. data/src/core/lib/channel/handshaker_factory.h +10 -25
  249. data/src/core/lib/channel/handshaker_registry.c +10 -25
  250. data/src/core/lib/channel/handshaker_registry.h +10 -25
  251. data/src/core/lib/compression/algorithm_metadata.h +10 -25
  252. data/src/core/lib/compression/compression.c +10 -25
  253. data/src/core/lib/compression/message_compress.c +10 -25
  254. data/src/core/lib/compression/message_compress.h +10 -25
  255. data/src/core/lib/compression/stream_compression.c +191 -0
  256. data/src/core/lib/compression/stream_compression.h +90 -0
  257. data/src/core/lib/debug/trace.c +28 -29
  258. data/src/core/lib/debug/trace.h +16 -30
  259. data/src/core/lib/http/format_request.c +10 -25
  260. data/src/core/lib/http/format_request.h +10 -25
  261. data/src/core/lib/http/httpcli.c +19 -35
  262. data/src/core/lib/http/httpcli.h +10 -25
  263. data/src/core/lib/http/httpcli_security_connector.c +17 -30
  264. data/src/core/lib/http/parser.c +11 -26
  265. data/src/core/lib/http/parser.h +10 -25
  266. data/src/core/lib/iomgr/closure.c +62 -25
  267. data/src/core/lib/iomgr/closure.h +81 -26
  268. data/src/core/lib/iomgr/combiner.c +103 -200
  269. data/src/core/lib/iomgr/combiner.h +14 -32
  270. data/src/core/lib/iomgr/endpoint.c +10 -29
  271. data/src/core/lib/iomgr/endpoint.h +10 -29
  272. data/src/core/lib/iomgr/endpoint_pair.h +10 -25
  273. data/src/core/lib/iomgr/endpoint_pair_posix.c +10 -25
  274. data/src/core/lib/iomgr/endpoint_pair_uv.c +10 -25
  275. data/src/core/lib/iomgr/endpoint_pair_windows.c +10 -25
  276. data/src/core/lib/iomgr/error.c +45 -46
  277. data/src/core/lib/iomgr/error.h +21 -34
  278. data/src/core/lib/iomgr/error_internal.h +10 -25
  279. data/src/core/lib/iomgr/ev_epoll1_linux.c +279 -179
  280. data/src/core/lib/iomgr/ev_epoll1_linux.h +10 -25
  281. data/src/core/lib/iomgr/ev_epoll_limited_pollers_linux.c +75 -264
  282. data/src/core/lib/iomgr/ev_epoll_limited_pollers_linux.h +10 -25
  283. data/src/core/lib/iomgr/ev_epoll_thread_pool_linux.c +44 -199
  284. data/src/core/lib/iomgr/ev_epoll_thread_pool_linux.h +10 -25
  285. data/src/core/lib/iomgr/ev_epollex_linux.c +184 -247
  286. data/src/core/lib/iomgr/ev_epollex_linux.h +10 -25
  287. data/src/core/lib/iomgr/ev_epollsig_linux.c +116 -323
  288. data/src/core/lib/iomgr/ev_epollsig_linux.h +10 -25
  289. data/src/core/lib/iomgr/ev_poll_posix.c +328 -184
  290. data/src/core/lib/iomgr/ev_poll_posix.h +10 -25
  291. data/src/core/lib/iomgr/ev_posix.c +25 -56
  292. data/src/core/lib/iomgr/ev_posix.h +15 -44
  293. data/src/core/lib/iomgr/ev_windows.c +11 -26
  294. data/src/core/lib/iomgr/exec_ctx.c +36 -45
  295. data/src/core/lib/iomgr/exec_ctx.h +10 -25
  296. data/src/core/lib/iomgr/executor.c +152 -127
  297. data/src/core/lib/iomgr/executor.h +18 -26
  298. data/src/core/lib/iomgr/gethostname.h +26 -0
  299. data/src/core/lib/iomgr/gethostname_fallback.c +27 -0
  300. data/src/core/lib/iomgr/gethostname_host_name_max.c +37 -0
  301. data/src/core/lib/iomgr/gethostname_sysconf.c +37 -0
  302. data/src/core/lib/iomgr/iocp_windows.c +10 -25
  303. data/src/core/lib/iomgr/iocp_windows.h +10 -25
  304. data/src/core/lib/iomgr/iomgr.c +17 -28
  305. data/src/core/lib/iomgr/iomgr.h +12 -27
  306. data/src/core/lib/iomgr/iomgr_internal.h +10 -25
  307. data/src/core/lib/iomgr/iomgr_posix.c +11 -26
  308. data/src/core/lib/iomgr/iomgr_posix.h +10 -25
  309. data/src/core/lib/iomgr/iomgr_uv.c +19 -26
  310. data/src/core/lib/iomgr/iomgr_uv.h +37 -0
  311. data/src/core/lib/iomgr/iomgr_windows.c +10 -25
  312. data/src/core/lib/iomgr/is_epollexclusive_available.c +10 -25
  313. data/src/core/lib/iomgr/is_epollexclusive_available.h +10 -25
  314. data/src/core/lib/iomgr/load_file.c +10 -25
  315. data/src/core/lib/iomgr/load_file.h +10 -25
  316. data/src/core/lib/iomgr/lockfree_event.c +22 -35
  317. data/src/core/lib/iomgr/lockfree_event.h +13 -27
  318. data/src/core/lib/iomgr/nameser.h +104 -0
  319. data/src/core/lib/iomgr/network_status_tracker.c +10 -25
  320. data/src/core/lib/iomgr/network_status_tracker.h +10 -25
  321. data/src/core/lib/iomgr/polling_entity.c +10 -25
  322. data/src/core/lib/iomgr/polling_entity.h +14 -34
  323. data/src/core/lib/iomgr/pollset.h +14 -25
  324. data/src/core/lib/iomgr/pollset_set.h +10 -25
  325. data/src/core/lib/iomgr/pollset_set_uv.c +10 -25
  326. data/src/core/lib/iomgr/pollset_set_windows.c +10 -25
  327. data/src/core/lib/iomgr/pollset_set_windows.h +10 -25
  328. data/src/core/lib/iomgr/pollset_uv.c +25 -26
  329. data/src/core/lib/iomgr/pollset_uv.h +10 -25
  330. data/src/core/lib/iomgr/pollset_windows.c +17 -27
  331. data/src/core/lib/iomgr/pollset_windows.h +10 -25
  332. data/src/core/lib/iomgr/port.h +24 -25
  333. data/src/core/lib/iomgr/resolve_address.h +10 -25
  334. data/src/core/lib/iomgr/resolve_address_posix.c +13 -28
  335. data/src/core/lib/iomgr/resolve_address_uv.c +31 -35
  336. data/src/core/lib/iomgr/resolve_address_windows.c +13 -28
  337. data/src/core/lib/iomgr/resource_quota.c +52 -67
  338. data/src/core/lib/iomgr/resource_quota.h +10 -25
  339. data/src/core/lib/iomgr/sockaddr.h +10 -25
  340. data/src/core/lib/iomgr/sockaddr_posix.h +10 -25
  341. data/src/core/lib/iomgr/sockaddr_utils.c +15 -25
  342. data/src/core/lib/iomgr/sockaddr_utils.h +12 -25
  343. data/src/core/lib/iomgr/sockaddr_windows.h +10 -25
  344. data/src/core/lib/iomgr/socket_factory_posix.c +13 -31
  345. data/src/core/lib/iomgr/socket_factory_posix.h +10 -25
  346. data/src/core/lib/iomgr/socket_mutator.c +14 -31
  347. data/src/core/lib/iomgr/socket_mutator.h +10 -25
  348. data/src/core/lib/iomgr/socket_utils.h +10 -25
  349. data/src/core/lib/iomgr/socket_utils_common_posix.c +10 -25
  350. data/src/core/lib/iomgr/socket_utils_linux.c +10 -25
  351. data/src/core/lib/iomgr/socket_utils_posix.c +10 -25
  352. data/src/core/lib/iomgr/socket_utils_posix.h +10 -25
  353. data/src/core/lib/iomgr/socket_utils_uv.c +10 -25
  354. data/src/core/lib/iomgr/socket_utils_windows.c +10 -25
  355. data/src/core/lib/iomgr/socket_windows.c +12 -27
  356. data/src/core/lib/iomgr/socket_windows.h +10 -25
  357. data/src/core/lib/iomgr/sys_epoll_wrapper.h +10 -25
  358. data/src/core/lib/iomgr/tcp_client.h +10 -25
  359. data/src/core/lib/iomgr/tcp_client_posix.c +21 -34
  360. data/src/core/lib/iomgr/tcp_client_posix.h +10 -25
  361. data/src/core/lib/iomgr/tcp_client_uv.c +18 -27
  362. data/src/core/lib/iomgr/tcp_client_windows.c +14 -29
  363. data/src/core/lib/iomgr/tcp_posix.c +36 -55
  364. data/src/core/lib/iomgr/tcp_posix.h +10 -25
  365. data/src/core/lib/iomgr/tcp_server.h +10 -25
  366. data/src/core/lib/iomgr/tcp_server_posix.c +16 -31
  367. data/src/core/lib/iomgr/tcp_server_utils_posix.h +10 -25
  368. data/src/core/lib/iomgr/tcp_server_utils_posix_common.c +11 -26
  369. data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.c +10 -25
  370. data/src/core/lib/iomgr/tcp_server_utils_posix_noifaddrs.c +10 -25
  371. data/src/core/lib/iomgr/tcp_server_uv.c +103 -64
  372. data/src/core/lib/iomgr/tcp_server_windows.c +14 -29
  373. data/src/core/lib/iomgr/tcp_uv.c +41 -45
  374. data/src/core/lib/iomgr/tcp_uv.h +10 -25
  375. data/src/core/lib/iomgr/tcp_windows.c +39 -53
  376. data/src/core/lib/iomgr/tcp_windows.h +10 -25
  377. data/src/core/lib/iomgr/time_averaged_stats.c +10 -25
  378. data/src/core/lib/iomgr/time_averaged_stats.h +10 -25
  379. data/src/core/lib/iomgr/timer.h +18 -27
  380. data/src/core/lib/iomgr/timer_generic.c +91 -87
  381. data/src/core/lib/iomgr/timer_generic.h +10 -25
  382. data/src/core/lib/iomgr/timer_heap.c +10 -25
  383. data/src/core/lib/iomgr/timer_heap.h +10 -25
  384. data/src/core/lib/iomgr/timer_manager.c +178 -100
  385. data/src/core/lib/iomgr/timer_manager.h +10 -25
  386. data/src/core/lib/iomgr/timer_uv.c +23 -33
  387. data/src/core/lib/iomgr/timer_uv.h +10 -25
  388. data/src/core/lib/iomgr/udp_server.c +17 -32
  389. data/src/core/lib/iomgr/udp_server.h +10 -25
  390. data/src/core/lib/iomgr/unix_sockets_posix.c +10 -25
  391. data/src/core/lib/iomgr/unix_sockets_posix.h +10 -25
  392. data/src/core/lib/iomgr/unix_sockets_posix_noop.c +10 -25
  393. data/src/core/lib/iomgr/wakeup_fd_cv.c +10 -25
  394. data/src/core/lib/iomgr/wakeup_fd_cv.h +13 -28
  395. data/src/core/lib/iomgr/wakeup_fd_eventfd.c +10 -25
  396. data/src/core/lib/iomgr/wakeup_fd_nospecial.c +10 -25
  397. data/src/core/lib/iomgr/wakeup_fd_pipe.c +10 -25
  398. data/src/core/lib/iomgr/wakeup_fd_pipe.h +10 -25
  399. data/src/core/lib/iomgr/wakeup_fd_posix.c +10 -25
  400. data/src/core/lib/iomgr/wakeup_fd_posix.h +10 -25
  401. data/src/core/lib/json/json.c +10 -25
  402. data/src/core/lib/json/json.h +10 -25
  403. data/src/core/lib/json/json_common.h +10 -25
  404. data/src/core/lib/json/json_reader.c +11 -25
  405. data/src/core/lib/json/json_reader.h +10 -25
  406. data/src/core/lib/json/json_string.c +10 -25
  407. data/src/core/lib/json/json_writer.c +10 -25
  408. data/src/core/lib/json/json_writer.h +10 -25
  409. data/src/core/lib/profiling/basic_timers.c +10 -25
  410. data/src/core/lib/profiling/stap_timers.c +10 -25
  411. data/src/core/lib/profiling/timers.h +10 -25
  412. data/src/core/lib/security/context/security_context.c +32 -40
  413. data/src/core/lib/security/context/security_context.h +15 -26
  414. data/src/core/lib/security/credentials/composite/composite_credentials.c +76 -81
  415. data/src/core/lib/security/credentials/composite/composite_credentials.h +10 -25
  416. data/src/core/lib/security/credentials/credentials.c +29 -49
  417. data/src/core/lib/security/credentials/credentials.h +48 -61
  418. data/src/core/lib/security/credentials/credentials_metadata.c +34 -78
  419. data/src/core/lib/security/credentials/fake/fake_credentials.c +33 -56
  420. data/src/core/lib/security/credentials/fake/fake_credentials.h +12 -27
  421. data/src/core/lib/security/credentials/google_default/credentials_generic.c +10 -25
  422. data/src/core/lib/security/credentials/google_default/google_default_credentials.c +12 -27
  423. data/src/core/lib/security/credentials/google_default/google_default_credentials.h +10 -25
  424. data/src/core/lib/security/credentials/iam/iam_credentials.c +40 -40
  425. data/src/core/lib/security/credentials/iam/iam_credentials.h +11 -26
  426. data/src/core/lib/security/credentials/jwt/json_token.c +10 -25
  427. data/src/core/lib/security/credentials/jwt/json_token.h +10 -25
  428. data/src/core/lib/security/credentials/jwt/jwt_credentials.c +45 -48
  429. data/src/core/lib/security/credentials/jwt/jwt_credentials.h +11 -26
  430. data/src/core/lib/security/credentials/jwt/jwt_verifier.c +53 -33
  431. data/src/core/lib/security/credentials/jwt/jwt_verifier.h +10 -25
  432. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.c +155 -87
  433. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +24 -28
  434. data/src/core/lib/security/credentials/plugin/plugin_credentials.c +118 -82
  435. data/src/core/lib/security/credentials/plugin/plugin_credentials.h +24 -27
  436. data/src/core/lib/security/credentials/ssl/ssl_credentials.c +13 -32
  437. data/src/core/lib/security/credentials/ssl/ssl_credentials.h +10 -25
  438. data/src/core/lib/security/transport/auth_filters.h +10 -25
  439. data/src/core/lib/security/transport/client_auth_filter.c +217 -112
  440. data/src/core/lib/security/transport/lb_targets_info.c +16 -32
  441. data/src/core/lib/security/transport/lb_targets_info.h +10 -25
  442. data/src/core/lib/security/transport/secure_endpoint.c +29 -43
  443. data/src/core/lib/security/transport/secure_endpoint.h +10 -25
  444. data/src/core/lib/security/transport/security_connector.c +80 -61
  445. data/src/core/lib/security/transport/security_connector.h +35 -35
  446. data/src/core/lib/security/transport/security_handshaker.c +18 -33
  447. data/src/core/lib/security/transport/security_handshaker.h +10 -25
  448. data/src/core/lib/security/transport/server_auth_filter.c +62 -116
  449. data/src/core/lib/security/transport/tsi_error.c +10 -25
  450. data/src/core/lib/security/transport/tsi_error.h +10 -25
  451. data/src/core/lib/security/util/json_util.c +10 -25
  452. data/src/core/lib/security/util/json_util.h +10 -25
  453. data/src/core/lib/slice/b64.c +10 -25
  454. data/src/core/lib/slice/b64.h +10 -25
  455. data/src/core/lib/slice/percent_encoding.c +10 -25
  456. data/src/core/lib/slice/percent_encoding.h +10 -25
  457. data/src/core/lib/slice/slice.c +10 -25
  458. data/src/core/lib/slice/slice_buffer.c +10 -25
  459. data/src/core/lib/slice/slice_hash_table.c +48 -26
  460. data/src/core/lib/slice/slice_hash_table.h +26 -28
  461. data/src/core/lib/slice/slice_intern.c +10 -25
  462. data/src/core/lib/slice/slice_internal.h +10 -25
  463. data/src/core/lib/slice/slice_string_helpers.c +10 -25
  464. data/src/core/lib/slice/slice_string_helpers.h +10 -25
  465. data/src/core/lib/support/alloc.c +10 -25
  466. data/src/core/lib/support/arena.c +12 -27
  467. data/src/core/lib/support/arena.h +10 -25
  468. data/src/core/lib/support/atm.c +17 -32
  469. data/src/core/lib/support/atomic.h +10 -25
  470. data/src/core/lib/support/atomic_with_atm.h +10 -25
  471. data/src/core/lib/support/atomic_with_std.h +10 -25
  472. data/src/core/lib/support/avl.c +101 -101
  473. data/src/core/lib/support/backoff.c +10 -25
  474. data/src/core/lib/support/backoff.h +10 -25
  475. data/src/core/lib/support/block_annotate.h +10 -25
  476. data/src/core/lib/support/cmdline.c +10 -25
  477. data/src/core/lib/support/cpu_iphone.c +10 -25
  478. data/src/core/lib/support/cpu_linux.c +10 -25
  479. data/src/core/lib/support/cpu_posix.c +10 -25
  480. data/src/core/lib/support/cpu_windows.c +10 -25
  481. data/src/core/lib/support/env.h +16 -25
  482. data/src/core/lib/support/env_linux.c +30 -37
  483. data/src/core/lib/support/env_posix.c +15 -25
  484. data/src/core/lib/support/env_windows.c +15 -25
  485. data/src/core/lib/support/histogram.c +10 -25
  486. data/src/core/lib/support/host_port.c +10 -25
  487. data/src/core/lib/support/log.c +20 -29
  488. data/src/core/lib/support/log_android.c +10 -25
  489. data/src/core/lib/support/log_linux.c +13 -26
  490. data/src/core/lib/support/log_posix.c +10 -25
  491. data/src/core/lib/support/log_windows.c +10 -25
  492. data/src/core/lib/support/memory.h +10 -25
  493. data/src/core/lib/support/mpscq.c +11 -49
  494. data/src/core/lib/support/mpscq.h +11 -50
  495. data/src/core/lib/support/murmur_hash.c +12 -25
  496. data/src/core/lib/support/murmur_hash.h +10 -25
  497. data/src/core/lib/support/spinlock.h +10 -25
  498. data/src/core/lib/support/stack_lockfree.c +10 -25
  499. data/src/core/lib/support/stack_lockfree.h +10 -25
  500. data/src/core/lib/support/string.c +10 -25
  501. data/src/core/lib/support/string.h +10 -25
  502. data/src/core/lib/support/string_posix.c +10 -25
  503. data/src/core/lib/support/string_util_windows.c +10 -25
  504. data/src/core/lib/support/string_windows.c +10 -25
  505. data/src/core/lib/support/string_windows.h +10 -25
  506. data/src/core/lib/support/subprocess_posix.c +10 -25
  507. data/src/core/lib/support/subprocess_windows.c +10 -25
  508. data/src/core/lib/support/sync.c +10 -25
  509. data/src/core/lib/support/sync_posix.c +10 -25
  510. data/src/core/lib/support/sync_windows.c +10 -25
  511. data/src/core/lib/support/thd.c +10 -25
  512. data/src/core/lib/support/thd_internal.h +10 -25
  513. data/src/core/lib/support/thd_posix.c +10 -25
  514. data/src/core/lib/support/thd_windows.c +10 -25
  515. data/src/core/lib/support/time.c +10 -25
  516. data/src/core/lib/support/time_posix.c +10 -25
  517. data/src/core/lib/support/time_precise.c +18 -33
  518. data/src/core/lib/support/time_precise.h +10 -25
  519. data/src/core/lib/support/time_windows.c +10 -25
  520. data/src/core/lib/support/tls_pthread.c +10 -25
  521. data/src/core/lib/support/tmpfile.h +10 -25
  522. data/src/core/lib/support/tmpfile_msys.c +10 -25
  523. data/src/core/lib/support/tmpfile_posix.c +10 -25
  524. data/src/core/lib/support/tmpfile_windows.c +10 -25
  525. data/src/core/lib/support/wrap_memcpy.c +10 -25
  526. data/src/core/lib/surface/alarm.c +78 -35
  527. data/src/core/lib/surface/alarm_internal.h +40 -0
  528. data/src/core/lib/surface/api_trace.c +11 -26
  529. data/src/core/lib/surface/api_trace.h +10 -25
  530. data/src/core/lib/surface/byte_buffer.c +10 -25
  531. data/src/core/lib/surface/byte_buffer_reader.c +10 -25
  532. data/src/core/lib/surface/call.c +64 -84
  533. data/src/core/lib/surface/call.h +11 -26
  534. data/src/core/lib/surface/call_details.c +10 -25
  535. data/src/core/lib/surface/call_log_batch.c +10 -25
  536. data/src/core/lib/surface/call_test_only.h +10 -25
  537. data/src/core/lib/surface/channel.c +11 -26
  538. data/src/core/lib/surface/channel.h +11 -26
  539. data/src/core/lib/surface/channel_init.c +10 -25
  540. data/src/core/lib/surface/channel_init.h +10 -25
  541. data/src/core/lib/surface/channel_ping.c +12 -27
  542. data/src/core/lib/surface/channel_stack_type.c +10 -25
  543. data/src/core/lib/surface/channel_stack_type.h +10 -25
  544. data/src/core/lib/surface/completion_queue.c +442 -331
  545. data/src/core/lib/surface/completion_queue.h +16 -33
  546. data/src/core/lib/surface/completion_queue_factory.c +10 -25
  547. data/src/core/lib/surface/completion_queue_factory.h +10 -25
  548. data/src/core/lib/surface/event_string.c +10 -25
  549. data/src/core/lib/surface/event_string.h +10 -25
  550. data/src/core/lib/surface/init.c +38 -47
  551. data/src/core/lib/surface/init.h +10 -25
  552. data/src/core/lib/surface/init_secure.c +20 -27
  553. data/src/core/lib/surface/lame_client.cc +14 -29
  554. data/src/core/lib/surface/lame_client.h +10 -25
  555. data/src/core/lib/surface/metadata_array.c +10 -25
  556. data/src/core/lib/surface/server.c +128 -81
  557. data/src/core/lib/surface/server.h +10 -25
  558. data/src/core/lib/surface/validate_metadata.c +10 -25
  559. data/src/core/lib/surface/validate_metadata.h +10 -25
  560. data/src/core/lib/surface/version.c +11 -26
  561. data/src/core/lib/transport/bdp_estimator.c +19 -29
  562. data/src/core/lib/transport/bdp_estimator.h +16 -29
  563. data/src/core/lib/transport/byte_stream.c +127 -36
  564. data/src/core/lib/transport/byte_stream.h +88 -46
  565. data/src/core/lib/transport/connectivity_state.c +17 -31
  566. data/src/core/lib/transport/connectivity_state.h +10 -25
  567. data/src/core/lib/transport/error_utils.c +10 -25
  568. data/src/core/lib/transport/error_utils.h +10 -25
  569. data/src/core/lib/transport/http2_errors.h +10 -25
  570. data/src/core/lib/transport/metadata.c +87 -85
  571. data/src/core/lib/transport/metadata.h +15 -28
  572. data/src/core/lib/transport/metadata_batch.c +10 -25
  573. data/src/core/lib/transport/metadata_batch.h +10 -25
  574. data/src/core/lib/transport/pid_controller.c +10 -25
  575. data/src/core/lib/transport/pid_controller.h +10 -25
  576. data/src/core/lib/transport/service_config.c +11 -26
  577. data/src/core/lib/transport/service_config.h +10 -25
  578. data/src/core/lib/transport/static_metadata.c +12 -26
  579. data/src/core/lib/transport/static_metadata.h +10 -25
  580. data/src/core/lib/transport/status_conversion.c +10 -25
  581. data/src/core/lib/transport/status_conversion.h +10 -25
  582. data/src/core/lib/transport/timeout_encoding.c +10 -25
  583. data/src/core/lib/transport/timeout_encoding.h +10 -25
  584. data/src/core/lib/transport/transport.c +60 -53
  585. data/src/core/lib/transport/transport.h +36 -34
  586. data/src/core/lib/transport/transport_impl.h +10 -25
  587. data/src/core/lib/transport/transport_op_string.c +10 -28
  588. data/src/core/plugin_registry/grpc_plugin_registry.c +22 -25
  589. data/src/core/tsi/fake_transport_security.c +199 -94
  590. data/src/core/tsi/fake_transport_security.h +11 -26
  591. data/src/core/tsi/gts_transport_security.c +40 -0
  592. data/src/core/tsi/gts_transport_security.h +37 -0
  593. data/src/core/tsi/ssl_transport_security.c +13 -32
  594. data/src/core/tsi/ssl_transport_security.h +10 -25
  595. data/src/core/tsi/ssl_types.h +10 -25
  596. data/src/core/tsi/transport_security.c +48 -78
  597. data/src/core/tsi/transport_security.h +18 -27
  598. data/src/core/tsi/transport_security_adapter.c +17 -29
  599. data/src/core/tsi/transport_security_adapter.h +10 -25
  600. data/src/core/tsi/transport_security_grpc.c +64 -0
  601. data/src/core/tsi/transport_security_grpc.h +80 -0
  602. data/src/core/tsi/transport_security_interface.h +21 -27
  603. data/src/ruby/bin/apis/google/protobuf/empty.rb +10 -25
  604. data/src/ruby/bin/apis/pubsub_demo.rb +10 -25
  605. data/src/ruby/bin/apis/tech/pubsub/proto/pubsub.rb +10 -25
  606. data/src/ruby/bin/apis/tech/pubsub/proto/pubsub_services.rb +10 -25
  607. data/src/ruby/bin/math_client.rb +10 -25
  608. data/src/ruby/bin/math_server.rb +10 -25
  609. data/src/ruby/bin/math_services_pb.rb +10 -25
  610. data/src/ruby/bin/noproto_client.rb +10 -25
  611. data/src/ruby/bin/noproto_server.rb +10 -25
  612. data/src/ruby/ext/grpc/extconf.rb +10 -25
  613. data/src/ruby/ext/grpc/rb_byte_buffer.c +10 -25
  614. data/src/ruby/ext/grpc/rb_byte_buffer.h +10 -25
  615. data/src/ruby/ext/grpc/rb_call.c +44 -25
  616. data/src/ruby/ext/grpc/rb_call.h +10 -25
  617. data/src/ruby/ext/grpc/rb_call_credentials.c +10 -25
  618. data/src/ruby/ext/grpc/rb_call_credentials.h +10 -25
  619. data/src/ruby/ext/grpc/rb_channel.c +10 -25
  620. data/src/ruby/ext/grpc/rb_channel.h +10 -25
  621. data/src/ruby/ext/grpc/rb_channel_args.c +10 -25
  622. data/src/ruby/ext/grpc/rb_channel_args.h +10 -25
  623. data/src/ruby/ext/grpc/rb_channel_credentials.c +10 -25
  624. data/src/ruby/ext/grpc/rb_channel_credentials.h +10 -25
  625. data/src/ruby/ext/grpc/rb_completion_queue.c +10 -25
  626. data/src/ruby/ext/grpc/rb_completion_queue.h +10 -25
  627. data/src/ruby/ext/grpc/rb_compression_options.c +10 -25
  628. data/src/ruby/ext/grpc/rb_compression_options.h +10 -25
  629. data/src/ruby/ext/grpc/rb_event_thread.c +10 -25
  630. data/src/ruby/ext/grpc/rb_event_thread.h +10 -25
  631. data/src/ruby/ext/grpc/rb_grpc.c +10 -25
  632. data/src/ruby/ext/grpc/rb_grpc.h +10 -25
  633. data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +10 -25
  634. data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +16 -31
  635. data/src/ruby/ext/grpc/rb_loader.c +10 -25
  636. data/src/ruby/ext/grpc/rb_loader.h +10 -25
  637. data/src/ruby/ext/grpc/rb_server.c +10 -25
  638. data/src/ruby/ext/grpc/rb_server.h +10 -25
  639. data/src/ruby/ext/grpc/rb_server_credentials.c +10 -25
  640. data/src/ruby/ext/grpc/rb_server_credentials.h +10 -25
  641. data/src/ruby/lib/grpc.rb +10 -25
  642. data/src/ruby/lib/grpc/core/time_consts.rb +10 -25
  643. data/src/ruby/lib/grpc/errors.rb +16 -30
  644. data/src/ruby/lib/grpc/generic/active_call.rb +25 -27
  645. data/src/ruby/lib/grpc/generic/bidi_call.rb +17 -27
  646. data/src/ruby/lib/grpc/generic/client_stub.rb +10 -25
  647. data/src/ruby/lib/grpc/generic/rpc_desc.rb +10 -25
  648. data/src/ruby/lib/grpc/generic/rpc_server.rb +10 -25
  649. data/src/ruby/lib/grpc/generic/service.rb +10 -25
  650. data/src/ruby/lib/grpc/grpc.rb +10 -25
  651. data/src/ruby/lib/grpc/logconfig.rb +10 -25
  652. data/src/ruby/lib/grpc/notifier.rb +10 -25
  653. data/src/ruby/lib/grpc/version.rb +11 -26
  654. data/src/ruby/pb/generate_proto_ruby.sh +10 -25
  655. data/src/ruby/pb/grpc/health/checker.rb +10 -25
  656. data/src/ruby/pb/grpc/health/v1/health_services_pb.rb +10 -25
  657. data/src/ruby/pb/grpc/testing/duplicate/echo_duplicate_services_pb.rb +10 -25
  658. data/src/ruby/pb/grpc/testing/metrics_services_pb.rb +10 -25
  659. data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +10 -25
  660. data/src/ruby/pb/test/client.rb +10 -25
  661. data/src/ruby/pb/test/server.rb +10 -25
  662. data/src/ruby/spec/call_credentials_spec.rb +10 -25
  663. data/src/ruby/spec/call_spec.rb +43 -25
  664. data/src/ruby/spec/channel_connection_spec.rb +10 -25
  665. data/src/ruby/spec/channel_credentials_spec.rb +11 -26
  666. data/src/ruby/spec/channel_spec.rb +10 -25
  667. data/src/ruby/spec/client_auth_spec.rb +10 -25
  668. data/src/ruby/spec/client_server_spec.rb +66 -25
  669. data/src/ruby/spec/compression_options_spec.rb +10 -25
  670. data/src/ruby/spec/error_sanity_spec.rb +10 -25
  671. data/src/ruby/spec/generic/active_call_spec.rb +10 -25
  672. data/src/ruby/spec/generic/client_stub_spec.rb +146 -35
  673. data/src/ruby/spec/generic/rpc_desc_spec.rb +10 -25
  674. data/src/ruby/spec/generic/rpc_server_pool_spec.rb +10 -25
  675. data/src/ruby/spec/generic/rpc_server_spec.rb +124 -34
  676. data/src/ruby/spec/generic/service_spec.rb +10 -25
  677. data/src/ruby/spec/pb/duplicate/codegen_spec.rb +10 -25
  678. data/src/ruby/spec/pb/health/checker_spec.rb +10 -25
  679. data/src/ruby/spec/server_credentials_spec.rb +10 -25
  680. data/src/ruby/spec/server_spec.rb +10 -25
  681. data/src/ruby/spec/spec_helper.rb +10 -25
  682. data/src/ruby/spec/time_consts_spec.rb +10 -25
  683. data/third_party/boringssl/crypto/aes/key_wrap.c +138 -0
  684. data/third_party/boringssl/crypto/asn1/a_bitstr.c +6 -3
  685. data/third_party/boringssl/crypto/asn1/a_enum.c +4 -1
  686. data/third_party/boringssl/crypto/asn1/a_gentm.c +20 -15
  687. data/third_party/boringssl/crypto/asn1/a_int.c +7 -4
  688. data/third_party/boringssl/crypto/asn1/a_object.c +5 -2
  689. data/third_party/boringssl/crypto/asn1/a_time.c +0 -1
  690. data/third_party/boringssl/crypto/asn1/a_utctm.c +1 -2
  691. data/third_party/boringssl/crypto/asn1/asn1_lib.c +5 -2
  692. data/third_party/boringssl/crypto/asn1/asn1_locl.h +35 -0
  693. data/third_party/boringssl/crypto/asn1/tasn_dec.c +3 -1
  694. data/third_party/boringssl/crypto/asn1/tasn_enc.c +6 -3
  695. data/third_party/boringssl/crypto/asn1/tasn_new.c +12 -7
  696. data/third_party/boringssl/crypto/asn1/tasn_utl.c +22 -8
  697. data/third_party/boringssl/crypto/{time_support.c → asn1/time_support.c} +1 -1
  698. data/third_party/boringssl/crypto/asn1/x_long.c +5 -2
  699. data/third_party/boringssl/crypto/base64/base64.c +7 -5
  700. data/third_party/boringssl/crypto/bio/bio.c +24 -10
  701. data/third_party/boringssl/crypto/bio/bio_mem.c +12 -10
  702. data/third_party/boringssl/crypto/bio/connect.c +7 -18
  703. data/third_party/boringssl/crypto/bio/fd.c +3 -6
  704. data/third_party/boringssl/crypto/bio/file.c +6 -6
  705. data/third_party/boringssl/crypto/bio/hexdump.c +4 -2
  706. data/third_party/boringssl/crypto/bio/pair.c +30 -344
  707. data/third_party/boringssl/crypto/bio/socket.c +6 -7
  708. data/third_party/boringssl/crypto/bio/socket_helper.c +4 -3
  709. data/third_party/boringssl/crypto/bn/add.c +1 -1
  710. data/third_party/boringssl/crypto/bn/asm/x86_64-gcc.c +11 -10
  711. data/third_party/boringssl/crypto/bn/bn.c +6 -20
  712. data/third_party/boringssl/crypto/bn/cmp.c +14 -0
  713. data/third_party/boringssl/crypto/bn/convert.c +73 -2
  714. data/third_party/boringssl/crypto/bn/ctx.c +3 -1
  715. data/third_party/boringssl/crypto/bn/div.c +108 -51
  716. data/third_party/boringssl/crypto/bn/exponentiation.c +15 -33
  717. data/third_party/boringssl/crypto/bn/gcd.c +29 -22
  718. data/third_party/boringssl/crypto/bn/generic.c +71 -67
  719. data/third_party/boringssl/crypto/bn/internal.h +19 -6
  720. data/third_party/boringssl/crypto/bn/kronecker.c +1 -0
  721. data/third_party/boringssl/crypto/bn/montgomery.c +9 -10
  722. data/third_party/boringssl/crypto/bn/montgomery_inv.c +47 -0
  723. data/third_party/boringssl/crypto/bn/mul.c +11 -9
  724. data/third_party/boringssl/crypto/bn/random.c +6 -3
  725. data/third_party/boringssl/crypto/bn/rsaz_exp.c +0 -65
  726. data/third_party/boringssl/crypto/bn/rsaz_exp.h +0 -3
  727. data/third_party/boringssl/crypto/bn/shift.c +9 -1
  728. data/third_party/boringssl/crypto/bn/sqrt.c +3 -1
  729. data/third_party/boringssl/crypto/buf/buf.c +6 -4
  730. data/third_party/boringssl/crypto/bytestring/asn1_compat.c +2 -1
  731. data/third_party/boringssl/crypto/bytestring/ber.c +2 -1
  732. data/third_party/boringssl/crypto/bytestring/cbb.c +9 -7
  733. data/third_party/boringssl/crypto/bytestring/cbs.c +54 -2
  734. data/third_party/boringssl/crypto/chacha/chacha.c +1 -1
  735. data/third_party/boringssl/crypto/cipher/aead.c +3 -3
  736. data/third_party/boringssl/crypto/cipher/cipher.c +18 -13
  737. data/third_party/boringssl/crypto/cipher/e_aes.c +335 -281
  738. data/third_party/boringssl/crypto/cipher/e_chacha20poly1305.c +113 -137
  739. data/third_party/boringssl/crypto/cipher/e_null.c +2 -1
  740. data/third_party/boringssl/crypto/cipher/e_rc2.c +54 -49
  741. data/third_party/boringssl/crypto/cipher/e_ssl3.c +4 -3
  742. data/third_party/boringssl/crypto/cipher/e_tls.c +5 -5
  743. data/third_party/boringssl/crypto/cipher/tls_cbc.c +41 -112
  744. data/third_party/boringssl/crypto/cmac/cmac.c +6 -4
  745. data/third_party/boringssl/crypto/conf/conf.c +6 -3
  746. data/third_party/boringssl/crypto/cpu-arm-linux.c +2 -2
  747. data/third_party/boringssl/crypto/curve25519/curve25519.c +28 -34
  748. data/third_party/boringssl/crypto/curve25519/spake25519.c +7 -6
  749. data/third_party/boringssl/crypto/curve25519/x25519-x86_64.c +2 -1
  750. data/third_party/boringssl/crypto/des/des.c +1 -1
  751. data/third_party/boringssl/crypto/des/internal.h +58 -46
  752. data/third_party/boringssl/crypto/dh/dh.c +4 -8
  753. data/third_party/boringssl/crypto/digest/digest.c +5 -2
  754. data/third_party/boringssl/crypto/digest/digests.c +70 -33
  755. data/third_party/boringssl/crypto/digest/md32_common.h +39 -27
  756. data/third_party/boringssl/crypto/dsa/dsa.c +11 -19
  757. data/third_party/boringssl/crypto/ec/ec.c +1 -1
  758. data/third_party/boringssl/crypto/ec/ec_asn1.c +3 -2
  759. data/third_party/boringssl/crypto/ec/ec_key.c +1 -1
  760. data/third_party/boringssl/crypto/ec/ec_montgomery.c +6 -11
  761. data/third_party/boringssl/crypto/ec/oct.c +2 -14
  762. data/third_party/boringssl/crypto/ec/p224-64.c +78 -122
  763. data/third_party/boringssl/crypto/ec/p256-64.c +93 -133
  764. data/third_party/boringssl/crypto/ec/p256-x86_64.c +48 -61
  765. data/third_party/boringssl/crypto/ec/p256-x86_64.h +113 -0
  766. data/third_party/boringssl/crypto/ec/simple.c +2 -1
  767. data/third_party/boringssl/crypto/ec/wnaf.c +52 -43
  768. data/third_party/boringssl/crypto/ecdh/ecdh.c +4 -2
  769. data/third_party/boringssl/crypto/ecdsa/ecdsa.c +17 -16
  770. data/third_party/boringssl/crypto/engine/engine.c +3 -1
  771. data/third_party/boringssl/crypto/err/err.c +5 -5
  772. data/third_party/boringssl/crypto/evp/evp.c +1 -1
  773. data/third_party/boringssl/crypto/evp/evp_asn1.c +1 -1
  774. data/third_party/boringssl/crypto/evp/evp_ctx.c +23 -29
  775. data/third_party/boringssl/crypto/evp/p_ec.c +2 -1
  776. data/third_party/boringssl/crypto/evp/p_rsa.c +9 -3
  777. data/third_party/boringssl/crypto/evp/pbkdf.c +3 -1
  778. data/third_party/boringssl/crypto/hkdf/hkdf.c +3 -1
  779. data/third_party/boringssl/crypto/hmac/hmac.c +4 -2
  780. data/third_party/boringssl/crypto/internal.h +81 -0
  781. data/third_party/boringssl/crypto/lhash/lhash.c +7 -13
  782. data/third_party/boringssl/crypto/md4/md4.c +20 -18
  783. data/third_party/boringssl/crypto/md5/md5.c +31 -21
  784. data/third_party/boringssl/crypto/mem.c +4 -10
  785. data/third_party/boringssl/crypto/modes/cbc.c +2 -6
  786. data/third_party/boringssl/crypto/modes/cfb.c +2 -2
  787. data/third_party/boringssl/crypto/modes/ctr.c +1 -1
  788. data/third_party/boringssl/crypto/modes/gcm.c +117 -334
  789. data/third_party/boringssl/crypto/modes/internal.h +107 -84
  790. data/third_party/boringssl/crypto/modes/ofb.c +3 -3
  791. data/third_party/boringssl/crypto/modes/polyval.c +94 -0
  792. data/third_party/boringssl/crypto/obj/obj.c +13 -8
  793. data/third_party/boringssl/crypto/obj/obj_dat.h +6109 -5187
  794. data/third_party/boringssl/crypto/obj/obj_xref.c +55 -57
  795. data/third_party/boringssl/crypto/pem/pem_lib.c +6 -3
  796. data/third_party/boringssl/crypto/pkcs8/internal.h +27 -8
  797. data/third_party/boringssl/crypto/pkcs8/p5_pbev2.c +137 -352
  798. data/third_party/boringssl/crypto/pkcs8/pkcs8.c +371 -364
  799. data/third_party/boringssl/crypto/poly1305/poly1305.c +12 -18
  800. data/third_party/boringssl/crypto/poly1305/poly1305_arm.c +2 -2
  801. data/third_party/boringssl/crypto/{newhope/reduce.c → pool/internal.h} +24 -21
  802. data/third_party/boringssl/crypto/pool/pool.c +200 -0
  803. data/third_party/boringssl/crypto/rand/deterministic.c +6 -5
  804. data/third_party/boringssl/crypto/rand/fuchsia.c +43 -0
  805. data/third_party/boringssl/crypto/rand/rand.c +7 -7
  806. data/third_party/boringssl/crypto/rand/urandom.c +136 -22
  807. data/third_party/boringssl/crypto/rand/windows.c +2 -2
  808. data/third_party/boringssl/crypto/rsa/blinding.c +2 -1
  809. data/third_party/boringssl/crypto/rsa/padding.c +11 -11
  810. data/third_party/boringssl/crypto/rsa/rsa.c +4 -4
  811. data/third_party/boringssl/crypto/rsa/rsa_asn1.c +7 -1
  812. data/third_party/boringssl/crypto/rsa/rsa_impl.c +41 -80
  813. data/third_party/boringssl/crypto/sha/sha1-altivec.c +346 -0
  814. data/third_party/boringssl/crypto/sha/sha1.c +60 -42
  815. data/third_party/boringssl/crypto/sha/sha256.c +4 -2
  816. data/third_party/boringssl/crypto/sha/sha512.c +9 -7
  817. data/third_party/boringssl/crypto/stack/stack.c +10 -7
  818. data/third_party/boringssl/crypto/thread_pthread.c +2 -2
  819. data/third_party/boringssl/crypto/thread_win.c +2 -2
  820. data/third_party/boringssl/crypto/x509/a_verify.c +1 -1
  821. data/third_party/boringssl/crypto/x509/asn1_gen.c +1 -1
  822. data/third_party/boringssl/crypto/x509/by_dir.c +1 -1
  823. data/third_party/boringssl/crypto/x509/t_x509.c +78 -38
  824. data/third_party/boringssl/crypto/x509/x509_cmp.c +8 -5
  825. data/third_party/boringssl/crypto/x509/x509_lu.c +6 -1
  826. data/third_party/boringssl/crypto/x509/x509_obj.c +4 -1
  827. data/third_party/boringssl/crypto/x509/x509_vfy.c +42 -8
  828. data/third_party/boringssl/crypto/x509/x509_vpm.c +8 -6
  829. data/third_party/boringssl/crypto/x509/x509name.c +4 -1
  830. data/third_party/boringssl/crypto/x509/x_crl.c +4 -2
  831. data/third_party/boringssl/crypto/x509/x_name.c +23 -13
  832. data/third_party/boringssl/crypto/x509/x_pkey.c +4 -1
  833. data/third_party/boringssl/crypto/x509/x_x509.c +42 -3
  834. data/third_party/boringssl/crypto/x509v3/pcy_int.h +2 -2
  835. data/third_party/boringssl/crypto/x509v3/pcy_tree.c +2 -1
  836. data/third_party/boringssl/crypto/x509v3/v3_cpols.c +1 -1
  837. data/third_party/boringssl/crypto/x509v3/v3_ia5.c +4 -1
  838. data/third_party/boringssl/crypto/x509v3/v3_ncons.c +4 -1
  839. data/third_party/boringssl/crypto/x509v3/v3_pci.c +6 -3
  840. data/third_party/boringssl/crypto/x509v3/v3_purp.c +13 -21
  841. data/third_party/boringssl/crypto/x509v3/v3_utl.c +19 -33
  842. data/third_party/boringssl/include/openssl/aead.h +9 -20
  843. data/third_party/boringssl/include/openssl/aes.h +21 -9
  844. data/third_party/boringssl/include/openssl/asn1.h +9 -1
  845. data/third_party/boringssl/include/openssl/base.h +33 -6
  846. data/third_party/boringssl/include/openssl/bio.h +10 -103
  847. data/third_party/boringssl/include/openssl/bn.h +58 -42
  848. data/third_party/boringssl/include/openssl/bytestring.h +17 -0
  849. data/third_party/boringssl/include/openssl/cipher.h +4 -3
  850. data/third_party/boringssl/include/openssl/conf.h +4 -1
  851. data/third_party/boringssl/include/openssl/curve25519.h +13 -0
  852. data/third_party/boringssl/include/openssl/digest.h +5 -3
  853. data/third_party/boringssl/include/openssl/dsa.h +5 -5
  854. data/third_party/boringssl/include/openssl/ec.h +2 -2
  855. data/third_party/boringssl/include/openssl/ecdh.h +3 -4
  856. data/third_party/boringssl/include/openssl/ecdsa.h +10 -10
  857. data/third_party/boringssl/include/openssl/err.h +5 -5
  858. data/third_party/boringssl/include/openssl/evp.h +11 -7
  859. data/third_party/boringssl/include/openssl/lhash.h +2 -3
  860. data/third_party/boringssl/include/openssl/lhash_macros.h +56 -14
  861. data/third_party/boringssl/include/openssl/nid.h +2949 -2916
  862. data/third_party/boringssl/include/openssl/obj.h +1 -1
  863. data/third_party/boringssl/include/openssl/pkcs8.h +21 -42
  864. data/third_party/boringssl/include/openssl/pool.h +87 -0
  865. data/third_party/boringssl/include/openssl/rand.h +1 -1
  866. data/third_party/boringssl/include/openssl/rsa.h +4 -2
  867. data/third_party/boringssl/include/openssl/sha.h +0 -4
  868. data/third_party/boringssl/include/openssl/ssl.h +327 -662
  869. data/third_party/boringssl/include/openssl/ssl3.h +1 -21
  870. data/third_party/boringssl/include/openssl/stack.h +1 -0
  871. data/third_party/boringssl/include/openssl/stack_macros.h +85 -0
  872. data/third_party/boringssl/include/openssl/tls1.h +23 -52
  873. data/third_party/boringssl/include/openssl/type_check.h +4 -0
  874. data/third_party/boringssl/include/openssl/x509.h +10 -59
  875. data/third_party/boringssl/include/openssl/x509_vfy.h +7 -1
  876. data/third_party/boringssl/include/openssl/x509v3.h +4 -4
  877. data/third_party/boringssl/ssl/bio_ssl.c +175 -0
  878. data/third_party/boringssl/ssl/custom_extensions.c +24 -21
  879. data/third_party/boringssl/ssl/d1_both.c +259 -289
  880. data/third_party/boringssl/ssl/d1_lib.c +8 -20
  881. data/third_party/boringssl/ssl/d1_pkt.c +6 -15
  882. data/third_party/boringssl/ssl/dtls_method.c +22 -8
  883. data/third_party/boringssl/ssl/dtls_record.c +27 -2
  884. data/third_party/boringssl/ssl/handshake_client.c +460 -579
  885. data/third_party/boringssl/ssl/handshake_server.c +662 -644
  886. data/third_party/boringssl/ssl/internal.h +1009 -375
  887. data/third_party/boringssl/ssl/s3_both.c +312 -162
  888. data/third_party/boringssl/ssl/s3_lib.c +12 -128
  889. data/third_party/boringssl/ssl/s3_pkt.c +22 -30
  890. data/third_party/boringssl/ssl/ssl_aead_ctx.c +28 -22
  891. data/third_party/boringssl/ssl/ssl_asn1.c +210 -114
  892. data/third_party/boringssl/ssl/ssl_buffer.c +2 -1
  893. data/third_party/boringssl/ssl/ssl_cert.c +417 -219
  894. data/third_party/boringssl/ssl/ssl_cipher.c +191 -393
  895. data/third_party/boringssl/ssl/ssl_ecdh.c +19 -164
  896. data/third_party/boringssl/ssl/ssl_file.c +0 -11
  897. data/third_party/boringssl/ssl/ssl_lib.c +325 -652
  898. data/third_party/boringssl/ssl/{ssl_rsa.c → ssl_privkey.c} +21 -131
  899. data/third_party/boringssl/ssl/ssl_privkey_cc.cc +76 -0
  900. data/third_party/boringssl/ssl/ssl_session.c +206 -95
  901. data/third_party/boringssl/ssl/ssl_stat.c +18 -84
  902. data/third_party/boringssl/ssl/{s3_enc.c → ssl_transcript.c} +150 -157
  903. data/third_party/boringssl/ssl/ssl_x509.c +815 -0
  904. data/third_party/boringssl/ssl/t1_enc.c +188 -174
  905. data/third_party/boringssl/ssl/t1_lib.c +1064 -764
  906. data/third_party/boringssl/ssl/tls13_both.c +290 -96
  907. data/third_party/boringssl/ssl/tls13_client.c +344 -314
  908. data/third_party/boringssl/ssl/tls13_enc.c +239 -200
  909. data/third_party/boringssl/ssl/tls13_server.c +374 -366
  910. data/third_party/boringssl/ssl/tls_method.c +40 -5
  911. data/third_party/boringssl/ssl/tls_record.c +166 -71
  912. metadata +39 -25
  913. data/src/core/lib/iomgr/workqueue.h +0 -87
  914. data/src/core/lib/iomgr/workqueue_uv.c +0 -65
  915. data/src/core/lib/iomgr/workqueue_uv.h +0 -37
  916. data/src/core/lib/iomgr/workqueue_windows.c +0 -63
  917. data/src/core/lib/iomgr/workqueue_windows.h +0 -37
  918. data/third_party/boringssl/crypto/bio/buffer.c +0 -496
  919. data/third_party/boringssl/crypto/newhope/error_correction.c +0 -131
  920. data/third_party/boringssl/crypto/newhope/internal.h +0 -71
  921. data/third_party/boringssl/crypto/newhope/newhope.c +0 -174
  922. data/third_party/boringssl/crypto/newhope/ntt.c +0 -148
  923. data/third_party/boringssl/crypto/newhope/poly.c +0 -183
  924. data/third_party/boringssl/crypto/newhope/precomp.c +0 -306
  925. data/third_party/boringssl/crypto/obj/obj_xref.h +0 -96
  926. data/third_party/boringssl/crypto/pkcs8/p5_pbe.c +0 -151
  927. data/third_party/boringssl/include/openssl/newhope.h +0 -158
  928. data/third_party/boringssl/include/openssl/time_support.h +0 -91
@@ -15,6 +15,7 @@
15
15
  #include <openssl/ssl.h>
16
16
 
17
17
  #include <assert.h>
18
+ #include <limits.h>
18
19
  #include <string.h>
19
20
 
20
21
  #include <openssl/bytestring.h>
@@ -24,104 +25,137 @@
24
25
  #include <openssl/stack.h>
25
26
  #include <openssl/x509.h>
26
27
 
28
+ #include "../crypto/internal.h"
27
29
  #include "internal.h"
28
30
 
29
31
 
30
32
  enum client_hs_state_t {
31
33
  state_process_hello_retry_request = 0,
32
34
  state_send_second_client_hello,
33
- state_flush_second_client_hello,
34
35
  state_process_server_hello,
35
36
  state_process_encrypted_extensions,
36
37
  state_process_certificate_request,
37
38
  state_process_server_certificate,
38
39
  state_process_server_certificate_verify,
39
40
  state_process_server_finished,
40
- state_certificate_callback,
41
41
  state_send_client_certificate,
42
42
  state_send_client_certificate_verify,
43
43
  state_complete_client_certificate_verify,
44
- state_send_client_finished,
45
- state_flush,
44
+ state_complete_second_flight,
46
45
  state_done,
47
46
  };
48
47
 
49
- static enum ssl_hs_wait_t do_process_hello_retry_request(SSL *ssl,
50
- SSL_HANDSHAKE *hs) {
48
+ static const uint8_t kZeroes[EVP_MAX_MD_SIZE] = {0};
49
+
50
+ static enum ssl_hs_wait_t do_process_hello_retry_request(SSL_HANDSHAKE *hs) {
51
+ SSL *const ssl = hs->ssl;
51
52
  if (ssl->s3->tmp.message_type != SSL3_MT_HELLO_RETRY_REQUEST) {
52
- hs->state = state_process_server_hello;
53
+ hs->tls13_state = state_process_server_hello;
53
54
  return ssl_hs_ok;
54
55
  }
55
56
 
56
57
  CBS cbs, extensions;
57
- uint16_t server_wire_version, cipher_suite, group_id;
58
+ uint16_t server_wire_version;
58
59
  CBS_init(&cbs, ssl->init_msg, ssl->init_num);
59
60
  if (!CBS_get_u16(&cbs, &server_wire_version) ||
60
- !CBS_get_u16(&cbs, &cipher_suite) ||
61
- !CBS_get_u16(&cbs, &group_id) ||
62
- /* We do not currently parse any HelloRetryRequest extensions. */
63
61
  !CBS_get_u16_length_prefixed(&cbs, &extensions) ||
62
+ /* HelloRetryRequest may not be empty. */
63
+ CBS_len(&extensions) == 0 ||
64
64
  CBS_len(&cbs) != 0) {
65
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
65
66
  ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
66
67
  return ssl_hs_error;
67
68
  }
68
69
 
69
- /* TODO(svaldez): Don't do early_data on HelloRetryRequest. */
70
+ int have_cookie, have_key_share;
71
+ CBS cookie, key_share;
72
+ const SSL_EXTENSION_TYPE ext_types[] = {
73
+ {TLSEXT_TYPE_key_share, &have_key_share, &key_share},
74
+ {TLSEXT_TYPE_cookie, &have_cookie, &cookie},
75
+ };
70
76
 
71
- const uint16_t *groups;
72
- size_t groups_len;
73
- tls1_get_grouplist(ssl, 0 /* local groups */, &groups, &groups_len);
74
- int found = 0;
75
- for (size_t i = 0; i < groups_len; i++) {
76
- if (groups[i] == group_id) {
77
- found = 1;
78
- break;
77
+ uint8_t alert = SSL_AD_DECODE_ERROR;
78
+ if (!ssl_parse_extensions(&extensions, &alert, ext_types,
79
+ OPENSSL_ARRAY_SIZE(ext_types),
80
+ 0 /* reject unknown */)) {
81
+ ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
82
+ return ssl_hs_error;
83
+ }
84
+
85
+ if (have_cookie) {
86
+ CBS cookie_value;
87
+ if (!CBS_get_u16_length_prefixed(&cookie, &cookie_value) ||
88
+ CBS_len(&cookie_value) == 0 ||
89
+ CBS_len(&cookie) != 0) {
90
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
91
+ ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
92
+ return ssl_hs_error;
93
+ }
94
+
95
+ if (!CBS_stow(&cookie_value, &hs->cookie, &hs->cookie_len)) {
96
+ return ssl_hs_error;
79
97
  }
80
98
  }
81
99
 
82
- if (!found) {
83
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
84
- OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CURVE);
85
- return ssl_hs_error;
100
+ if (have_key_share) {
101
+ uint16_t group_id;
102
+ if (!CBS_get_u16(&key_share, &group_id) || CBS_len(&key_share) != 0) {
103
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
104
+ ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
105
+ return ssl_hs_error;
106
+ }
107
+
108
+ /* The group must be supported. */
109
+ const uint16_t *groups;
110
+ size_t groups_len;
111
+ tls1_get_grouplist(ssl, &groups, &groups_len);
112
+ int found = 0;
113
+ for (size_t i = 0; i < groups_len; i++) {
114
+ if (groups[i] == group_id) {
115
+ found = 1;
116
+ break;
117
+ }
118
+ }
119
+
120
+ if (!found) {
121
+ ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
122
+ OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CURVE);
123
+ return ssl_hs_error;
124
+ }
125
+
126
+ /* Check that the HelloRetryRequest does not request the key share that
127
+ * was provided in the initial ClientHello. */
128
+ if (SSL_ECDH_CTX_get_id(&hs->ecdh_ctx) == group_id) {
129
+ ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
130
+ OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CURVE);
131
+ return ssl_hs_error;
132
+ }
133
+
134
+ SSL_ECDH_CTX_cleanup(&hs->ecdh_ctx);
135
+ hs->retry_group = group_id;
86
136
  }
87
137
 
88
- /* Check that the HelloRetryRequest does not request the key share that was
89
- * provided in the initial ClientHello. */
90
- if (SSL_ECDH_CTX_get_id(&ssl->s3->hs->ecdh_ctx) == group_id) {
91
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
92
- OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CURVE);
138
+ if (!ssl_hash_current_message(hs)) {
93
139
  return ssl_hs_error;
94
140
  }
95
141
 
96
- SSL_ECDH_CTX_cleanup(&ssl->s3->hs->ecdh_ctx);
97
- ssl->s3->hs->retry_group = group_id;
98
-
99
- hs->state = state_send_second_client_hello;
142
+ hs->received_hello_retry_request = 1;
143
+ hs->tls13_state = state_send_second_client_hello;
100
144
  return ssl_hs_ok;
101
145
  }
102
146
 
103
- static enum ssl_hs_wait_t do_send_second_client_hello(SSL *ssl,
104
- SSL_HANDSHAKE *hs) {
105
- CBB cbb, body;
106
- if (!ssl->method->init_message(ssl, &cbb, &body, SSL3_MT_CLIENT_HELLO) ||
107
- !ssl_add_client_hello_body(ssl, &body) ||
108
- !ssl->method->finish_message(ssl, &cbb)) {
109
- CBB_cleanup(&cbb);
147
+ static enum ssl_hs_wait_t do_send_second_client_hello(SSL_HANDSHAKE *hs) {
148
+ if (!ssl_write_client_hello(hs)) {
110
149
  return ssl_hs_error;
111
150
  }
112
151
 
113
- hs->state = state_flush_second_client_hello;
114
- return ssl_hs_write_message;
115
- }
116
-
117
- static enum ssl_hs_wait_t do_flush_second_client_hello(SSL *ssl,
118
- SSL_HANDSHAKE *hs) {
119
- hs->state = state_process_server_hello;
152
+ hs->tls13_state = state_process_server_hello;
120
153
  return ssl_hs_flush_and_read_message;
121
154
  }
122
155
 
123
- static enum ssl_hs_wait_t do_process_server_hello(SSL *ssl, SSL_HANDSHAKE *hs) {
124
- if (!tls13_check_message_type(ssl, SSL3_MT_SERVER_HELLO)) {
156
+ static enum ssl_hs_wait_t do_process_server_hello(SSL_HANDSHAKE *hs) {
157
+ SSL *const ssl = hs->ssl;
158
+ if (!ssl_check_message_type(ssl, SSL3_MT_SERVER_HELLO)) {
125
159
  return ssl_hs_error;
126
160
  }
127
161
 
@@ -145,49 +179,43 @@ static enum ssl_hs_wait_t do_process_server_hello(SSL *ssl, SSL_HANDSHAKE *hs) {
145
179
  return ssl_hs_error;
146
180
  }
147
181
 
148
- /* Parse out the extensions. */
149
- int have_key_share = 0, have_pre_shared_key = 0;
150
- CBS key_share, pre_shared_key;
151
- while (CBS_len(&extensions) != 0) {
152
- uint16_t type;
153
- CBS extension;
154
- if (!CBS_get_u16(&extensions, &type) ||
155
- !CBS_get_u16_length_prefixed(&extensions, &extension)) {
156
- OPENSSL_PUT_ERROR(SSL, SSL_R_PARSE_TLSEXT);
157
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
158
- return ssl_hs_error;
159
- }
182
+ assert(ssl->s3->have_version);
183
+ OPENSSL_memcpy(ssl->s3->server_random, CBS_data(&server_random),
184
+ SSL3_RANDOM_SIZE);
160
185
 
161
- switch (type) {
162
- case TLSEXT_TYPE_key_share:
163
- if (have_key_share) {
164
- OPENSSL_PUT_ERROR(SSL, SSL_R_DUPLICATE_EXTENSION);
165
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
166
- return ssl_hs_error;
167
- }
168
- key_share = extension;
169
- have_key_share = 1;
170
- break;
171
- case TLSEXT_TYPE_pre_shared_key:
172
- if (have_pre_shared_key) {
173
- OPENSSL_PUT_ERROR(SSL, SSL_R_DUPLICATE_EXTENSION);
174
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
175
- return ssl_hs_error;
176
- }
177
- pre_shared_key = extension;
178
- have_pre_shared_key = 1;
179
- break;
180
- default:
181
- OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
182
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNSUPPORTED_EXTENSION);
183
- return ssl_hs_error;
184
- }
186
+ const SSL_CIPHER *cipher = SSL_get_cipher_by_value(cipher_suite);
187
+ if (cipher == NULL) {
188
+ OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_CIPHER_RETURNED);
189
+ ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
190
+ return ssl_hs_error;
185
191
  }
186
192
 
187
- assert(ssl->s3->have_version);
188
- memcpy(ssl->s3->server_random, CBS_data(&server_random), SSL3_RANDOM_SIZE);
193
+ /* Check if the cipher is a TLS 1.3 cipher. */
194
+ if (SSL_CIPHER_get_min_version(cipher) > ssl3_protocol_version(ssl) ||
195
+ SSL_CIPHER_get_max_version(cipher) < ssl3_protocol_version(ssl)) {
196
+ OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CIPHER_RETURNED);
197
+ ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
198
+ return ssl_hs_error;
199
+ }
200
+
201
+ /* Parse out the extensions. */
202
+ int have_key_share = 0, have_pre_shared_key = 0, have_short_header = 0;
203
+ CBS key_share, pre_shared_key, short_header;
204
+ const SSL_EXTENSION_TYPE ext_types[] = {
205
+ {TLSEXT_TYPE_key_share, &have_key_share, &key_share},
206
+ {TLSEXT_TYPE_pre_shared_key, &have_pre_shared_key, &pre_shared_key},
207
+ {TLSEXT_TYPE_short_header, &have_short_header, &short_header},
208
+ };
189
209
 
190
210
  uint8_t alert = SSL_AD_DECODE_ERROR;
211
+ if (!ssl_parse_extensions(&extensions, &alert, ext_types,
212
+ OPENSSL_ARRAY_SIZE(ext_types),
213
+ 0 /* reject unknown */)) {
214
+ ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
215
+ return ssl_hs_error;
216
+ }
217
+
218
+ alert = SSL_AD_DECODE_ERROR;
191
219
  if (have_pre_shared_key) {
192
220
  if (ssl->session == NULL) {
193
221
  OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
@@ -195,7 +223,7 @@ static enum ssl_hs_wait_t do_process_server_hello(SSL *ssl, SSL_HANDSHAKE *hs) {
195
223
  return ssl_hs_error;
196
224
  }
197
225
 
198
- if (!ssl_ext_pre_shared_key_parse_serverhello(ssl, &alert,
226
+ if (!ssl_ext_pre_shared_key_parse_serverhello(hs, &alert,
199
227
  &pre_shared_key)) {
200
228
  ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
201
229
  return ssl_hs_error;
@@ -207,6 +235,12 @@ static enum ssl_hs_wait_t do_process_server_hello(SSL *ssl, SSL_HANDSHAKE *hs) {
207
235
  return ssl_hs_error;
208
236
  }
209
237
 
238
+ if (ssl->session->cipher->algorithm_prf != cipher->algorithm_prf) {
239
+ OPENSSL_PUT_ERROR(SSL, SSL_R_OLD_SESSION_PRF_HASH_MISMATCH);
240
+ ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
241
+ return ssl_hs_error;
242
+ }
243
+
210
244
  if (!ssl_session_is_context_valid(ssl, ssl->session)) {
211
245
  /* This is actually a client application bug. */
212
246
  OPENSSL_PUT_ERROR(SSL,
@@ -217,142 +251,112 @@ static enum ssl_hs_wait_t do_process_server_hello(SSL *ssl, SSL_HANDSHAKE *hs) {
217
251
 
218
252
  ssl->s3->session_reused = 1;
219
253
  /* Only authentication information carries over in TLS 1.3. */
220
- ssl->s3->new_session =
221
- SSL_SESSION_dup(ssl->session, SSL_SESSION_DUP_AUTH_ONLY);
222
- if (ssl->s3->new_session == NULL) {
254
+ hs->new_session = SSL_SESSION_dup(ssl->session, SSL_SESSION_DUP_AUTH_ONLY);
255
+ if (hs->new_session == NULL) {
223
256
  ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
224
257
  return ssl_hs_error;
225
258
  }
226
259
  ssl_set_session(ssl, NULL);
227
- } else {
228
- if (!ssl_get_new_session(ssl, 0)) {
229
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
230
- return ssl_hs_error;
231
- }
232
- }
233
260
 
234
- const SSL_CIPHER *cipher = SSL_get_cipher_by_value(cipher_suite);
235
- if (cipher == NULL) {
236
- OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_CIPHER_RETURNED);
237
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
261
+ /* Resumption incorporates fresh key material, so refresh the timeout. */
262
+ ssl_session_renew_timeout(ssl, hs->new_session,
263
+ ssl->initial_ctx->session_psk_dhe_timeout);
264
+ } else if (!ssl_get_new_session(hs, 0)) {
265
+ ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
238
266
  return ssl_hs_error;
239
267
  }
240
268
 
241
- if (!ssl->s3->session_reused) {
242
- /* Check if the cipher is disabled. */
243
- if ((cipher->algorithm_mkey & ssl->cert->mask_k) ||
244
- (cipher->algorithm_auth & ssl->cert->mask_a) ||
245
- SSL_CIPHER_get_min_version(cipher) > ssl3_protocol_version(ssl) ||
246
- SSL_CIPHER_get_max_version(cipher) < ssl3_protocol_version(ssl) ||
247
- !sk_SSL_CIPHER_find(ssl_get_ciphers_by_id(ssl), NULL, cipher)) {
248
- OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CIPHER_RETURNED);
249
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
250
- return ssl_hs_error;
251
- }
252
- } else {
253
- uint16_t resumption_cipher;
254
- if (!ssl_cipher_get_ecdhe_psk_cipher(ssl->s3->new_session->cipher,
255
- &resumption_cipher) ||
256
- resumption_cipher != ssl_cipher_get_value(cipher)) {
257
- OPENSSL_PUT_ERROR(SSL, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
258
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
269
+ hs->new_session->cipher = cipher;
270
+ hs->new_cipher = cipher;
271
+
272
+ /* Store the initial negotiated ALPN in the session. */
273
+ if (ssl->s3->alpn_selected != NULL) {
274
+ hs->new_session->early_alpn =
275
+ BUF_memdup(ssl->s3->alpn_selected, ssl->s3->alpn_selected_len);
276
+ if (hs->new_session->early_alpn == NULL) {
277
+ ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
259
278
  return ssl_hs_error;
260
279
  }
280
+ hs->new_session->early_alpn_len = ssl->s3->alpn_selected_len;
261
281
  }
262
282
 
263
- ssl->s3->new_session->cipher = cipher;
264
- ssl->s3->tmp.new_cipher = cipher;
265
-
266
283
  /* The PRF hash is now known. Set up the key schedule. */
267
- static const uint8_t kZeroes[EVP_MAX_MD_SIZE] = {0};
268
- size_t resumption_ctx_len =
269
- EVP_MD_size(ssl_get_handshake_digest(ssl_get_algorithm_prf(ssl)));
270
- if (ssl->s3->session_reused) {
271
- uint8_t resumption_ctx[EVP_MAX_MD_SIZE];
272
- if (!tls13_resumption_context(ssl, resumption_ctx, resumption_ctx_len,
273
- ssl->s3->new_session) ||
274
- !tls13_init_key_schedule(ssl, resumption_ctx, resumption_ctx_len)) {
275
- return ssl_hs_error;
276
- }
277
- } else if (!tls13_init_key_schedule(ssl, kZeroes, resumption_ctx_len)) {
284
+ if (!tls13_init_key_schedule(hs)) {
278
285
  return ssl_hs_error;
279
286
  }
280
287
 
281
- /* Resolve PSK and incorporate it into the secret. */
282
- if (cipher->algorithm_auth == SSL_aPSK) {
283
- if (!ssl->s3->session_reused) {
284
- OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
288
+ /* Incorporate the PSK into the running secret. */
289
+ if (ssl->s3->session_reused) {
290
+ if (!tls13_advance_key_schedule(hs, hs->new_session->master_key,
291
+ hs->new_session->master_key_length)) {
285
292
  return ssl_hs_error;
286
293
  }
294
+ } else if (!tls13_advance_key_schedule(hs, kZeroes, hs->hash_len)) {
295
+ return ssl_hs_error;
296
+ }
287
297
 
288
- uint8_t resumption_psk[EVP_MAX_MD_SIZE];
289
- if (!tls13_resumption_psk(ssl, resumption_psk, hs->hash_len,
290
- ssl->s3->new_session) ||
291
- !tls13_advance_key_schedule(ssl, resumption_psk, hs->hash_len)) {
292
- OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
293
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
294
- return ssl_hs_error;
295
- }
296
- } else if (!tls13_advance_key_schedule(ssl, kZeroes, hs->hash_len)) {
298
+ if (!have_key_share) {
299
+ /* We do not support psk_ke and thus always require a key share. */
300
+ OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_KEY_SHARE);
301
+ ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_MISSING_EXTENSION);
297
302
  return ssl_hs_error;
298
303
  }
299
304
 
300
305
  /* Resolve ECDHE and incorporate it into the secret. */
301
- if (cipher->algorithm_mkey == SSL_kECDHE) {
302
- if (!have_key_share) {
303
- OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_KEY_SHARE);
304
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_MISSING_EXTENSION);
305
- return ssl_hs_error;
306
- }
307
-
308
- uint8_t *dhe_secret;
309
- size_t dhe_secret_len;
310
- if (!ssl_ext_key_share_parse_serverhello(ssl, &dhe_secret, &dhe_secret_len,
311
- &alert, &key_share)) {
312
- ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
313
- return ssl_hs_error;
314
- }
306
+ uint8_t *dhe_secret;
307
+ size_t dhe_secret_len;
308
+ alert = SSL_AD_DECODE_ERROR;
309
+ if (!ssl_ext_key_share_parse_serverhello(hs, &dhe_secret, &dhe_secret_len,
310
+ &alert, &key_share)) {
311
+ ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
312
+ return ssl_hs_error;
313
+ }
315
314
 
316
- int ok = tls13_advance_key_schedule(ssl, dhe_secret, dhe_secret_len);
315
+ if (!tls13_advance_key_schedule(hs, dhe_secret, dhe_secret_len)) {
317
316
  OPENSSL_free(dhe_secret);
318
- if (!ok) {
317
+ return ssl_hs_error;
318
+ }
319
+ OPENSSL_free(dhe_secret);
320
+
321
+ /* Negotiate short record headers. */
322
+ if (have_short_header) {
323
+ if (CBS_len(&short_header) != 0) {
324
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
325
+ ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
319
326
  return ssl_hs_error;
320
327
  }
321
- } else {
322
- if (have_key_share) {
328
+
329
+ if (!ssl->ctx->short_header_enabled) {
323
330
  OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
324
331
  ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNSUPPORTED_EXTENSION);
325
332
  return ssl_hs_error;
326
333
  }
327
- if (!tls13_advance_key_schedule(ssl, kZeroes, hs->hash_len)) {
328
- return ssl_hs_error;
329
- }
330
- }
331
334
 
332
- /* If there was no HelloRetryRequest, the version negotiation logic has
333
- * already hashed the message. */
334
- if (ssl->s3->hs->retry_group != 0 &&
335
- !ssl->method->hash_current_message(ssl)) {
336
- return ssl_hs_error;
335
+ ssl->s3->short_header = 1;
337
336
  }
338
337
 
339
- if (!tls13_set_handshake_traffic(ssl)) {
338
+ if (!ssl_hash_current_message(hs) ||
339
+ !tls13_derive_handshake_secrets(hs) ||
340
+ !tls13_set_traffic_key(ssl, evp_aead_open, hs->server_handshake_secret,
341
+ hs->hash_len) ||
342
+ !tls13_set_traffic_key(ssl, evp_aead_seal, hs->client_handshake_secret,
343
+ hs->hash_len)) {
340
344
  return ssl_hs_error;
341
345
  }
342
346
 
343
- hs->state = state_process_encrypted_extensions;
347
+ hs->tls13_state = state_process_encrypted_extensions;
344
348
  return ssl_hs_read_message;
345
349
  }
346
350
 
347
- static enum ssl_hs_wait_t do_process_encrypted_extensions(SSL *ssl,
348
- SSL_HANDSHAKE *hs) {
349
- if (!tls13_check_message_type(ssl, SSL3_MT_ENCRYPTED_EXTENSIONS)) {
351
+ static enum ssl_hs_wait_t do_process_encrypted_extensions(SSL_HANDSHAKE *hs) {
352
+ SSL *const ssl = hs->ssl;
353
+ if (!ssl_check_message_type(ssl, SSL3_MT_ENCRYPTED_EXTENSIONS)) {
350
354
  return ssl_hs_error;
351
355
  }
352
356
 
353
357
  CBS cbs;
354
358
  CBS_init(&cbs, ssl->init_msg, ssl->init_num);
355
- if (!ssl_parse_serverhello_tlsext(ssl, &cbs)) {
359
+ if (!ssl_parse_serverhello_tlsext(hs, &cbs)) {
356
360
  OPENSSL_PUT_ERROR(SSL, SSL_R_PARSE_TLSEXT);
357
361
  return ssl_hs_error;
358
362
  }
@@ -362,27 +366,25 @@ static enum ssl_hs_wait_t do_process_encrypted_extensions(SSL *ssl,
362
366
  return ssl_hs_error;
363
367
  }
364
368
 
365
- if (!ssl->method->hash_current_message(ssl)) {
369
+ if (!ssl_hash_current_message(hs)) {
366
370
  return ssl_hs_error;
367
371
  }
368
372
 
369
- hs->state = state_process_certificate_request;
373
+ hs->tls13_state = state_process_certificate_request;
370
374
  return ssl_hs_read_message;
371
375
  }
372
376
 
373
- static enum ssl_hs_wait_t do_process_certificate_request(SSL *ssl,
374
- SSL_HANDSHAKE *hs) {
375
- ssl->s3->tmp.cert_request = 0;
376
-
377
- /* CertificateRequest may only be sent in certificate-based ciphers. */
378
- if (!ssl_cipher_uses_certificate_auth(ssl->s3->tmp.new_cipher)) {
379
- hs->state = state_process_server_finished;
377
+ static enum ssl_hs_wait_t do_process_certificate_request(SSL_HANDSHAKE *hs) {
378
+ SSL *const ssl = hs->ssl;
379
+ /* CertificateRequest may only be sent in non-resumption handshakes. */
380
+ if (ssl->s3->session_reused) {
381
+ hs->tls13_state = state_process_server_finished;
380
382
  return ssl_hs_ok;
381
383
  }
382
384
 
383
385
  /* CertificateRequest is optional. */
384
386
  if (ssl->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) {
385
- hs->state = state_process_server_certificate;
387
+ hs->tls13_state = state_process_server_certificate;
386
388
  return ssl_hs_ok;
387
389
  }
388
390
 
@@ -393,13 +395,13 @@ static enum ssl_hs_wait_t do_process_certificate_request(SSL *ssl,
393
395
  CBS_len(&context) != 0 ||
394
396
  !CBS_get_u16_length_prefixed(&cbs, &supported_signature_algorithms) ||
395
397
  CBS_len(&supported_signature_algorithms) == 0 ||
396
- !tls1_parse_peer_sigalgs(ssl, &supported_signature_algorithms)) {
398
+ !tls1_parse_peer_sigalgs(hs, &supported_signature_algorithms)) {
397
399
  ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
398
400
  OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
399
401
  return ssl_hs_error;
400
402
  }
401
403
 
402
- uint8_t alert;
404
+ uint8_t alert = SSL_AD_DECODE_ERROR;
403
405
  STACK_OF(X509_NAME) *ca_sk = ssl_parse_client_CA_list(ssl, &alert, &cbs);
404
406
  if (ca_sk == NULL) {
405
407
  ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
@@ -416,73 +418,64 @@ static enum ssl_hs_wait_t do_process_certificate_request(SSL *ssl,
416
418
  return ssl_hs_error;
417
419
  }
418
420
 
419
- ssl->s3->tmp.cert_request = 1;
420
- sk_X509_NAME_pop_free(ssl->s3->tmp.ca_names, X509_NAME_free);
421
- ssl->s3->tmp.ca_names = ca_sk;
421
+ hs->cert_request = 1;
422
+ sk_X509_NAME_pop_free(hs->ca_names, X509_NAME_free);
423
+ hs->ca_names = ca_sk;
422
424
 
423
- if (!ssl->method->hash_current_message(ssl)) {
425
+ if (!ssl_hash_current_message(hs)) {
424
426
  return ssl_hs_error;
425
427
  }
426
428
 
427
- hs->state = state_process_server_certificate;
429
+ hs->tls13_state = state_process_server_certificate;
428
430
  return ssl_hs_read_message;
429
431
  }
430
432
 
431
- static enum ssl_hs_wait_t do_process_server_certificate(SSL *ssl,
432
- SSL_HANDSHAKE *hs) {
433
- if (!tls13_check_message_type(ssl, SSL3_MT_CERTIFICATE) ||
434
- !tls13_process_certificate(ssl, 0 /* certificate required */) ||
435
- !ssl->method->hash_current_message(ssl)) {
436
- return ssl_hs_error;
437
- }
438
-
439
- /* Check the certificate matches the cipher suite.
440
- *
441
- * TODO(davidben): Remove this check when switching to the new TLS 1.3 cipher
442
- * suite negotiation. */
443
- if (!ssl_check_leaf_certificate(ssl, ssl->s3->new_session->peer)) {
444
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
433
+ static enum ssl_hs_wait_t do_process_server_certificate(SSL_HANDSHAKE *hs) {
434
+ SSL *const ssl = hs->ssl;
435
+ if (!ssl_check_message_type(ssl, SSL3_MT_CERTIFICATE) ||
436
+ !tls13_process_certificate(hs, 0 /* certificate required */) ||
437
+ !ssl_hash_current_message(hs)) {
445
438
  return ssl_hs_error;
446
439
  }
447
440
 
448
- hs->state = state_process_server_certificate_verify;
441
+ hs->tls13_state = state_process_server_certificate_verify;
449
442
  return ssl_hs_read_message;
450
443
  }
451
444
 
452
445
  static enum ssl_hs_wait_t do_process_server_certificate_verify(
453
- SSL *ssl, SSL_HANDSHAKE *hs) {
454
- if (!tls13_check_message_type(ssl, SSL3_MT_CERTIFICATE_VERIFY) ||
455
- !tls13_process_certificate_verify(ssl) ||
456
- !ssl->method->hash_current_message(ssl)) {
457
- return 0;
446
+ SSL_HANDSHAKE *hs) {
447
+ SSL *const ssl = hs->ssl;
448
+ if (!ssl_check_message_type(ssl, SSL3_MT_CERTIFICATE_VERIFY) ||
449
+ !tls13_process_certificate_verify(hs) ||
450
+ !ssl_hash_current_message(hs)) {
451
+ return ssl_hs_error;
458
452
  }
459
453
 
460
- hs->state = state_process_server_finished;
454
+ hs->tls13_state = state_process_server_finished;
461
455
  return ssl_hs_read_message;
462
456
  }
463
457
 
464
- static enum ssl_hs_wait_t do_process_server_finished(SSL *ssl,
465
- SSL_HANDSHAKE *hs) {
466
- static const uint8_t kZeroes[EVP_MAX_MD_SIZE] = {0};
467
-
468
- if (!tls13_check_message_type(ssl, SSL3_MT_FINISHED) ||
469
- !tls13_process_finished(ssl) ||
470
- !ssl->method->hash_current_message(ssl) ||
458
+ static enum ssl_hs_wait_t do_process_server_finished(SSL_HANDSHAKE *hs) {
459
+ SSL *const ssl = hs->ssl;
460
+ if (!ssl_check_message_type(ssl, SSL3_MT_FINISHED) ||
461
+ !tls13_process_finished(hs) ||
462
+ !ssl_hash_current_message(hs) ||
471
463
  /* Update the secret to the master secret and derive traffic keys. */
472
- !tls13_advance_key_schedule(ssl, kZeroes, hs->hash_len) ||
473
- !tls13_derive_traffic_secret_0(ssl)) {
464
+ !tls13_advance_key_schedule(hs, kZeroes, hs->hash_len) ||
465
+ !tls13_derive_application_secrets(hs)) {
474
466
  return ssl_hs_error;
475
467
  }
476
468
 
477
469
  ssl->method->received_flight(ssl);
478
- hs->state = state_certificate_callback;
470
+ hs->tls13_state = state_send_client_certificate;
479
471
  return ssl_hs_ok;
480
472
  }
481
473
 
482
- static enum ssl_hs_wait_t do_certificate_callback(SSL *ssl, SSL_HANDSHAKE *hs) {
474
+ static enum ssl_hs_wait_t do_send_client_certificate(SSL_HANDSHAKE *hs) {
475
+ SSL *const ssl = hs->ssl;
483
476
  /* The peer didn't request a certificate. */
484
- if (!ssl->s3->tmp.cert_request) {
485
- hs->state = state_send_client_finished;
477
+ if (!hs->cert_request) {
478
+ hs->tls13_state = state_complete_second_flight;
486
479
  return ssl_hs_ok;
487
480
  }
488
481
 
@@ -495,51 +488,36 @@ static enum ssl_hs_wait_t do_certificate_callback(SSL *ssl, SSL_HANDSHAKE *hs) {
495
488
  return ssl_hs_error;
496
489
  }
497
490
  if (rv < 0) {
498
- hs->state = state_certificate_callback;
499
- return ssl_hs_x509_lookup;
500
- }
501
- }
502
-
503
- hs->state = state_send_client_certificate;
504
- return ssl_hs_ok;
505
- }
506
-
507
- static enum ssl_hs_wait_t do_send_client_certificate(SSL *ssl,
508
- SSL_HANDSHAKE *hs) {
509
- /* Call client_cert_cb to update the certificate. */
510
- int should_retry;
511
- if (!ssl_do_client_cert_cb(ssl, &should_retry)) {
512
- if (should_retry) {
513
- hs->state = state_send_client_certificate;
491
+ hs->tls13_state = state_send_client_certificate;
514
492
  return ssl_hs_x509_lookup;
515
493
  }
516
- return ssl_hs_error;
517
494
  }
518
495
 
519
- if (!tls13_prepare_certificate(ssl)) {
496
+ if (!ssl_auto_chain_if_needed(ssl) ||
497
+ !tls13_add_certificate(hs)) {
520
498
  return ssl_hs_error;
521
499
  }
522
500
 
523
- hs->state = state_send_client_certificate_verify;
524
- return ssl_hs_write_message;
501
+ hs->tls13_state = state_send_client_certificate_verify;
502
+ return ssl_hs_ok;
525
503
  }
526
504
 
527
- static enum ssl_hs_wait_t do_send_client_certificate_verify(SSL *ssl,
528
- SSL_HANDSHAKE *hs,
505
+ static enum ssl_hs_wait_t do_send_client_certificate_verify(SSL_HANDSHAKE *hs,
529
506
  int is_first_run) {
507
+ SSL *const ssl = hs->ssl;
530
508
  /* Don't send CertificateVerify if there is no certificate. */
531
509
  if (!ssl_has_certificate(ssl)) {
532
- hs->state = state_send_client_finished;
510
+ hs->tls13_state = state_complete_second_flight;
533
511
  return ssl_hs_ok;
534
512
  }
535
513
 
536
- switch (tls13_prepare_certificate_verify(ssl, is_first_run)) {
514
+ switch (tls13_add_certificate_verify(hs, is_first_run)) {
537
515
  case ssl_private_key_success:
538
- hs->state = state_send_client_finished;
539
- return ssl_hs_write_message;
516
+ hs->tls13_state = state_complete_second_flight;
517
+ return ssl_hs_ok;
540
518
 
541
519
  case ssl_private_key_retry:
542
- hs->state = state_complete_client_certificate_verify;
520
+ hs->tls13_state = state_complete_client_certificate_verify;
543
521
  return ssl_hs_private_key_operation;
544
522
 
545
523
  case ssl_private_key_failure:
@@ -550,79 +528,87 @@ static enum ssl_hs_wait_t do_send_client_certificate_verify(SSL *ssl,
550
528
  return ssl_hs_error;
551
529
  }
552
530
 
553
- static enum ssl_hs_wait_t do_send_client_finished(SSL *ssl, SSL_HANDSHAKE *hs) {
554
- if (!tls13_prepare_finished(ssl)) {
555
- return ssl_hs_error;
531
+ static enum ssl_hs_wait_t do_complete_second_flight(SSL_HANDSHAKE *hs) {
532
+ SSL *const ssl = hs->ssl;
533
+
534
+ /* Send a Channel ID assertion if necessary. */
535
+ if (ssl->s3->tlsext_channel_id_valid) {
536
+ if (!ssl_do_channel_id_callback(ssl)) {
537
+ hs->tls13_state = state_complete_second_flight;
538
+ return ssl_hs_error;
539
+ }
540
+
541
+ if (ssl->tlsext_channel_id_private == NULL) {
542
+ return ssl_hs_channel_id_lookup;
543
+ }
544
+
545
+ CBB cbb, body;
546
+ if (!ssl->method->init_message(ssl, &cbb, &body, SSL3_MT_CHANNEL_ID) ||
547
+ !tls1_write_channel_id(hs, &body) ||
548
+ !ssl_add_message_cbb(ssl, &cbb)) {
549
+ CBB_cleanup(&cbb);
550
+ return ssl_hs_error;
551
+ }
556
552
  }
557
553
 
558
- hs->state = state_flush;
559
- return ssl_hs_write_message;
560
- }
554
+ /* Send a Finished message. */
555
+ if (!tls13_add_finished(hs)) {
556
+ return ssl_hs_error;
557
+ }
561
558
 
562
- static enum ssl_hs_wait_t do_flush(SSL *ssl, SSL_HANDSHAKE *hs) {
563
- if (!tls13_set_traffic_key(ssl, type_data, evp_aead_open,
564
- hs->traffic_secret_0, hs->hash_len) ||
565
- !tls13_set_traffic_key(ssl, type_data, evp_aead_seal,
566
- hs->traffic_secret_0, hs->hash_len) ||
567
- !tls13_finalize_keys(ssl)) {
559
+ /* Derive the final keys and enable them. */
560
+ if (!tls13_set_traffic_key(ssl, evp_aead_open, hs->server_traffic_secret_0,
561
+ hs->hash_len) ||
562
+ !tls13_set_traffic_key(ssl, evp_aead_seal, hs->client_traffic_secret_0,
563
+ hs->hash_len) ||
564
+ !tls13_derive_resumption_secret(hs)) {
568
565
  return ssl_hs_error;
569
566
  }
570
567
 
571
- hs->state = state_done;
568
+ hs->tls13_state = state_done;
572
569
  return ssl_hs_flush;
573
570
  }
574
571
 
575
- enum ssl_hs_wait_t tls13_client_handshake(SSL *ssl) {
576
- SSL_HANDSHAKE *hs = ssl->s3->hs;
577
-
578
- while (hs->state != state_done) {
572
+ enum ssl_hs_wait_t tls13_client_handshake(SSL_HANDSHAKE *hs) {
573
+ while (hs->tls13_state != state_done) {
579
574
  enum ssl_hs_wait_t ret = ssl_hs_error;
580
- enum client_hs_state_t state = hs->state;
575
+ enum client_hs_state_t state = hs->tls13_state;
581
576
  switch (state) {
582
577
  case state_process_hello_retry_request:
583
- ret = do_process_hello_retry_request(ssl, hs);
578
+ ret = do_process_hello_retry_request(hs);
584
579
  break;
585
580
  case state_send_second_client_hello:
586
- ret = do_send_second_client_hello(ssl, hs);
587
- break;
588
- case state_flush_second_client_hello:
589
- ret = do_flush_second_client_hello(ssl, hs);
581
+ ret = do_send_second_client_hello(hs);
590
582
  break;
591
583
  case state_process_server_hello:
592
- ret = do_process_server_hello(ssl, hs);
584
+ ret = do_process_server_hello(hs);
593
585
  break;
594
586
  case state_process_encrypted_extensions:
595
- ret = do_process_encrypted_extensions(ssl, hs);
587
+ ret = do_process_encrypted_extensions(hs);
596
588
  break;
597
589
  case state_process_certificate_request:
598
- ret = do_process_certificate_request(ssl, hs);
590
+ ret = do_process_certificate_request(hs);
599
591
  break;
600
592
  case state_process_server_certificate:
601
- ret = do_process_server_certificate(ssl, hs);
593
+ ret = do_process_server_certificate(hs);
602
594
  break;
603
595
  case state_process_server_certificate_verify:
604
- ret = do_process_server_certificate_verify(ssl, hs);
596
+ ret = do_process_server_certificate_verify(hs);
605
597
  break;
606
598
  case state_process_server_finished:
607
- ret = do_process_server_finished(ssl, hs);
608
- break;
609
- case state_certificate_callback:
610
- ret = do_certificate_callback(ssl, hs);
599
+ ret = do_process_server_finished(hs);
611
600
  break;
612
601
  case state_send_client_certificate:
613
- ret = do_send_client_certificate(ssl, hs);
602
+ ret = do_send_client_certificate(hs);
614
603
  break;
615
604
  case state_send_client_certificate_verify:
616
- ret = do_send_client_certificate_verify(ssl, hs, 1 /* first run */);
617
- break;
605
+ ret = do_send_client_certificate_verify(hs, 1 /* first run */);
606
+ break;
618
607
  case state_complete_client_certificate_verify:
619
- ret = do_send_client_certificate_verify(ssl, hs, 0 /* complete */);
620
- break;
621
- case state_send_client_finished:
622
- ret = do_send_client_finished(ssl, hs);
608
+ ret = do_send_client_certificate_verify(hs, 0 /* complete */);
623
609
  break;
624
- case state_flush:
625
- ret = do_flush(ssl, hs);
610
+ case state_complete_second_flight:
611
+ ret = do_complete_second_flight(hs);
626
612
  break;
627
613
  case state_done:
628
614
  ret = ssl_hs_ok;
@@ -638,26 +624,67 @@ enum ssl_hs_wait_t tls13_client_handshake(SSL *ssl) {
638
624
  }
639
625
 
640
626
  int tls13_process_new_session_ticket(SSL *ssl) {
641
- SSL_SESSION *session =
642
- SSL_SESSION_dup(ssl->s3->established_session,
643
- SSL_SESSION_INCLUDE_NONAUTH);
627
+ int ret = 0;
628
+ SSL_SESSION *session = SSL_SESSION_dup(ssl->s3->established_session,
629
+ SSL_SESSION_INCLUDE_NONAUTH);
644
630
  if (session == NULL) {
645
631
  return 0;
646
632
  }
647
633
 
648
- CBS cbs, extensions, ticket;
634
+ ssl_session_rebase_time(ssl, session);
635
+
636
+ uint32_t server_timeout;
637
+ CBS cbs, ticket, extensions;
649
638
  CBS_init(&cbs, ssl->init_msg, ssl->init_num);
650
- if (!CBS_get_u32(&cbs, &session->tlsext_tick_lifetime_hint) ||
651
- !CBS_get_u32(&cbs, &session->ticket_flags) ||
639
+ if (!CBS_get_u32(&cbs, &server_timeout) ||
652
640
  !CBS_get_u32(&cbs, &session->ticket_age_add) ||
653
- !CBS_get_u16_length_prefixed(&cbs, &extensions) ||
654
641
  !CBS_get_u16_length_prefixed(&cbs, &ticket) ||
655
642
  !CBS_stow(&ticket, &session->tlsext_tick, &session->tlsext_ticklen) ||
643
+ !CBS_get_u16_length_prefixed(&cbs, &extensions) ||
656
644
  CBS_len(&cbs) != 0) {
657
- SSL_SESSION_free(session);
658
645
  ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
659
646
  OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
660
- return 0;
647
+ goto err;
648
+ }
649
+
650
+ /* Cap the renewable lifetime by the server advertised value. This avoids
651
+ * wasting bandwidth on 0-RTT when we know the server will reject it.
652
+ *
653
+ * TODO(davidben): This dance where we're not sure if long or uint32_t is
654
+ * bigger is silly. session->timeout should not be a long to begin with.
655
+ * https://crbug.com/boringssl/155. */
656
+ #if LONG_MAX < 0xffffffff
657
+ if (server_timeout > LONG_MAX) {
658
+ server_timeout = LONG_MAX;
659
+ }
660
+ #endif
661
+ if (session->timeout > (long)server_timeout) {
662
+ session->timeout = (long)server_timeout;
663
+ }
664
+
665
+ /* Parse out the extensions. */
666
+ int have_early_data_info = 0;
667
+ CBS early_data_info;
668
+ const SSL_EXTENSION_TYPE ext_types[] = {
669
+ {TLSEXT_TYPE_ticket_early_data_info, &have_early_data_info,
670
+ &early_data_info},
671
+ };
672
+
673
+ uint8_t alert = SSL_AD_DECODE_ERROR;
674
+ if (!ssl_parse_extensions(&extensions, &alert, ext_types,
675
+ OPENSSL_ARRAY_SIZE(ext_types),
676
+ 1 /* ignore unknown */)) {
677
+ ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
678
+ goto err;
679
+ }
680
+
681
+ if (have_early_data_info && ssl->ctx->enable_early_data) {
682
+ if (!CBS_get_u32(&early_data_info, &session->ticket_max_early_data) ||
683
+ CBS_len(&early_data_info) != 0) {
684
+ ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
685
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
686
+ goto err;
687
+ }
661
688
  }
662
689
 
663
690
  session->ticket_age_add_valid = 1;
@@ -666,17 +693,20 @@ int tls13_process_new_session_ticket(SSL *ssl) {
666
693
  if (ssl->ctx->new_session_cb != NULL &&
667
694
  ssl->ctx->new_session_cb(ssl, session)) {
668
695
  /* |new_session_cb|'s return value signals that it took ownership. */
669
- return 1;
696
+ session = NULL;
670
697
  }
671
698
 
699
+ ret = 1;
700
+
701
+ err:
672
702
  SSL_SESSION_free(session);
673
- return 1;
703
+ return ret;
674
704
  }
675
705
 
676
- void ssl_clear_tls13_state(SSL *ssl) {
677
- SSL_ECDH_CTX_cleanup(&ssl->s3->hs->ecdh_ctx);
706
+ void ssl_clear_tls13_state(SSL_HANDSHAKE *hs) {
707
+ SSL_ECDH_CTX_cleanup(&hs->ecdh_ctx);
678
708
 
679
- OPENSSL_free(ssl->s3->hs->key_share_bytes);
680
- ssl->s3->hs->key_share_bytes = NULL;
681
- ssl->s3->hs->key_share_bytes_len = 0;
709
+ OPENSSL_free(hs->key_share_bytes);
710
+ hs->key_share_bytes = NULL;
711
+ hs->key_share_bytes_len = 0;
682
712
  }