grpc 1.50.0-x86_64-linux → 1.52.0.pre2-x86_64-linux

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of grpc might be problematic. Click here for more details.

Files changed (2569) hide show
  1. checksums.yaml +4 -4
  2. data/grpc_c.32-msvcrt.ruby +0 -0
  3. data/grpc_c.64-msvcrt.ruby +0 -0
  4. data/grpc_c.64-ucrt.ruby +0 -0
  5. data/src/ruby/ext/grpc/{ext-export-truffleruby.clang → ext-export-truffleruby-with-ruby-abi-version.clang} +0 -0
  6. data/src/ruby/ext/grpc/{ext-export-truffleruby.gcc → ext-export-truffleruby-with-ruby-abi-version.gcc} +0 -0
  7. data/src/ruby/ext/grpc/ext-export-with-ruby-abi-version.clang +2 -0
  8. data/src/ruby/ext/grpc/ext-export-with-ruby-abi-version.gcc +7 -0
  9. data/src/ruby/ext/grpc/ext-export.clang +0 -1
  10. data/src/ruby/ext/grpc/ext-export.gcc +1 -2
  11. data/src/ruby/ext/grpc/extconf.rb +47 -2
  12. data/src/ruby/ext/grpc/rb_call.c +1 -0
  13. data/src/ruby/ext/grpc/rb_channel.c +1 -0
  14. data/src/ruby/ext/grpc/rb_channel_args.c +1 -0
  15. data/src/ruby/ext/grpc/rb_compression_options.c +1 -1
  16. data/src/ruby/ext/grpc/rb_grpc.c +1 -0
  17. data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +38 -38
  18. data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +59 -59
  19. data/src/ruby/lib/grpc/2.7/grpc_c.so +0 -0
  20. data/src/ruby/lib/grpc/3.0/grpc_c.so +0 -0
  21. data/src/ruby/lib/grpc/3.1/grpc_c.so +0 -0
  22. data/src/ruby/lib/grpc/{grpc_c.so → 3.2/grpc_c.so} +0 -0
  23. data/src/ruby/lib/grpc/generic/bidi_call.rb +2 -0
  24. data/src/ruby/lib/grpc/version.rb +1 -1
  25. data/src/ruby/spec/channel_spec.rb +0 -43
  26. data/src/ruby/spec/client_server_spec.rb +20 -8
  27. data/src/ruby/spec/generic/active_call_spec.rb +12 -3
  28. metadata +28 -2564
  29. data/.yardopts +0 -1
  30. data/Makefile +0 -3169
  31. data/include/grpc/byte_buffer.h +0 -27
  32. data/include/grpc/byte_buffer_reader.h +0 -26
  33. data/include/grpc/census.h +0 -40
  34. data/include/grpc/compression.h +0 -75
  35. data/include/grpc/event_engine/README.md +0 -38
  36. data/include/grpc/event_engine/endpoint_config.h +0 -49
  37. data/include/grpc/event_engine/event_engine.h +0 -446
  38. data/include/grpc/event_engine/internal/memory_allocator_impl.h +0 -68
  39. data/include/grpc/event_engine/memory_allocator.h +0 -211
  40. data/include/grpc/event_engine/memory_request.h +0 -57
  41. data/include/grpc/event_engine/port.h +0 -39
  42. data/include/grpc/event_engine/slice.h +0 -286
  43. data/include/grpc/event_engine/slice_buffer.h +0 -118
  44. data/include/grpc/fork.h +0 -26
  45. data/include/grpc/grpc.h +0 -605
  46. data/include/grpc/grpc_cronet.h +0 -38
  47. data/include/grpc/grpc_posix.h +0 -63
  48. data/include/grpc/grpc_security.h +0 -1270
  49. data/include/grpc/grpc_security_constants.h +0 -152
  50. data/include/grpc/impl/codegen/README.md +0 -22
  51. data/include/grpc/impl/codegen/atm.h +0 -97
  52. data/include/grpc/impl/codegen/atm_gcc_atomic.h +0 -84
  53. data/include/grpc/impl/codegen/atm_gcc_sync.h +0 -85
  54. data/include/grpc/impl/codegen/atm_windows.h +0 -132
  55. data/include/grpc/impl/codegen/byte_buffer.h +0 -103
  56. data/include/grpc/impl/codegen/byte_buffer_reader.h +0 -44
  57. data/include/grpc/impl/codegen/compression_types.h +0 -109
  58. data/include/grpc/impl/codegen/connectivity_state.h +0 -47
  59. data/include/grpc/impl/codegen/fork.h +0 -50
  60. data/include/grpc/impl/codegen/gpr_slice.h +0 -71
  61. data/include/grpc/impl/codegen/gpr_types.h +0 -62
  62. data/include/grpc/impl/codegen/grpc_types.h +0 -818
  63. data/include/grpc/impl/codegen/log.h +0 -112
  64. data/include/grpc/impl/codegen/port_platform.h +0 -782
  65. data/include/grpc/impl/codegen/propagation_bits.h +0 -54
  66. data/include/grpc/impl/codegen/slice.h +0 -132
  67. data/include/grpc/impl/codegen/status.h +0 -156
  68. data/include/grpc/impl/codegen/sync.h +0 -68
  69. data/include/grpc/impl/codegen/sync_abseil.h +0 -38
  70. data/include/grpc/impl/codegen/sync_custom.h +0 -40
  71. data/include/grpc/impl/codegen/sync_generic.h +0 -51
  72. data/include/grpc/impl/codegen/sync_posix.h +0 -54
  73. data/include/grpc/impl/codegen/sync_windows.h +0 -42
  74. data/include/grpc/load_reporting.h +0 -48
  75. data/include/grpc/module.modulemap +0 -64
  76. data/include/grpc/slice.h +0 -161
  77. data/include/grpc/slice_buffer.h +0 -84
  78. data/include/grpc/status.h +0 -26
  79. data/include/grpc/support/alloc.h +0 -52
  80. data/include/grpc/support/atm.h +0 -26
  81. data/include/grpc/support/atm_gcc_atomic.h +0 -26
  82. data/include/grpc/support/atm_gcc_sync.h +0 -26
  83. data/include/grpc/support/atm_windows.h +0 -26
  84. data/include/grpc/support/cpu.h +0 -44
  85. data/include/grpc/support/log.h +0 -26
  86. data/include/grpc/support/log_windows.h +0 -38
  87. data/include/grpc/support/port_platform.h +0 -24
  88. data/include/grpc/support/string_util.h +0 -51
  89. data/include/grpc/support/sync.h +0 -282
  90. data/include/grpc/support/sync_abseil.h +0 -26
  91. data/include/grpc/support/sync_custom.h +0 -26
  92. data/include/grpc/support/sync_generic.h +0 -26
  93. data/include/grpc/support/sync_posix.h +0 -26
  94. data/include/grpc/support/sync_windows.h +0 -26
  95. data/include/grpc/support/thd_id.h +0 -44
  96. data/include/grpc/support/time.h +0 -92
  97. data/include/grpc/support/workaround_list.h +0 -31
  98. data/src/core/ext/filters/census/grpc_context.cc +0 -42
  99. data/src/core/ext/filters/channel_idle/channel_idle_filter.cc +0 -309
  100. data/src/core/ext/filters/channel_idle/channel_idle_filter.h +0 -141
  101. data/src/core/ext/filters/channel_idle/idle_filter_state.cc +0 -96
  102. data/src/core/ext/filters/channel_idle/idle_filter_state.h +0 -68
  103. data/src/core/ext/filters/client_channel/backend_metric.cc +0 -84
  104. data/src/core/ext/filters/client_channel/backend_metric.h +0 -47
  105. data/src/core/ext/filters/client_channel/backup_poller.cc +0 -187
  106. data/src/core/ext/filters/client_channel/backup_poller.h +0 -40
  107. data/src/core/ext/filters/client_channel/channel_connectivity.cc +0 -242
  108. data/src/core/ext/filters/client_channel/client_channel.cc +0 -3208
  109. data/src/core/ext/filters/client_channel/client_channel.h +0 -627
  110. data/src/core/ext/filters/client_channel/client_channel_channelz.cc +0 -94
  111. data/src/core/ext/filters/client_channel/client_channel_channelz.h +0 -85
  112. data/src/core/ext/filters/client_channel/client_channel_factory.cc +0 -32
  113. data/src/core/ext/filters/client_channel/client_channel_factory.h +0 -46
  114. data/src/core/ext/filters/client_channel/client_channel_plugin.cc +0 -42
  115. data/src/core/ext/filters/client_channel/config_selector.cc +0 -60
  116. data/src/core/ext/filters/client_channel/config_selector.h +0 -155
  117. data/src/core/ext/filters/client_channel/connector.h +0 -84
  118. data/src/core/ext/filters/client_channel/dynamic_filters.cc +0 -202
  119. data/src/core/ext/filters/client_channel/dynamic_filters.h +0 -109
  120. data/src/core/ext/filters/client_channel/global_subchannel_pool.cc +0 -65
  121. data/src/core/ext/filters/client_channel/global_subchannel_pool.h +0 -63
  122. data/src/core/ext/filters/client_channel/health/health_check_client.cc +0 -176
  123. data/src/core/ext/filters/client_channel/health/health_check_client.h +0 -43
  124. data/src/core/ext/filters/client_channel/http_proxy.cc +0 -201
  125. data/src/core/ext/filters/client_channel/http_proxy.h +0 -52
  126. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +0 -101
  127. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +0 -103
  128. data/src/core/ext/filters/client_channel/lb_policy/backend_metric_data.h +0 -49
  129. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +0 -320
  130. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.h +0 -89
  131. data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +0 -149
  132. data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.h +0 -30
  133. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +0 -1942
  134. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.h +0 -40
  135. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +0 -89
  136. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.h +0 -41
  137. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +0 -92
  138. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +0 -82
  139. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +0 -202
  140. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +0 -76
  141. data/src/core/ext/filters/client_channel/lb_policy/oob_backend_metric.cc +0 -416
  142. data/src/core/ext/filters/client_channel/lb_policy/oob_backend_metric.h +0 -57
  143. data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.cc +0 -1140
  144. data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.h +0 -94
  145. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +0 -545
  146. data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +0 -954
  147. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +0 -891
  148. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.h +0 -47
  149. data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +0 -2513
  150. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +0 -531
  151. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +0 -439
  152. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +0 -775
  153. data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +0 -772
  154. data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +0 -66
  155. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_channel_args.h +0 -29
  156. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +0 -800
  157. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +0 -731
  158. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +0 -1300
  159. data/src/core/ext/filters/client_channel/local_subchannel_pool.cc +0 -60
  160. data/src/core/ext/filters/client_channel/local_subchannel_pool.h +0 -59
  161. data/src/core/ext/filters/client_channel/resolver/binder/binder_resolver.cc +0 -149
  162. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +0 -877
  163. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +0 -91
  164. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +0 -116
  165. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +0 -883
  166. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +0 -1206
  167. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +0 -137
  168. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_posix.cc +0 -29
  169. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_windows.cc +0 -35
  170. data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.cc +0 -30
  171. data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.h +0 -30
  172. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +0 -203
  173. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +0 -370
  174. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +0 -110
  175. data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +0 -464
  176. data/src/core/ext/filters/client_channel/resolver/polling_resolver.cc +0 -259
  177. data/src/core/ext/filters/client_channel/resolver/polling_resolver.h +0 -123
  178. data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +0 -193
  179. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +0 -1130
  180. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.h +0 -30
  181. data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +0 -188
  182. data/src/core/ext/filters/client_channel/resolver_result_parsing.h +0 -108
  183. data/src/core/ext/filters/client_channel/retry_filter.cc +0 -2683
  184. data/src/core/ext/filters/client_channel/retry_filter.h +0 -31
  185. data/src/core/ext/filters/client_channel/retry_service_config.cc +0 -324
  186. data/src/core/ext/filters/client_channel/retry_service_config.h +0 -108
  187. data/src/core/ext/filters/client_channel/retry_throttle.cc +0 -141
  188. data/src/core/ext/filters/client_channel/retry_throttle.h +0 -91
  189. data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +0 -174
  190. data/src/core/ext/filters/client_channel/subchannel.cc +0 -978
  191. data/src/core/ext/filters/client_channel/subchannel.h +0 -435
  192. data/src/core/ext/filters/client_channel/subchannel_interface_internal.h +0 -38
  193. data/src/core/ext/filters/client_channel/subchannel_pool_interface.cc +0 -66
  194. data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +0 -100
  195. data/src/core/ext/filters/client_channel/subchannel_stream_client.cc +0 -471
  196. data/src/core/ext/filters/client_channel/subchannel_stream_client.h +0 -222
  197. data/src/core/ext/filters/deadline/deadline_filter.cc +0 -401
  198. data/src/core/ext/filters/deadline/deadline_filter.h +0 -93
  199. data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +0 -279
  200. data/src/core/ext/filters/fault_injection/fault_injection_filter.h +0 -75
  201. data/src/core/ext/filters/fault_injection/service_config_parser.cc +0 -187
  202. data/src/core/ext/filters/fault_injection/service_config_parser.h +0 -104
  203. data/src/core/ext/filters/http/client/http_client_filter.cc +0 -159
  204. data/src/core/ext/filters/http/client/http_client_filter.h +0 -61
  205. data/src/core/ext/filters/http/client_authority_filter.cc +0 -90
  206. data/src/core/ext/filters/http/client_authority_filter.h +0 -56
  207. data/src/core/ext/filters/http/http_filters_plugin.cc +0 -97
  208. data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +0 -332
  209. data/src/core/ext/filters/http/message_compress/message_compress_filter.h +0 -52
  210. data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +0 -322
  211. data/src/core/ext/filters/http/message_compress/message_decompress_filter.h +0 -32
  212. data/src/core/ext/filters/http/server/http_server_filter.cc +0 -160
  213. data/src/core/ext/filters/http/server/http_server_filter.h +0 -63
  214. data/src/core/ext/filters/message_size/message_size_filter.cc +0 -404
  215. data/src/core/ext/filters/message_size/message_size_filter.h +0 -83
  216. data/src/core/ext/filters/rbac/rbac_filter.cc +0 -174
  217. data/src/core/ext/filters/rbac/rbac_filter.h +0 -84
  218. data/src/core/ext/filters/rbac/rbac_service_config_parser.cc +0 -621
  219. data/src/core/ext/filters/rbac/rbac_service_config_parser.h +0 -85
  220. data/src/core/ext/filters/server_config_selector/server_config_selector.cc +0 -62
  221. data/src/core/ext/filters/server_config_selector/server_config_selector.h +0 -85
  222. data/src/core/ext/filters/server_config_selector/server_config_selector_filter.cc +0 -161
  223. data/src/core/ext/filters/server_config_selector/server_config_selector_filter.h +0 -33
  224. data/src/core/ext/transport/chttp2/alpn/alpn.cc +0 -45
  225. data/src/core/ext/transport/chttp2/alpn/alpn.h +0 -36
  226. data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +0 -438
  227. data/src/core/ext/transport/chttp2/client/chttp2_connector.h +0 -77
  228. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +0 -1109
  229. data/src/core/ext/transport/chttp2/server/chttp2_server.h +0 -47
  230. data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +0 -252
  231. data/src/core/ext/transport/chttp2/transport/bin_decoder.h +0 -58
  232. data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +0 -232
  233. data/src/core/ext/transport/chttp2/transport/bin_encoder.h +0 -42
  234. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +0 -3004
  235. data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +0 -77
  236. data/src/core/ext/transport/chttp2/transport/context_list.cc +0 -71
  237. data/src/core/ext/transport/chttp2/transport/context_list.h +0 -54
  238. data/src/core/ext/transport/chttp2/transport/decode_huff.cc +0 -287
  239. data/src/core/ext/transport/chttp2/transport/decode_huff.h +0 -1018
  240. data/src/core/ext/transport/chttp2/transport/flow_control.cc +0 -411
  241. data/src/core/ext/transport/chttp2/transport/flow_control.h +0 -385
  242. data/src/core/ext/transport/chttp2/transport/frame.h +0 -43
  243. data/src/core/ext/transport/chttp2/transport/frame_data.cc +0 -155
  244. data/src/core/ext/transport/chttp2/transport/frame_data.h +0 -60
  245. data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +0 -190
  246. data/src/core/ext/transport/chttp2/transport/frame_goaway.h +0 -65
  247. data/src/core/ext/transport/chttp2/transport/frame_ping.cc +0 -136
  248. data/src/core/ext/transport/chttp2/transport/frame_ping.h +0 -49
  249. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +0 -127
  250. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +0 -54
  251. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +0 -243
  252. data/src/core/ext/transport/chttp2/transport/frame_settings.h +0 -66
  253. data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +0 -121
  254. data/src/core/ext/transport/chttp2/transport/frame_window_update.h +0 -46
  255. data/src/core/ext/transport/chttp2/transport/hpack_constants.h +0 -47
  256. data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +0 -668
  257. data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +0 -236
  258. data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc +0 -88
  259. data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.h +0 -80
  260. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +0 -1390
  261. data/src/core/ext/transport/chttp2/transport/hpack_parser.h +0 -142
  262. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +0 -246
  263. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +0 -137
  264. data/src/core/ext/transport/chttp2/transport/http2_settings.cc +0 -62
  265. data/src/core/ext/transport/chttp2/transport/http2_settings.h +0 -60
  266. data/src/core/ext/transport/chttp2/transport/huffsyms.cc +0 -92
  267. data/src/core/ext/transport/chttp2/transport/huffsyms.h +0 -32
  268. data/src/core/ext/transport/chttp2/transport/internal.h +0 -787
  269. data/src/core/ext/transport/chttp2/transport/parsing.cc +0 -731
  270. data/src/core/ext/transport/chttp2/transport/stream_lists.cc +0 -216
  271. data/src/core/ext/transport/chttp2/transport/stream_map.cc +0 -177
  272. data/src/core/ext/transport/chttp2/transport/stream_map.h +0 -68
  273. data/src/core/ext/transport/chttp2/transport/varint.cc +0 -62
  274. data/src/core/ext/transport/chttp2/transport/varint.h +0 -73
  275. data/src/core/ext/transport/chttp2/transport/writing.cc +0 -683
  276. data/src/core/ext/transport/inproc/inproc_plugin.cc +0 -23
  277. data/src/core/ext/transport/inproc/inproc_transport.cc +0 -1292
  278. data/src/core/ext/transport/inproc/inproc_transport.h +0 -34
  279. data/src/core/ext/upb-generated/envoy/admin/v3/certs.upb.c +0 -117
  280. data/src/core/ext/upb-generated/envoy/admin/v3/certs.upb.h +0 -502
  281. data/src/core/ext/upb-generated/envoy/admin/v3/clusters.upb.c +0 -121
  282. data/src/core/ext/upb-generated/envoy/admin/v3/clusters.upb.h +0 -569
  283. data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.c +0 -125
  284. data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.h +0 -516
  285. data/src/core/ext/upb-generated/envoy/admin/v3/config_dump_shared.upb.c +0 -352
  286. data/src/core/ext/upb-generated/envoy/admin/v3/config_dump_shared.upb.h +0 -1768
  287. data/src/core/ext/upb-generated/envoy/admin/v3/init_dump.upb.c +0 -56
  288. data/src/core/ext/upb-generated/envoy/admin/v3/init_dump.upb.h +0 -159
  289. data/src/core/ext/upb-generated/envoy/admin/v3/listeners.upb.c +0 -64
  290. data/src/core/ext/upb-generated/envoy/admin/v3/listeners.upb.h +0 -189
  291. data/src/core/ext/upb-generated/envoy/admin/v3/memory.upb.c +0 -46
  292. data/src/core/ext/upb-generated/envoy/admin/v3/memory.upb.h +0 -128
  293. data/src/core/ext/upb-generated/envoy/admin/v3/metrics.upb.c +0 -43
  294. data/src/core/ext/upb-generated/envoy/admin/v3/metrics.upb.h +0 -106
  295. data/src/core/ext/upb-generated/envoy/admin/v3/mutex_stats.upb.c +0 -43
  296. data/src/core/ext/upb-generated/envoy/admin/v3/mutex_stats.upb.h +0 -101
  297. data/src/core/ext/upb-generated/envoy/admin/v3/server_info.upb.c +0 -106
  298. data/src/core/ext/upb-generated/envoy/admin/v3/server_info.upb.h +0 -613
  299. data/src/core/ext/upb-generated/envoy/admin/v3/tap.upb.c +0 -48
  300. data/src/core/ext/upb-generated/envoy/admin/v3/tap.upb.h +0 -107
  301. data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.c +0 -60
  302. data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +0 -81
  303. data/src/core/ext/upb-generated/envoy/annotations/resource.upb.c +0 -53
  304. data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +0 -103
  305. data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +0 -270
  306. data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.h +0 -1300
  307. data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +0 -413
  308. data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +0 -2251
  309. data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.c +0 -95
  310. data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.h +0 -394
  311. data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +0 -544
  312. data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +0 -3066
  313. data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.c +0 -48
  314. data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.h +0 -107
  315. data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.c +0 -89
  316. data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +0 -549
  317. data/src/core/ext/upb-generated/envoy/config/common/matcher/v3/matcher.upb.c +0 -299
  318. data/src/core/ext/upb-generated/envoy/config/common/matcher/v3/matcher.upb.h +0 -1437
  319. data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.c +0 -145
  320. data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.h +0 -664
  321. data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.c +0 -49
  322. data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.h +0 -120
  323. data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +0 -421
  324. data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +0 -1891
  325. data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +0 -163
  326. data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +0 -806
  327. data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.c +0 -47
  328. data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.h +0 -104
  329. data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.c +0 -47
  330. data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.h +0 -107
  331. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_method_list.upb.c +0 -58
  332. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_method_list.upb.h +0 -159
  333. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.c +0 -269
  334. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.h +0 -1329
  335. data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +0 -220
  336. data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +0 -1255
  337. data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.c +0 -49
  338. data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.h +0 -126
  339. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +0 -323
  340. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +0 -1759
  341. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +0 -40
  342. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +0 -88
  343. data/src/core/ext/upb-generated/envoy/config/core/v3/resolver.upb.c +0 -60
  344. data/src/core/ext/upb-generated/envoy/config/core/v3/resolver.upb.h +0 -177
  345. data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.c +0 -47
  346. data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.h +0 -148
  347. data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +0 -56
  348. data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +0 -182
  349. data/src/core/ext/upb-generated/envoy/config/core/v3/udp_socket_config.upb.c +0 -48
  350. data/src/core/ext/upb-generated/envoy/config/core/v3/udp_socket_config.upb.h +0 -122
  351. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +0 -106
  352. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.h +0 -360
  353. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.c +0 -144
  354. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.h +0 -647
  355. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.c +0 -129
  356. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.h +0 -588
  357. data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.c +0 -46
  358. data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.h +0 -98
  359. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +0 -189
  360. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +0 -1041
  361. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +0 -186
  362. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +0 -969
  363. data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.c +0 -63
  364. data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.h +0 -238
  365. data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +0 -59
  366. data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.h +0 -186
  367. data/src/core/ext/upb-generated/envoy/config/metrics/v3/metrics_service.upb.c +0 -53
  368. data/src/core/ext/upb-generated/envoy/config/metrics/v3/metrics_service.upb.h +0 -140
  369. data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.c +0 -165
  370. data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.h +0 -748
  371. data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.c +0 -174
  372. data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.h +0 -757
  373. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +0 -221
  374. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +0 -1094
  375. data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +0 -86
  376. data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +0 -402
  377. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +0 -1096
  378. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +0 -6440
  379. data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.c +0 -79
  380. data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.h +0 -267
  381. data/src/core/ext/upb-generated/envoy/config/tap/v3/common.upb.c +0 -241
  382. data/src/core/ext/upb-generated/envoy/config/tap/v3/common.upb.h +0 -1191
  383. data/src/core/ext/upb-generated/envoy/config/trace/v3/datadog.upb.c +0 -44
  384. data/src/core/ext/upb-generated/envoy/config/trace/v3/datadog.upb.h +0 -92
  385. data/src/core/ext/upb-generated/envoy/config/trace/v3/dynamic_ot.upb.c +0 -49
  386. data/src/core/ext/upb-generated/envoy/config/trace/v3/dynamic_ot.upb.h +0 -107
  387. data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +0 -63
  388. data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.h +0 -175
  389. data/src/core/ext/upb-generated/envoy/config/trace/v3/lightstep.upb.c +0 -52
  390. data/src/core/ext/upb-generated/envoy/config/trace/v3/lightstep.upb.h +0 -138
  391. data/src/core/ext/upb-generated/envoy/config/trace/v3/opencensus.upb.c +0 -63
  392. data/src/core/ext/upb-generated/envoy/config/trace/v3/opencensus.upb.h +0 -254
  393. data/src/core/ext/upb-generated/envoy/config/trace/v3/opentelemetry.upb.c +0 -46
  394. data/src/core/ext/upb-generated/envoy/config/trace/v3/opentelemetry.upb.h +0 -98
  395. data/src/core/ext/upb-generated/envoy/config/trace/v3/service.upb.c +0 -47
  396. data/src/core/ext/upb-generated/envoy/config/trace/v3/service.upb.h +0 -98
  397. data/src/core/ext/upb-generated/envoy/config/trace/v3/skywalking.upb.c +0 -69
  398. data/src/core/ext/upb-generated/envoy/config/trace/v3/skywalking.upb.h +0 -221
  399. data/src/core/ext/upb-generated/envoy/config/trace/v3/trace.upb.c +0 -33
  400. data/src/core/ext/upb-generated/envoy/config/trace/v3/trace.upb.h +0 -43
  401. data/src/core/ext/upb-generated/envoy/config/trace/v3/xray.upb.c +0 -71
  402. data/src/core/ext/upb-generated/envoy/config/trace/v3/xray.upb.h +0 -226
  403. data/src/core/ext/upb-generated/envoy/config/trace/v3/zipkin.upb.c +0 -54
  404. data/src/core/ext/upb-generated/envoy/config/trace/v3/zipkin.upb.h +0 -150
  405. data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c +0 -42
  406. data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h +0 -89
  407. data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c +0 -96
  408. data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h +0 -395
  409. data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c +0 -94
  410. data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h +0 -445
  411. data/src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.c +0 -71
  412. data/src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.h +0 -237
  413. data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c +0 -55
  414. data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h +0 -172
  415. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +0 -471
  416. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +0 -2731
  417. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.c +0 -52
  418. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.h +0 -168
  419. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/wrr_locality/v3/wrr_locality.upb.c +0 -46
  420. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/wrr_locality/v3/wrr_locality.upb.h +0 -98
  421. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c +0 -28
  422. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.h +0 -38
  423. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +0 -177
  424. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +0 -932
  425. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +0 -88
  426. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +0 -320
  427. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +0 -191
  428. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +0 -1063
  429. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.upb.c +0 -62
  430. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.upb.h +0 -168
  431. data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.c +0 -38
  432. data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.h +0 -74
  433. data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +0 -280
  434. data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +0 -1375
  435. data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +0 -68
  436. data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.h +0 -218
  437. data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.c +0 -138
  438. data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.h +0 -651
  439. data/src/core/ext/upb-generated/envoy/type/http/v3/cookie.upb.c +0 -48
  440. data/src/core/ext/upb-generated/envoy/type/http/v3/cookie.upb.h +0 -116
  441. data/src/core/ext/upb-generated/envoy/type/http/v3/path_transformation.upb.c +0 -76
  442. data/src/core/ext/upb-generated/envoy/type/http/v3/path_transformation.upb.h +0 -265
  443. data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.c +0 -74
  444. data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.h +0 -230
  445. data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c +0 -62
  446. data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.h +0 -196
  447. data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.c +0 -49
  448. data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.h +0 -121
  449. data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c +0 -48
  450. data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.h +0 -117
  451. data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.c +0 -47
  452. data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.h +0 -104
  453. data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c +0 -80
  454. data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.h +0 -246
  455. data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +0 -67
  456. data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.h +0 -226
  457. data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.c +0 -60
  458. data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.h +0 -178
  459. data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c +0 -78
  460. data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.h +0 -306
  461. data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.c +0 -107
  462. data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.h +0 -457
  463. data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.c +0 -107
  464. data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.h +0 -439
  465. data/src/core/ext/upb-generated/envoy/type/v3/hash_policy.upb.c +0 -66
  466. data/src/core/ext/upb-generated/envoy/type/v3/hash_policy.upb.h +0 -213
  467. data/src/core/ext/upb-generated/envoy/type/v3/http.upb.c +0 -26
  468. data/src/core/ext/upb-generated/envoy/type/v3/http.upb.h +0 -39
  469. data/src/core/ext/upb-generated/envoy/type/v3/http_status.upb.c +0 -42
  470. data/src/core/ext/upb-generated/envoy/type/v3/http_status.upb.h +0 -143
  471. data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.c +0 -54
  472. data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.h +0 -147
  473. data/src/core/ext/upb-generated/envoy/type/v3/range.upb.c +0 -66
  474. data/src/core/ext/upb-generated/envoy/type/v3/range.upb.h +0 -208
  475. data/src/core/ext/upb-generated/envoy/type/v3/ratelimit_strategy.upb.c +0 -63
  476. data/src/core/ext/upb-generated/envoy/type/v3/ratelimit_strategy.upb.h +0 -202
  477. data/src/core/ext/upb-generated/envoy/type/v3/ratelimit_unit.upb.c +0 -26
  478. data/src/core/ext/upb-generated/envoy/type/v3/ratelimit_unit.upb.h +0 -41
  479. data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.c +0 -43
  480. data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.h +0 -101
  481. data/src/core/ext/upb-generated/envoy/type/v3/token_bucket.upb.c +0 -51
  482. data/src/core/ext/upb-generated/envoy/type/v3/token_bucket.upb.h +0 -131
  483. data/src/core/ext/upb-generated/google/api/annotations.upb.c +0 -40
  484. data/src/core/ext/upb-generated/google/api/annotations.upb.h +0 -53
  485. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.c +0 -271
  486. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.h +0 -1280
  487. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +0 -283
  488. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +0 -1386
  489. data/src/core/ext/upb-generated/google/api/http.upb.c +0 -81
  490. data/src/core/ext/upb-generated/google/api/http.upb.h +0 -343
  491. data/src/core/ext/upb-generated/google/api/httpbody.upb.c +0 -46
  492. data/src/core/ext/upb-generated/google/api/httpbody.upb.h +0 -115
  493. data/src/core/ext/upb-generated/google/protobuf/any.upb.c +0 -40
  494. data/src/core/ext/upb-generated/google/protobuf/any.upb.h +0 -92
  495. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +0 -578
  496. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +0 -3217
  497. data/src/core/ext/upb-generated/google/protobuf/duration.upb.c +0 -40
  498. data/src/core/ext/upb-generated/google/protobuf/duration.upb.h +0 -92
  499. data/src/core/ext/upb-generated/google/protobuf/empty.upb.c +0 -35
  500. data/src/core/ext/upb-generated/google/protobuf/empty.upb.h +0 -74
  501. data/src/core/ext/upb-generated/google/protobuf/struct.upb.c +0 -95
  502. data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +0 -329
  503. data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.c +0 -40
  504. data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.h +0 -92
  505. data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.c +0 -127
  506. data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.h +0 -475
  507. data/src/core/ext/upb-generated/google/rpc/status.upb.c +0 -46
  508. data/src/core/ext/upb-generated/google/rpc/status.upb.h +0 -115
  509. data/src/core/ext/upb-generated/opencensus/proto/trace/v1/trace_config.upb.c +0 -84
  510. data/src/core/ext/upb-generated/opencensus/proto/trace/v1/trace_config.upb.h +0 -335
  511. data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.c +0 -63
  512. data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.h +0 -188
  513. data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +0 -240
  514. data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +0 -1173
  515. data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.c +0 -57
  516. data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.h +0 -182
  517. data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.c +0 -50
  518. data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.h +0 -139
  519. data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.c +0 -161
  520. data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +0 -705
  521. data/src/core/ext/upb-generated/src/proto/grpc/lookup/v1/rls.upb.c +0 -70
  522. data/src/core/ext/upb-generated/src/proto/grpc/lookup/v1/rls.upb.h +0 -216
  523. data/src/core/ext/upb-generated/src/proto/grpc/lookup/v1/rls_config.upb.c +0 -175
  524. data/src/core/ext/upb-generated/src/proto/grpc/lookup/v1/rls_config.upb.h +0 -792
  525. data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.c +0 -110
  526. data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +0 -290
  527. data/src/core/ext/upb-generated/udpa/annotations/security.upb.c +0 -55
  528. data/src/core/ext/upb-generated/udpa/annotations/security.upb.h +0 -112
  529. data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.c +0 -38
  530. data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +0 -46
  531. data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +0 -54
  532. data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +0 -119
  533. data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.c +0 -53
  534. data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.h +0 -103
  535. data/src/core/ext/upb-generated/validate/validate.upb.c +0 -560
  536. data/src/core/ext/upb-generated/validate/validate.upb.h +0 -4105
  537. data/src/core/ext/upb-generated/xds/annotations/v3/migrate.upb.c +0 -110
  538. data/src/core/ext/upb-generated/xds/annotations/v3/migrate.upb.h +0 -290
  539. data/src/core/ext/upb-generated/xds/annotations/v3/security.upb.c +0 -55
  540. data/src/core/ext/upb-generated/xds/annotations/v3/security.upb.h +0 -112
  541. data/src/core/ext/upb-generated/xds/annotations/v3/sensitive.upb.c +0 -38
  542. data/src/core/ext/upb-generated/xds/annotations/v3/sensitive.upb.h +0 -46
  543. data/src/core/ext/upb-generated/xds/annotations/v3/status.upb.c +0 -105
  544. data/src/core/ext/upb-generated/xds/annotations/v3/status.upb.h +0 -306
  545. data/src/core/ext/upb-generated/xds/annotations/v3/versioning.upb.c +0 -53
  546. data/src/core/ext/upb-generated/xds/annotations/v3/versioning.upb.h +0 -103
  547. data/src/core/ext/upb-generated/xds/core/v3/authority.upb.c +0 -41
  548. data/src/core/ext/upb-generated/xds/core/v3/authority.upb.h +0 -83
  549. data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.c +0 -66
  550. data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.h +0 -208
  551. data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.c +0 -56
  552. data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.h +0 -119
  553. data/src/core/ext/upb-generated/xds/core/v3/extension.upb.c +0 -46
  554. data/src/core/ext/upb-generated/xds/core/v3/extension.upb.h +0 -107
  555. data/src/core/ext/upb-generated/xds/core/v3/resource.upb.c +0 -49
  556. data/src/core/ext/upb-generated/xds/core/v3/resource.upb.h +0 -131
  557. data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.c +0 -68
  558. data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.h +0 -248
  559. data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.c +0 -49
  560. data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.h +0 -125
  561. data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.c +0 -73
  562. data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.h +0 -191
  563. data/src/core/ext/upb-generated/xds/service/orca/v3/orca.upb.c +0 -47
  564. data/src/core/ext/upb-generated/xds/service/orca/v3/orca.upb.h +0 -113
  565. data/src/core/ext/upb-generated/xds/type/matcher/v3/matcher.upb.c +0 -207
  566. data/src/core/ext/upb-generated/xds/type/matcher/v3/matcher.upb.h +0 -914
  567. data/src/core/ext/upb-generated/xds/type/matcher/v3/regex.upb.c +0 -52
  568. data/src/core/ext/upb-generated/xds/type/matcher/v3/regex.upb.h +0 -151
  569. data/src/core/ext/upb-generated/xds/type/matcher/v3/string.upb.c +0 -65
  570. data/src/core/ext/upb-generated/xds/type/matcher/v3/string.upb.h +0 -226
  571. data/src/core/ext/upb-generated/xds/type/v3/typed_struct.upb.c +0 -46
  572. data/src/core/ext/upb-generated/xds/type/v3/typed_struct.upb.h +0 -107
  573. data/src/core/ext/upbdefs-generated/envoy/admin/v3/certs.upbdefs.c +0 -84
  574. data/src/core/ext/upbdefs-generated/envoy/admin/v3/certs.upbdefs.h +0 -55
  575. data/src/core/ext/upbdefs-generated/envoy/admin/v3/clusters.upbdefs.c +0 -127
  576. data/src/core/ext/upbdefs-generated/envoy/admin/v3/clusters.upbdefs.h +0 -50
  577. data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.c +0 -102
  578. data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.h +0 -55
  579. data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump_shared.upbdefs.c +0 -256
  580. data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump_shared.upbdefs.h +0 -115
  581. data/src/core/ext/upbdefs-generated/envoy/admin/v3/init_dump.upbdefs.c +0 -43
  582. data/src/core/ext/upbdefs-generated/envoy/admin/v3/init_dump.upbdefs.h +0 -40
  583. data/src/core/ext/upbdefs-generated/envoy/admin/v3/listeners.upbdefs.c +0 -56
  584. data/src/core/ext/upbdefs-generated/envoy/admin/v3/listeners.upbdefs.h +0 -40
  585. data/src/core/ext/upbdefs-generated/envoy/admin/v3/memory.upbdefs.c +0 -49
  586. data/src/core/ext/upbdefs-generated/envoy/admin/v3/memory.upbdefs.h +0 -35
  587. data/src/core/ext/upbdefs-generated/envoy/admin/v3/metrics.upbdefs.c +0 -46
  588. data/src/core/ext/upbdefs-generated/envoy/admin/v3/metrics.upbdefs.h +0 -35
  589. data/src/core/ext/upbdefs-generated/envoy/admin/v3/mutex_stats.upbdefs.c +0 -46
  590. data/src/core/ext/upbdefs-generated/envoy/admin/v3/mutex_stats.upbdefs.h +0 -35
  591. data/src/core/ext/upbdefs-generated/envoy/admin/v3/server_info.upbdefs.c +0 -142
  592. data/src/core/ext/upbdefs-generated/envoy/admin/v3/server_info.upbdefs.h +0 -40
  593. data/src/core/ext/upbdefs-generated/envoy/admin/v3/tap.upbdefs.c +0 -51
  594. data/src/core/ext/upbdefs-generated/envoy/admin/v3/tap.upbdefs.h +0 -35
  595. data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.c +0 -48
  596. data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.h +0 -30
  597. data/src/core/ext/upbdefs-generated/envoy/annotations/resource.upbdefs.c +0 -38
  598. data/src/core/ext/upbdefs-generated/envoy/annotations/resource.upbdefs.h +0 -35
  599. data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +0 -222
  600. data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.h +0 -105
  601. data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +0 -397
  602. data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.h +0 -120
  603. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/circuit_breaker.upbdefs.c +0 -98
  604. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/circuit_breaker.upbdefs.h +0 -45
  605. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +0 -559
  606. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.h +0 -155
  607. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/filter.upbdefs.c +0 -51
  608. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/filter.upbdefs.h +0 -35
  609. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.c +0 -138
  610. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.h +0 -35
  611. data/src/core/ext/upbdefs-generated/envoy/config/common/matcher/v3/matcher.upbdefs.c +0 -206
  612. data/src/core/ext/upbdefs-generated/envoy/config/common/matcher/v3/matcher.upbdefs.h +0 -105
  613. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/address.upbdefs.c +0 -112
  614. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/address.upbdefs.h +0 -65
  615. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/backoff.upbdefs.c +0 -54
  616. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/backoff.upbdefs.h +0 -35
  617. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +0 -270
  618. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +0 -150
  619. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +0 -168
  620. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.h +0 -65
  621. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/event_service_config.upbdefs.c +0 -53
  622. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/event_service_config.upbdefs.h +0 -35
  623. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/extension.upbdefs.c +0 -47
  624. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/extension.upbdefs.h +0 -35
  625. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_method_list.upbdefs.c +0 -53
  626. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_method_list.upbdefs.h +0 -40
  627. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_service.upbdefs.c +0 -235
  628. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_service.upbdefs.h +0 -100
  629. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.c +0 -228
  630. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.h +0 -75
  631. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/http_uri.upbdefs.c +0 -53
  632. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/http_uri.upbdefs.h +0 -35
  633. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +0 -300
  634. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.h +0 -110
  635. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +0 -41
  636. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.h +0 -35
  637. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/resolver.upbdefs.c +0 -55
  638. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/resolver.upbdefs.h +0 -40
  639. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/socket_option.upbdefs.c +0 -57
  640. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/socket_option.upbdefs.h +0 -35
  641. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.c +0 -70
  642. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.h +0 -35
  643. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/udp_socket_config.upbdefs.c +0 -49
  644. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/udp_socket_config.upbdefs.h +0 -35
  645. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.c +0 -99
  646. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.h +0 -50
  647. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.c +0 -128
  648. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.h +0 -60
  649. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/load_report.upbdefs.c +0 -136
  650. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/load_report.upbdefs.h +0 -55
  651. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/api_listener.upbdefs.c +0 -48
  652. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/api_listener.upbdefs.h +0 -35
  653. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +0 -220
  654. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +0 -65
  655. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +0 -190
  656. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.h +0 -65
  657. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.c +0 -88
  658. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.h +0 -35
  659. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c +0 -71
  660. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.h +0 -40
  661. data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/metrics_service.upbdefs.c +0 -69
  662. data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/metrics_service.upbdefs.h +0 -35
  663. data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c +0 -125
  664. data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h +0 -70
  665. data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c +0 -134
  666. data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h +0 -75
  667. data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c +0 -194
  668. data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h +0 -75
  669. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +0 -112
  670. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h +0 -40
  671. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +0 -939
  672. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +0 -305
  673. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.c +0 -77
  674. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.h +0 -45
  675. data/src/core/ext/upbdefs-generated/envoy/config/tap/v3/common.upbdefs.c +0 -199
  676. data/src/core/ext/upbdefs-generated/envoy/config/tap/v3/common.upbdefs.h +0 -90
  677. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/datadog.upbdefs.c +0 -54
  678. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/datadog.upbdefs.h +0 -35
  679. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/dynamic_ot.upbdefs.c +0 -57
  680. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/dynamic_ot.upbdefs.h +0 -35
  681. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.c +0 -57
  682. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.h +0 -40
  683. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/lightstep.upbdefs.c +0 -72
  684. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/lightstep.upbdefs.h +0 -35
  685. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opencensus.upbdefs.c +0 -99
  686. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opencensus.upbdefs.h +0 -35
  687. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opentelemetry.upbdefs.c +0 -47
  688. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opentelemetry.upbdefs.h +0 -35
  689. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/service.upbdefs.c +0 -52
  690. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/service.upbdefs.h +0 -35
  691. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/skywalking.upbdefs.c +0 -71
  692. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/skywalking.upbdefs.h +0 -40
  693. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/trace.upbdefs.c +0 -61
  694. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/trace.upbdefs.h +0 -30
  695. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/xray.upbdefs.c +0 -75
  696. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/xray.upbdefs.h +0 -40
  697. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/zipkin.upbdefs.c +0 -77
  698. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/zipkin.upbdefs.h +0 -35
  699. data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c +0 -50
  700. data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h +0 -35
  701. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c +0 -92
  702. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h +0 -55
  703. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c +0 -117
  704. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h +0 -45
  705. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.c +0 -80
  706. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.h +0 -40
  707. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c +0 -78
  708. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h +0 -35
  709. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +0 -562
  710. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.h +0 -130
  711. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c +0 -48
  712. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.h +0 -30
  713. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +0 -213
  714. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.h +0 -65
  715. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.c +0 -91
  716. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.h +0 -45
  717. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +0 -254
  718. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.h +0 -65
  719. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.upbdefs.c +0 -58
  720. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.upbdefs.h +0 -40
  721. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.c +0 -58
  722. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.h +0 -35
  723. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.c +0 -197
  724. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.h +0 -100
  725. data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +0 -76
  726. data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.h +0 -40
  727. data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +0 -153
  728. data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.h +0 -55
  729. data/src/core/ext/upbdefs-generated/envoy/type/http/v3/cookie.upbdefs.c +0 -46
  730. data/src/core/ext/upbdefs-generated/envoy/type/http/v3/cookie.upbdefs.h +0 -35
  731. data/src/core/ext/upbdefs-generated/envoy/type/http/v3/path_transformation.upbdefs.c +0 -56
  732. data/src/core/ext/upbdefs-generated/envoy/type/http/v3/path_transformation.upbdefs.h +0 -50
  733. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.c +0 -52
  734. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.h +0 -50
  735. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.c +0 -61
  736. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.h +0 -40
  737. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.c +0 -54
  738. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.h +0 -35
  739. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/number.upbdefs.c +0 -52
  740. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/number.upbdefs.h +0 -35
  741. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/path.upbdefs.c +0 -51
  742. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/path.upbdefs.h +0 -35
  743. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.c +0 -71
  744. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.h +0 -45
  745. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.c +0 -65
  746. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.h +0 -40
  747. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.c +0 -58
  748. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.h +0 -40
  749. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/value.upbdefs.c +0 -75
  750. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/value.upbdefs.h +0 -45
  751. data/src/core/ext/upbdefs-generated/envoy/type/metadata/v3/metadata.upbdefs.c +0 -78
  752. data/src/core/ext/upbdefs-generated/envoy/type/metadata/v3/metadata.upbdefs.h +0 -65
  753. data/src/core/ext/upbdefs-generated/envoy/type/tracing/v3/custom_tag.upbdefs.c +0 -85
  754. data/src/core/ext/upbdefs-generated/envoy/type/tracing/v3/custom_tag.upbdefs.h +0 -55
  755. data/src/core/ext/upbdefs-generated/envoy/type/v3/hash_policy.upbdefs.c +0 -53
  756. data/src/core/ext/upbdefs-generated/envoy/type/v3/hash_policy.upbdefs.h +0 -45
  757. data/src/core/ext/upbdefs-generated/envoy/type/v3/http.upbdefs.c +0 -36
  758. data/src/core/ext/upbdefs-generated/envoy/type/v3/http.upbdefs.h +0 -30
  759. data/src/core/ext/upbdefs-generated/envoy/type/v3/http_status.upbdefs.c +0 -94
  760. data/src/core/ext/upbdefs-generated/envoy/type/v3/http_status.upbdefs.h +0 -35
  761. data/src/core/ext/upbdefs-generated/envoy/type/v3/percent.upbdefs.c +0 -54
  762. data/src/core/ext/upbdefs-generated/envoy/type/v3/percent.upbdefs.h +0 -40
  763. data/src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.c +0 -48
  764. data/src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.h +0 -45
  765. data/src/core/ext/upbdefs-generated/envoy/type/v3/ratelimit_strategy.upbdefs.c +0 -69
  766. data/src/core/ext/upbdefs-generated/envoy/type/v3/ratelimit_strategy.upbdefs.h +0 -40
  767. data/src/core/ext/upbdefs-generated/envoy/type/v3/ratelimit_unit.upbdefs.c +0 -38
  768. data/src/core/ext/upbdefs-generated/envoy/type/v3/ratelimit_unit.upbdefs.h +0 -30
  769. data/src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.c +0 -44
  770. data/src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.h +0 -35
  771. data/src/core/ext/upbdefs-generated/envoy/type/v3/token_bucket.upbdefs.c +0 -57
  772. data/src/core/ext/upbdefs-generated/envoy/type/v3/token_bucket.upbdefs.h +0 -35
  773. data/src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c +0 -40
  774. data/src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.h +0 -30
  775. data/src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.c +0 -154
  776. data/src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.h +0 -95
  777. data/src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.c +0 -153
  778. data/src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.h +0 -100
  779. data/src/core/ext/upbdefs-generated/google/api/http.upbdefs.c +0 -52
  780. data/src/core/ext/upbdefs-generated/google/api/http.upbdefs.h +0 -45
  781. data/src/core/ext/upbdefs-generated/google/api/httpbody.upbdefs.c +0 -39
  782. data/src/core/ext/upbdefs-generated/google/api/httpbody.upbdefs.h +0 -35
  783. data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c +0 -34
  784. data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.h +0 -35
  785. data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c +0 -331
  786. data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.h +0 -165
  787. data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.c +0 -35
  788. data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.h +0 -35
  789. data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.c +0 -32
  790. data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.h +0 -35
  791. data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.c +0 -54
  792. data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.h +0 -50
  793. data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.c +0 -35
  794. data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.h +0 -35
  795. data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.c +0 -45
  796. data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.h +0 -75
  797. data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.c +0 -37
  798. data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.h +0 -35
  799. data/src/core/ext/upbdefs-generated/opencensus/proto/trace/v1/trace_config.upbdefs.c +0 -67
  800. data/src/core/ext/upbdefs-generated/opencensus/proto/trace/v1/trace_config.upbdefs.h +0 -50
  801. data/src/core/ext/upbdefs-generated/src/proto/grpc/lookup/v1/rls_config.upbdefs.c +0 -99
  802. data/src/core/ext/upbdefs-generated/src/proto/grpc/lookup/v1/rls_config.upbdefs.h +0 -75
  803. data/src/core/ext/upbdefs-generated/udpa/annotations/migrate.upbdefs.c +0 -62
  804. data/src/core/ext/upbdefs-generated/udpa/annotations/migrate.upbdefs.h +0 -45
  805. data/src/core/ext/upbdefs-generated/udpa/annotations/security.upbdefs.c +0 -47
  806. data/src/core/ext/upbdefs-generated/udpa/annotations/security.upbdefs.h +0 -35
  807. data/src/core/ext/upbdefs-generated/udpa/annotations/sensitive.upbdefs.c +0 -34
  808. data/src/core/ext/upbdefs-generated/udpa/annotations/sensitive.upbdefs.h +0 -30
  809. data/src/core/ext/upbdefs-generated/udpa/annotations/status.upbdefs.c +0 -46
  810. data/src/core/ext/upbdefs-generated/udpa/annotations/status.upbdefs.h +0 -35
  811. data/src/core/ext/upbdefs-generated/udpa/annotations/versioning.upbdefs.c +0 -39
  812. data/src/core/ext/upbdefs-generated/udpa/annotations/versioning.upbdefs.h +0 -35
  813. data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.c +0 -283
  814. data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.h +0 -145
  815. data/src/core/ext/upbdefs-generated/xds/annotations/v3/migrate.upbdefs.c +0 -63
  816. data/src/core/ext/upbdefs-generated/xds/annotations/v3/migrate.upbdefs.h +0 -45
  817. data/src/core/ext/upbdefs-generated/xds/annotations/v3/security.upbdefs.c +0 -47
  818. data/src/core/ext/upbdefs-generated/xds/annotations/v3/security.upbdefs.h +0 -35
  819. data/src/core/ext/upbdefs-generated/xds/annotations/v3/sensitive.upbdefs.c +0 -35
  820. data/src/core/ext/upbdefs-generated/xds/annotations/v3/sensitive.upbdefs.h +0 -30
  821. data/src/core/ext/upbdefs-generated/xds/annotations/v3/status.upbdefs.c +0 -64
  822. data/src/core/ext/upbdefs-generated/xds/annotations/v3/status.upbdefs.h +0 -50
  823. data/src/core/ext/upbdefs-generated/xds/annotations/v3/versioning.upbdefs.c +0 -40
  824. data/src/core/ext/upbdefs-generated/xds/annotations/v3/versioning.upbdefs.h +0 -35
  825. data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.c +0 -38
  826. data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.h +0 -35
  827. data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.c +0 -56
  828. data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.h +0 -40
  829. data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.c +0 -39
  830. data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.h +0 -40
  831. data/src/core/ext/upbdefs-generated/xds/core/v3/extension.upbdefs.c +0 -41
  832. data/src/core/ext/upbdefs-generated/xds/core/v3/extension.upbdefs.h +0 -35
  833. data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.c +0 -45
  834. data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.h +0 -35
  835. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.c +0 -61
  836. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.h +0 -40
  837. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.c +0 -46
  838. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.h +0 -35
  839. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/matcher.upbdefs.c +0 -126
  840. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/matcher.upbdefs.h +0 -80
  841. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/regex.upbdefs.c +0 -40
  842. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/regex.upbdefs.h +0 -40
  843. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/string.upbdefs.c +0 -52
  844. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/string.upbdefs.h +0 -40
  845. data/src/core/ext/upbdefs-generated/xds/type/v3/typed_struct.upbdefs.c +0 -40
  846. data/src/core/ext/upbdefs-generated/xds/type/v3/typed_struct.upbdefs.h +0 -35
  847. data/src/core/ext/xds/certificate_provider_store.cc +0 -159
  848. data/src/core/ext/xds/certificate_provider_store.h +0 -138
  849. data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +0 -153
  850. data/src/core/ext/xds/file_watcher_certificate_provider_factory.h +0 -77
  851. data/src/core/ext/xds/upb_utils.h +0 -45
  852. data/src/core/ext/xds/xds_api.cc +0 -699
  853. data/src/core/ext/xds/xds_api.h +0 -196
  854. data/src/core/ext/xds/xds_bootstrap.cc +0 -38
  855. data/src/core/ext/xds/xds_bootstrap.h +0 -89
  856. data/src/core/ext/xds/xds_bootstrap_grpc.cc +0 -370
  857. data/src/core/ext/xds/xds_bootstrap_grpc.h +0 -169
  858. data/src/core/ext/xds/xds_certificate_provider.cc +0 -419
  859. data/src/core/ext/xds/xds_certificate_provider.h +0 -183
  860. data/src/core/ext/xds/xds_channel_args.h +0 -32
  861. data/src/core/ext/xds/xds_channel_stack_modifier.cc +0 -120
  862. data/src/core/ext/xds/xds_channel_stack_modifier.h +0 -65
  863. data/src/core/ext/xds/xds_client.cc +0 -2000
  864. data/src/core/ext/xds/xds_client.h +0 -336
  865. data/src/core/ext/xds/xds_client_grpc.cc +0 -229
  866. data/src/core/ext/xds/xds_client_grpc.h +0 -79
  867. data/src/core/ext/xds/xds_client_stats.cc +0 -159
  868. data/src/core/ext/xds/xds_client_stats.h +0 -242
  869. data/src/core/ext/xds/xds_cluster.cc +0 -551
  870. data/src/core/ext/xds/xds_cluster.h +0 -120
  871. data/src/core/ext/xds/xds_cluster_specifier_plugin.cc +0 -149
  872. data/src/core/ext/xds/xds_cluster_specifier_plugin.h +0 -73
  873. data/src/core/ext/xds/xds_common_types.cc +0 -434
  874. data/src/core/ext/xds/xds_common_types.h +0 -102
  875. data/src/core/ext/xds/xds_endpoint.cc +0 -383
  876. data/src/core/ext/xds/xds_endpoint.h +0 -142
  877. data/src/core/ext/xds/xds_http_fault_filter.cc +0 -222
  878. data/src/core/ext/xds/xds_http_fault_filter.h +0 -66
  879. data/src/core/ext/xds/xds_http_filters.cc +0 -129
  880. data/src/core/ext/xds/xds_http_filters.h +0 -133
  881. data/src/core/ext/xds/xds_http_rbac_filter.cc +0 -560
  882. data/src/core/ext/xds/xds_http_rbac_filter.h +0 -61
  883. data/src/core/ext/xds/xds_lb_policy_registry.cc +0 -290
  884. data/src/core/ext/xds/xds_lb_policy_registry.h +0 -72
  885. data/src/core/ext/xds/xds_listener.cc +0 -1102
  886. data/src/core/ext/xds/xds_listener.h +0 -228
  887. data/src/core/ext/xds/xds_resource_type.cc +0 -33
  888. data/src/core/ext/xds/xds_resource_type.h +0 -112
  889. data/src/core/ext/xds/xds_resource_type_impl.h +0 -91
  890. data/src/core/ext/xds/xds_route_config.cc +0 -1152
  891. data/src/core/ext/xds/xds_route_config.h +0 -241
  892. data/src/core/ext/xds/xds_routing.cc +0 -263
  893. data/src/core/ext/xds/xds_routing.h +0 -104
  894. data/src/core/ext/xds/xds_server_config_fetcher.cc +0 -1360
  895. data/src/core/ext/xds/xds_transport.h +0 -86
  896. data/src/core/ext/xds/xds_transport_grpc.cc +0 -357
  897. data/src/core/ext/xds/xds_transport_grpc.h +0 -135
  898. data/src/core/lib/address_utils/parse_address.cc +0 -339
  899. data/src/core/lib/address_utils/parse_address.h +0 -86
  900. data/src/core/lib/address_utils/sockaddr_utils.cc +0 -443
  901. data/src/core/lib/address_utils/sockaddr_utils.h +0 -100
  902. data/src/core/lib/avl/avl.h +0 -482
  903. data/src/core/lib/backoff/backoff.cc +0 -47
  904. data/src/core/lib/backoff/backoff.h +0 -89
  905. data/src/core/lib/channel/call_finalization.h +0 -88
  906. data/src/core/lib/channel/call_tracer.h +0 -94
  907. data/src/core/lib/channel/channel_args.cc +0 -626
  908. data/src/core/lib/channel/channel_args.h +0 -529
  909. data/src/core/lib/channel/channel_args_preconditioning.cc +0 -43
  910. data/src/core/lib/channel/channel_args_preconditioning.h +0 -62
  911. data/src/core/lib/channel/channel_fwd.h +0 -26
  912. data/src/core/lib/channel/channel_stack.cc +0 -311
  913. data/src/core/lib/channel/channel_stack.h +0 -381
  914. data/src/core/lib/channel/channel_stack_builder.cc +0 -54
  915. data/src/core/lib/channel/channel_stack_builder.h +0 -112
  916. data/src/core/lib/channel/channel_stack_builder_impl.cc +0 -95
  917. data/src/core/lib/channel/channel_stack_builder_impl.h +0 -46
  918. data/src/core/lib/channel/channel_trace.cc +0 -184
  919. data/src/core/lib/channel/channel_trace.h +0 -138
  920. data/src/core/lib/channel/channelz.cc +0 -583
  921. data/src/core/lib/channel/channelz.h +0 -374
  922. data/src/core/lib/channel/channelz_registry.cc +0 -277
  923. data/src/core/lib/channel/channelz_registry.h +0 -100
  924. data/src/core/lib/channel/connected_channel.cc +0 -241
  925. data/src/core/lib/channel/connected_channel.h +0 -36
  926. data/src/core/lib/channel/context.h +0 -63
  927. data/src/core/lib/channel/promise_based_filter.cc +0 -1262
  928. data/src/core/lib/channel/promise_based_filter.h +0 -571
  929. data/src/core/lib/channel/status_util.cc +0 -138
  930. data/src/core/lib/channel/status_util.h +0 -74
  931. data/src/core/lib/compression/compression.cc +0 -96
  932. data/src/core/lib/compression/compression_internal.cc +0 -249
  933. data/src/core/lib/compression/compression_internal.h +0 -93
  934. data/src/core/lib/compression/message_compress.cc +0 -194
  935. data/src/core/lib/compression/message_compress.h +0 -39
  936. data/src/core/lib/config/core_configuration.cc +0 -111
  937. data/src/core/lib/config/core_configuration.h +0 -243
  938. data/src/core/lib/debug/stats.cc +0 -165
  939. data/src/core/lib/debug/stats.h +0 -70
  940. data/src/core/lib/debug/stats_data.cc +0 -190
  941. data/src/core/lib/debug/stats_data.h +0 -151
  942. data/src/core/lib/debug/trace.cc +0 -153
  943. data/src/core/lib/debug/trace.h +0 -133
  944. data/src/core/lib/event_engine/channel_args_endpoint_config.cc +0 -40
  945. data/src/core/lib/event_engine/channel_args_endpoint_config.h +0 -49
  946. data/src/core/lib/event_engine/default_event_engine.cc +0 -71
  947. data/src/core/lib/event_engine/default_event_engine.h +0 -37
  948. data/src/core/lib/event_engine/default_event_engine_factory.cc +0 -50
  949. data/src/core/lib/event_engine/default_event_engine_factory.h +0 -33
  950. data/src/core/lib/event_engine/executor/executor.h +0 -38
  951. data/src/core/lib/event_engine/executor/threaded_executor.cc +0 -36
  952. data/src/core/lib/event_engine/executor/threaded_executor.h +0 -44
  953. data/src/core/lib/event_engine/forkable.cc +0 -101
  954. data/src/core/lib/event_engine/forkable.h +0 -61
  955. data/src/core/lib/event_engine/handle_containers.h +0 -67
  956. data/src/core/lib/event_engine/memory_allocator.cc +0 -74
  957. data/src/core/lib/event_engine/poller.h +0 -56
  958. data/src/core/lib/event_engine/posix_engine/posix_engine.cc +0 -142
  959. data/src/core/lib/event_engine/posix_engine/posix_engine.h +0 -121
  960. data/src/core/lib/event_engine/posix_engine/timer.cc +0 -311
  961. data/src/core/lib/event_engine/posix_engine/timer.h +0 -193
  962. data/src/core/lib/event_engine/posix_engine/timer_heap.cc +0 -107
  963. data/src/core/lib/event_engine/posix_engine/timer_heap.h +0 -56
  964. data/src/core/lib/event_engine/posix_engine/timer_manager.cc +0 -311
  965. data/src/core/lib/event_engine/posix_engine/timer_manager.h +0 -142
  966. data/src/core/lib/event_engine/resolved_address.cc +0 -41
  967. data/src/core/lib/event_engine/slice.cc +0 -102
  968. data/src/core/lib/event_engine/slice_buffer.cc +0 -50
  969. data/src/core/lib/event_engine/socket_notifier.h +0 -55
  970. data/src/core/lib/event_engine/thread_pool.cc +0 -195
  971. data/src/core/lib/event_engine/thread_pool.h +0 -114
  972. data/src/core/lib/event_engine/time_util.cc +0 -30
  973. data/src/core/lib/event_engine/time_util.h +0 -32
  974. data/src/core/lib/event_engine/trace.cc +0 -18
  975. data/src/core/lib/event_engine/trace.h +0 -30
  976. data/src/core/lib/event_engine/utils.cc +0 -44
  977. data/src/core/lib/event_engine/utils.h +0 -36
  978. data/src/core/lib/event_engine/windows/iocp.cc +0 -155
  979. data/src/core/lib/event_engine/windows/iocp.h +0 -69
  980. data/src/core/lib/event_engine/windows/win_socket.cc +0 -196
  981. data/src/core/lib/event_engine/windows/win_socket.h +0 -120
  982. data/src/core/lib/event_engine/windows/windows_engine.cc +0 -159
  983. data/src/core/lib/event_engine/windows/windows_engine.h +0 -120
  984. data/src/core/lib/experiments/config.cc +0 -146
  985. data/src/core/lib/experiments/config.h +0 -43
  986. data/src/core/lib/experiments/experiments.cc +0 -75
  987. data/src/core/lib/experiments/experiments.h +0 -56
  988. data/src/core/lib/gpr/alloc.cc +0 -68
  989. data/src/core/lib/gpr/alloc.h +0 -28
  990. data/src/core/lib/gpr/atm.cc +0 -35
  991. data/src/core/lib/gpr/cpu_iphone.cc +0 -44
  992. data/src/core/lib/gpr/cpu_linux.cc +0 -82
  993. data/src/core/lib/gpr/cpu_posix.cc +0 -83
  994. data/src/core/lib/gpr/cpu_windows.cc +0 -33
  995. data/src/core/lib/gpr/log.cc +0 -145
  996. data/src/core/lib/gpr/log_android.cc +0 -77
  997. data/src/core/lib/gpr/log_linux.cc +0 -114
  998. data/src/core/lib/gpr/log_posix.cc +0 -110
  999. data/src/core/lib/gpr/log_windows.cc +0 -115
  1000. data/src/core/lib/gpr/murmur_hash.cc +0 -82
  1001. data/src/core/lib/gpr/murmur_hash.h +0 -29
  1002. data/src/core/lib/gpr/spinlock.h +0 -53
  1003. data/src/core/lib/gpr/string.cc +0 -343
  1004. data/src/core/lib/gpr/string.h +0 -112
  1005. data/src/core/lib/gpr/string_posix.cc +0 -72
  1006. data/src/core/lib/gpr/string_util_windows.cc +0 -55
  1007. data/src/core/lib/gpr/string_windows.cc +0 -69
  1008. data/src/core/lib/gpr/sync.cc +0 -124
  1009. data/src/core/lib/gpr/sync_abseil.cc +0 -100
  1010. data/src/core/lib/gpr/sync_posix.cc +0 -157
  1011. data/src/core/lib/gpr/sync_windows.cc +0 -120
  1012. data/src/core/lib/gpr/time.cc +0 -267
  1013. data/src/core/lib/gpr/time_posix.cc +0 -177
  1014. data/src/core/lib/gpr/time_precise.cc +0 -168
  1015. data/src/core/lib/gpr/time_precise.h +0 -70
  1016. data/src/core/lib/gpr/time_windows.cc +0 -102
  1017. data/src/core/lib/gpr/tls.h +0 -156
  1018. data/src/core/lib/gpr/tmpfile.h +0 -32
  1019. data/src/core/lib/gpr/tmpfile_msys.cc +0 -58
  1020. data/src/core/lib/gpr/tmpfile_posix.cc +0 -69
  1021. data/src/core/lib/gpr/tmpfile_windows.cc +0 -67
  1022. data/src/core/lib/gpr/useful.h +0 -171
  1023. data/src/core/lib/gpr/wrap_memcpy.cc +0 -43
  1024. data/src/core/lib/gprpp/atomic_utils.h +0 -47
  1025. data/src/core/lib/gprpp/bitset.h +0 -201
  1026. data/src/core/lib/gprpp/chunked_vector.h +0 -257
  1027. data/src/core/lib/gprpp/construct_destruct.h +0 -40
  1028. data/src/core/lib/gprpp/cpp_impl_of.h +0 -49
  1029. data/src/core/lib/gprpp/debug_location.h +0 -87
  1030. data/src/core/lib/gprpp/dual_ref_counted.h +0 -327
  1031. data/src/core/lib/gprpp/env.h +0 -53
  1032. data/src/core/lib/gprpp/env_linux.cc +0 -80
  1033. data/src/core/lib/gprpp/env_posix.cc +0 -47
  1034. data/src/core/lib/gprpp/env_windows.cc +0 -56
  1035. data/src/core/lib/gprpp/examine_stack.cc +0 -43
  1036. data/src/core/lib/gprpp/examine_stack.h +0 -45
  1037. data/src/core/lib/gprpp/fork.cc +0 -233
  1038. data/src/core/lib/gprpp/fork.h +0 -95
  1039. data/src/core/lib/gprpp/global_config.h +0 -93
  1040. data/src/core/lib/gprpp/global_config_custom.h +0 -29
  1041. data/src/core/lib/gprpp/global_config_env.cc +0 -139
  1042. data/src/core/lib/gprpp/global_config_env.h +0 -133
  1043. data/src/core/lib/gprpp/global_config_generic.h +0 -40
  1044. data/src/core/lib/gprpp/host_port.cc +0 -114
  1045. data/src/core/lib/gprpp/host_port.h +0 -56
  1046. data/src/core/lib/gprpp/manual_constructor.h +0 -146
  1047. data/src/core/lib/gprpp/match.h +0 -75
  1048. data/src/core/lib/gprpp/memory.h +0 -53
  1049. data/src/core/lib/gprpp/mpscq.cc +0 -108
  1050. data/src/core/lib/gprpp/mpscq.h +0 -99
  1051. data/src/core/lib/gprpp/no_destruct.h +0 -94
  1052. data/src/core/lib/gprpp/notification.h +0 -67
  1053. data/src/core/lib/gprpp/orphanable.h +0 -122
  1054. data/src/core/lib/gprpp/overload.h +0 -59
  1055. data/src/core/lib/gprpp/packed_table.h +0 -40
  1056. data/src/core/lib/gprpp/ref_counted.h +0 -349
  1057. data/src/core/lib/gprpp/ref_counted_ptr.h +0 -337
  1058. data/src/core/lib/gprpp/single_set_ptr.h +0 -87
  1059. data/src/core/lib/gprpp/sorted_pack.h +0 -98
  1060. data/src/core/lib/gprpp/stat.h +0 -36
  1061. data/src/core/lib/gprpp/stat_posix.cc +0 -54
  1062. data/src/core/lib/gprpp/stat_windows.cc +0 -48
  1063. data/src/core/lib/gprpp/status_helper.cc +0 -454
  1064. data/src/core/lib/gprpp/status_helper.h +0 -191
  1065. data/src/core/lib/gprpp/sync.h +0 -200
  1066. data/src/core/lib/gprpp/table.h +0 -451
  1067. data/src/core/lib/gprpp/tchar.cc +0 -49
  1068. data/src/core/lib/gprpp/tchar.h +0 -33
  1069. data/src/core/lib/gprpp/thd.h +0 -171
  1070. data/src/core/lib/gprpp/thd_posix.cc +0 -211
  1071. data/src/core/lib/gprpp/thd_windows.cc +0 -173
  1072. data/src/core/lib/gprpp/time.cc +0 -235
  1073. data/src/core/lib/gprpp/time.h +0 -356
  1074. data/src/core/lib/gprpp/time_averaged_stats.cc +0 -60
  1075. data/src/core/lib/gprpp/time_averaged_stats.h +0 -79
  1076. data/src/core/lib/gprpp/time_util.cc +0 -81
  1077. data/src/core/lib/gprpp/time_util.h +0 -42
  1078. data/src/core/lib/gprpp/unique_type_name.h +0 -104
  1079. data/src/core/lib/gprpp/validation_errors.cc +0 -61
  1080. data/src/core/lib/gprpp/validation_errors.h +0 -110
  1081. data/src/core/lib/gprpp/work_serializer.cc +0 -247
  1082. data/src/core/lib/gprpp/work_serializer.h +0 -86
  1083. data/src/core/lib/handshaker/proxy_mapper.h +0 -53
  1084. data/src/core/lib/handshaker/proxy_mapper_registry.cc +0 -71
  1085. data/src/core/lib/handshaker/proxy_mapper_registry.h +0 -75
  1086. data/src/core/lib/http/format_request.cc +0 -137
  1087. data/src/core/lib/http/format_request.h +0 -38
  1088. data/src/core/lib/http/httpcli.cc +0 -397
  1089. data/src/core/lib/http/httpcli.h +0 -271
  1090. data/src/core/lib/http/httpcli_security_connector.cc +0 -215
  1091. data/src/core/lib/http/httpcli_ssl_credentials.h +0 -39
  1092. data/src/core/lib/http/parser.cc +0 -462
  1093. data/src/core/lib/http/parser.h +0 -130
  1094. data/src/core/lib/iomgr/block_annotate.h +0 -57
  1095. data/src/core/lib/iomgr/buffer_list.cc +0 -307
  1096. data/src/core/lib/iomgr/buffer_list.h +0 -163
  1097. data/src/core/lib/iomgr/call_combiner.cc +0 -257
  1098. data/src/core/lib/iomgr/call_combiner.h +0 -215
  1099. data/src/core/lib/iomgr/cfstream_handle.cc +0 -210
  1100. data/src/core/lib/iomgr/cfstream_handle.h +0 -90
  1101. data/src/core/lib/iomgr/closure.h +0 -266
  1102. data/src/core/lib/iomgr/combiner.cc +0 -330
  1103. data/src/core/lib/iomgr/combiner.h +0 -89
  1104. data/src/core/lib/iomgr/dualstack_socket_posix.cc +0 -48
  1105. data/src/core/lib/iomgr/dynamic_annotations.h +0 -67
  1106. data/src/core/lib/iomgr/endpoint.cc +0 -67
  1107. data/src/core/lib/iomgr/endpoint.h +0 -109
  1108. data/src/core/lib/iomgr/endpoint_cfstream.cc +0 -375
  1109. data/src/core/lib/iomgr/endpoint_cfstream.h +0 -49
  1110. data/src/core/lib/iomgr/endpoint_pair.h +0 -34
  1111. data/src/core/lib/iomgr/endpoint_pair_posix.cc +0 -81
  1112. data/src/core/lib/iomgr/endpoint_pair_windows.cc +0 -86
  1113. data/src/core/lib/iomgr/error.cc +0 -217
  1114. data/src/core/lib/iomgr/error.h +0 -299
  1115. data/src/core/lib/iomgr/error_cfstream.cc +0 -54
  1116. data/src/core/lib/iomgr/error_cfstream.h +0 -31
  1117. data/src/core/lib/iomgr/ev_apple.cc +0 -360
  1118. data/src/core/lib/iomgr/ev_apple.h +0 -43
  1119. data/src/core/lib/iomgr/ev_epoll1_linux.cc +0 -1367
  1120. data/src/core/lib/iomgr/ev_epoll1_linux.h +0 -31
  1121. data/src/core/lib/iomgr/ev_poll_posix.cc +0 -1448
  1122. data/src/core/lib/iomgr/ev_poll_posix.h +0 -29
  1123. data/src/core/lib/iomgr/ev_posix.cc +0 -375
  1124. data/src/core/lib/iomgr/ev_posix.h +0 -209
  1125. data/src/core/lib/iomgr/ev_windows.cc +0 -30
  1126. data/src/core/lib/iomgr/exec_ctx.cc +0 -133
  1127. data/src/core/lib/iomgr/exec_ctx.h +0 -334
  1128. data/src/core/lib/iomgr/executor.cc +0 -451
  1129. data/src/core/lib/iomgr/executor.h +0 -119
  1130. data/src/core/lib/iomgr/fork_posix.cc +0 -120
  1131. data/src/core/lib/iomgr/fork_windows.cc +0 -41
  1132. data/src/core/lib/iomgr/gethostname.h +0 -26
  1133. data/src/core/lib/iomgr/gethostname_fallback.cc +0 -30
  1134. data/src/core/lib/iomgr/gethostname_host_name_max.cc +0 -40
  1135. data/src/core/lib/iomgr/gethostname_sysconf.cc +0 -40
  1136. data/src/core/lib/iomgr/grpc_if_nametoindex.h +0 -30
  1137. data/src/core/lib/iomgr/grpc_if_nametoindex_posix.cc +0 -42
  1138. data/src/core/lib/iomgr/grpc_if_nametoindex_unsupported.cc +0 -38
  1139. data/src/core/lib/iomgr/internal_errqueue.cc +0 -59
  1140. data/src/core/lib/iomgr/internal_errqueue.h +0 -186
  1141. data/src/core/lib/iomgr/iocp_windows.cc +0 -157
  1142. data/src/core/lib/iomgr/iocp_windows.h +0 -48
  1143. data/src/core/lib/iomgr/iomgr.cc +0 -200
  1144. data/src/core/lib/iomgr/iomgr.h +0 -60
  1145. data/src/core/lib/iomgr/iomgr_fwd.h +0 -26
  1146. data/src/core/lib/iomgr/iomgr_internal.cc +0 -53
  1147. data/src/core/lib/iomgr/iomgr_internal.h +0 -74
  1148. data/src/core/lib/iomgr/iomgr_posix.cc +0 -91
  1149. data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +0 -201
  1150. data/src/core/lib/iomgr/iomgr_windows.cc +0 -105
  1151. data/src/core/lib/iomgr/load_file.cc +0 -81
  1152. data/src/core/lib/iomgr/load_file.h +0 -35
  1153. data/src/core/lib/iomgr/lockfree_event.cc +0 -261
  1154. data/src/core/lib/iomgr/lockfree_event.h +0 -72
  1155. data/src/core/lib/iomgr/nameser.h +0 -106
  1156. data/src/core/lib/iomgr/polling_entity.cc +0 -96
  1157. data/src/core/lib/iomgr/polling_entity.h +0 -74
  1158. data/src/core/lib/iomgr/pollset.cc +0 -56
  1159. data/src/core/lib/iomgr/pollset.h +0 -99
  1160. data/src/core/lib/iomgr/pollset_set.cc +0 -55
  1161. data/src/core/lib/iomgr/pollset_set.h +0 -53
  1162. data/src/core/lib/iomgr/pollset_set_windows.cc +0 -52
  1163. data/src/core/lib/iomgr/pollset_set_windows.h +0 -26
  1164. data/src/core/lib/iomgr/pollset_windows.cc +0 -243
  1165. data/src/core/lib/iomgr/pollset_windows.h +0 -70
  1166. data/src/core/lib/iomgr/port.h +0 -238
  1167. data/src/core/lib/iomgr/python_util.h +0 -47
  1168. data/src/core/lib/iomgr/resolve_address.cc +0 -44
  1169. data/src/core/lib/iomgr/resolve_address.h +0 -117
  1170. data/src/core/lib/iomgr/resolve_address_impl.h +0 -59
  1171. data/src/core/lib/iomgr/resolve_address_posix.cc +0 -215
  1172. data/src/core/lib/iomgr/resolve_address_posix.h +0 -64
  1173. data/src/core/lib/iomgr/resolve_address_windows.cc +0 -199
  1174. data/src/core/lib/iomgr/resolve_address_windows.h +0 -64
  1175. data/src/core/lib/iomgr/resolved_address.h +0 -39
  1176. data/src/core/lib/iomgr/sockaddr.h +0 -32
  1177. data/src/core/lib/iomgr/sockaddr_posix.h +0 -57
  1178. data/src/core/lib/iomgr/sockaddr_utils_posix.cc +0 -63
  1179. data/src/core/lib/iomgr/sockaddr_windows.h +0 -57
  1180. data/src/core/lib/iomgr/socket_factory_posix.cc +0 -95
  1181. data/src/core/lib/iomgr/socket_factory_posix.h +0 -69
  1182. data/src/core/lib/iomgr/socket_mutator.cc +0 -97
  1183. data/src/core/lib/iomgr/socket_mutator.h +0 -84
  1184. data/src/core/lib/iomgr/socket_utils.h +0 -47
  1185. data/src/core/lib/iomgr/socket_utils_common_posix.cc +0 -477
  1186. data/src/core/lib/iomgr/socket_utils_linux.cc +0 -42
  1187. data/src/core/lib/iomgr/socket_utils_posix.cc +0 -140
  1188. data/src/core/lib/iomgr/socket_utils_posix.h +0 -255
  1189. data/src/core/lib/iomgr/socket_utils_windows.cc +0 -47
  1190. data/src/core/lib/iomgr/socket_windows.cc +0 -202
  1191. data/src/core/lib/iomgr/socket_windows.h +0 -125
  1192. data/src/core/lib/iomgr/tcp_client.cc +0 -40
  1193. data/src/core/lib/iomgr/tcp_client.h +0 -66
  1194. data/src/core/lib/iomgr/tcp_client_cfstream.cc +0 -211
  1195. data/src/core/lib/iomgr/tcp_client_posix.cc +0 -473
  1196. data/src/core/lib/iomgr/tcp_client_posix.h +0 -72
  1197. data/src/core/lib/iomgr/tcp_client_windows.cc +0 -243
  1198. data/src/core/lib/iomgr/tcp_posix.cc +0 -2075
  1199. data/src/core/lib/iomgr/tcp_posix.h +0 -67
  1200. data/src/core/lib/iomgr/tcp_server.cc +0 -78
  1201. data/src/core/lib/iomgr/tcp_server.h +0 -150
  1202. data/src/core/lib/iomgr/tcp_server_posix.cc +0 -653
  1203. data/src/core/lib/iomgr/tcp_server_utils_posix.h +0 -129
  1204. data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +0 -227
  1205. data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +0 -179
  1206. data/src/core/lib/iomgr/tcp_server_utils_posix_noifaddrs.cc +0 -36
  1207. data/src/core/lib/iomgr/tcp_server_windows.cc +0 -568
  1208. data/src/core/lib/iomgr/tcp_windows.cc +0 -534
  1209. data/src/core/lib/iomgr/tcp_windows.h +0 -52
  1210. data/src/core/lib/iomgr/timer.cc +0 -46
  1211. data/src/core/lib/iomgr/timer.h +0 -136
  1212. data/src/core/lib/iomgr/timer_generic.cc +0 -735
  1213. data/src/core/lib/iomgr/timer_generic.h +0 -40
  1214. data/src/core/lib/iomgr/timer_heap.cc +0 -134
  1215. data/src/core/lib/iomgr/timer_heap.h +0 -43
  1216. data/src/core/lib/iomgr/timer_manager.cc +0 -363
  1217. data/src/core/lib/iomgr/timer_manager.h +0 -41
  1218. data/src/core/lib/iomgr/unix_sockets_posix.cc +0 -96
  1219. data/src/core/lib/iomgr/unix_sockets_posix.h +0 -46
  1220. data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +0 -53
  1221. data/src/core/lib/iomgr/wakeup_fd_eventfd.cc +0 -80
  1222. data/src/core/lib/iomgr/wakeup_fd_nospecial.cc +0 -39
  1223. data/src/core/lib/iomgr/wakeup_fd_pipe.cc +0 -99
  1224. data/src/core/lib/iomgr/wakeup_fd_pipe.h +0 -28
  1225. data/src/core/lib/iomgr/wakeup_fd_posix.cc +0 -73
  1226. data/src/core/lib/iomgr/wakeup_fd_posix.h +0 -96
  1227. data/src/core/lib/json/json.h +0 -246
  1228. data/src/core/lib/json/json_args.h +0 -34
  1229. data/src/core/lib/json/json_object_loader.cc +0 -202
  1230. data/src/core/lib/json/json_object_loader.h +0 -598
  1231. data/src/core/lib/json/json_reader.cc +0 -929
  1232. data/src/core/lib/json/json_util.cc +0 -106
  1233. data/src/core/lib/json/json_util.h +0 -163
  1234. data/src/core/lib/json/json_writer.cc +0 -340
  1235. data/src/core/lib/load_balancing/lb_policy.cc +0 -93
  1236. data/src/core/lib/load_balancing/lb_policy.h +0 -435
  1237. data/src/core/lib/load_balancing/lb_policy_factory.h +0 -49
  1238. data/src/core/lib/load_balancing/lb_policy_registry.cc +0 -141
  1239. data/src/core/lib/load_balancing/lb_policy_registry.h +0 -82
  1240. data/src/core/lib/load_balancing/subchannel_interface.h +0 -140
  1241. data/src/core/lib/matchers/matchers.cc +0 -330
  1242. data/src/core/lib/matchers/matchers.h +0 -162
  1243. data/src/core/lib/promise/activity.cc +0 -120
  1244. data/src/core/lib/promise/activity.h +0 -581
  1245. data/src/core/lib/promise/arena_promise.h +0 -201
  1246. data/src/core/lib/promise/call_push_pull.h +0 -148
  1247. data/src/core/lib/promise/context.h +0 -85
  1248. data/src/core/lib/promise/detail/basic_seq.h +0 -516
  1249. data/src/core/lib/promise/detail/promise_factory.h +0 -187
  1250. data/src/core/lib/promise/detail/promise_like.h +0 -85
  1251. data/src/core/lib/promise/detail/status.h +0 -50
  1252. data/src/core/lib/promise/exec_ctx_wakeup_scheduler.h +0 -48
  1253. data/src/core/lib/promise/intra_activity_waiter.h +0 -49
  1254. data/src/core/lib/promise/latch.h +0 -103
  1255. data/src/core/lib/promise/loop.h +0 -136
  1256. data/src/core/lib/promise/map.h +0 -87
  1257. data/src/core/lib/promise/poll.h +0 -66
  1258. data/src/core/lib/promise/promise.h +0 -96
  1259. data/src/core/lib/promise/race.h +0 -83
  1260. data/src/core/lib/promise/seq.h +0 -108
  1261. data/src/core/lib/promise/sleep.cc +0 -89
  1262. data/src/core/lib/promise/sleep.h +0 -85
  1263. data/src/core/lib/promise/try_seq.h +0 -177
  1264. data/src/core/lib/resolver/resolver.cc +0 -37
  1265. data/src/core/lib/resolver/resolver.h +0 -138
  1266. data/src/core/lib/resolver/resolver_factory.h +0 -77
  1267. data/src/core/lib/resolver/resolver_registry.cc +0 -149
  1268. data/src/core/lib/resolver/resolver_registry.h +0 -123
  1269. data/src/core/lib/resolver/server_address.cc +0 -180
  1270. data/src/core/lib/resolver/server_address.h +0 -147
  1271. data/src/core/lib/resource_quota/api.cc +0 -105
  1272. data/src/core/lib/resource_quota/api.h +0 -49
  1273. data/src/core/lib/resource_quota/arena.cc +0 -119
  1274. data/src/core/lib/resource_quota/arena.h +0 -163
  1275. data/src/core/lib/resource_quota/memory_quota.cc +0 -602
  1276. data/src/core/lib/resource_quota/memory_quota.h +0 -530
  1277. data/src/core/lib/resource_quota/periodic_update.cc +0 -78
  1278. data/src/core/lib/resource_quota/periodic_update.h +0 -71
  1279. data/src/core/lib/resource_quota/resource_quota.cc +0 -33
  1280. data/src/core/lib/resource_quota/resource_quota.h +0 -74
  1281. data/src/core/lib/resource_quota/thread_quota.cc +0 -45
  1282. data/src/core/lib/resource_quota/thread_quota.h +0 -61
  1283. data/src/core/lib/resource_quota/trace.cc +0 -19
  1284. data/src/core/lib/resource_quota/trace.h +0 -24
  1285. data/src/core/lib/security/authorization/authorization_engine.h +0 -44
  1286. data/src/core/lib/security/authorization/authorization_policy_provider.h +0 -47
  1287. data/src/core/lib/security/authorization/authorization_policy_provider_vtable.cc +0 -50
  1288. data/src/core/lib/security/authorization/evaluate_args.cc +0 -221
  1289. data/src/core/lib/security/authorization/evaluate_args.h +0 -95
  1290. data/src/core/lib/security/authorization/grpc_authorization_engine.cc +0 -66
  1291. data/src/core/lib/security/authorization/grpc_authorization_engine.h +0 -69
  1292. data/src/core/lib/security/authorization/grpc_server_authz_filter.cc +0 -120
  1293. data/src/core/lib/security/authorization/grpc_server_authz_filter.h +0 -61
  1294. data/src/core/lib/security/authorization/matchers.cc +0 -238
  1295. data/src/core/lib/security/authorization/matchers.h +0 -218
  1296. data/src/core/lib/security/authorization/rbac_policy.cc +0 -446
  1297. data/src/core/lib/security/authorization/rbac_policy.h +0 -178
  1298. data/src/core/lib/security/certificate_provider/certificate_provider_factory.h +0 -66
  1299. data/src/core/lib/security/certificate_provider/certificate_provider_registry.cc +0 -60
  1300. data/src/core/lib/security/certificate_provider/certificate_provider_registry.h +0 -70
  1301. data/src/core/lib/security/context/security_context.cc +0 -330
  1302. data/src/core/lib/security/context/security_context.h +0 -171
  1303. data/src/core/lib/security/credentials/alts/alts_credentials.cc +0 -119
  1304. data/src/core/lib/security/credentials/alts/alts_credentials.h +0 -123
  1305. data/src/core/lib/security/credentials/alts/check_gcp_environment.cc +0 -72
  1306. data/src/core/lib/security/credentials/alts/check_gcp_environment.h +0 -57
  1307. data/src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc +0 -68
  1308. data/src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc +0 -33
  1309. data/src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc +0 -102
  1310. data/src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc +0 -125
  1311. data/src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc +0 -46
  1312. data/src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h +0 -75
  1313. data/src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc +0 -56
  1314. data/src/core/lib/security/credentials/call_creds_util.cc +0 -97
  1315. data/src/core/lib/security/credentials/call_creds_util.h +0 -43
  1316. data/src/core/lib/security/credentials/channel_creds_registry.h +0 -103
  1317. data/src/core/lib/security/credentials/channel_creds_registry_init.cc +0 -81
  1318. data/src/core/lib/security/credentials/composite/composite_credentials.cc +0 -171
  1319. data/src/core/lib/security/credentials/composite/composite_credentials.h +0 -132
  1320. data/src/core/lib/security/credentials/credentials.cc +0 -159
  1321. data/src/core/lib/security/credentials/credentials.h +0 -298
  1322. data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +0 -524
  1323. data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +0 -100
  1324. data/src/core/lib/security/credentials/external/aws_request_signer.cc +0 -223
  1325. data/src/core/lib/security/credentials/external/aws_request_signer.h +0 -72
  1326. data/src/core/lib/security/credentials/external/external_account_credentials.cc +0 -572
  1327. data/src/core/lib/security/credentials/external/external_account_credentials.h +0 -129
  1328. data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +0 -142
  1329. data/src/core/lib/security/credentials/external/file_external_account_credentials.h +0 -55
  1330. data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +0 -246
  1331. data/src/core/lib/security/credentials/external/url_external_account_credentials.h +0 -71
  1332. data/src/core/lib/security/credentials/fake/fake_credentials.cc +0 -112
  1333. data/src/core/lib/security/credentials/fake/fake_credentials.h +0 -96
  1334. data/src/core/lib/security/credentials/google_default/credentials_generic.cc +0 -40
  1335. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +0 -500
  1336. data/src/core/lib/security/credentials/google_default/google_default_credentials.h +0 -100
  1337. data/src/core/lib/security/credentials/iam/iam_credentials.cc +0 -82
  1338. data/src/core/lib/security/credentials/iam/iam_credentials.h +0 -65
  1339. data/src/core/lib/security/credentials/insecure/insecure_credentials.cc +0 -73
  1340. data/src/core/lib/security/credentials/insecure/insecure_credentials.h +0 -61
  1341. data/src/core/lib/security/credentials/jwt/json_token.cc +0 -298
  1342. data/src/core/lib/security/credentials/jwt/json_token.h +0 -76
  1343. data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +0 -183
  1344. data/src/core/lib/security/credentials/jwt/jwt_credentials.h +0 -107
  1345. data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +0 -957
  1346. data/src/core/lib/security/credentials/jwt/jwt_verifier.h +0 -124
  1347. data/src/core/lib/security/credentials/local/local_credentials.cc +0 -71
  1348. data/src/core/lib/security/credentials/local/local_credentials.h +0 -77
  1349. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +0 -751
  1350. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +0 -220
  1351. data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +0 -214
  1352. data/src/core/lib/security/credentials/plugin/plugin_credentials.h +0 -125
  1353. data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +0 -381
  1354. data/src/core/lib/security/credentials/ssl/ssl_credentials.h +0 -131
  1355. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +0 -348
  1356. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +0 -223
  1357. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +0 -484
  1358. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +0 -206
  1359. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.cc +0 -241
  1360. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.h +0 -168
  1361. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +0 -122
  1362. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +0 -117
  1363. data/src/core/lib/security/credentials/tls/tls_credentials.cc +0 -150
  1364. data/src/core/lib/security/credentials/tls/tls_credentials.h +0 -71
  1365. data/src/core/lib/security/credentials/tls/tls_utils.cc +0 -127
  1366. data/src/core/lib/security/credentials/tls/tls_utils.h +0 -51
  1367. data/src/core/lib/security/credentials/xds/xds_credentials.cc +0 -236
  1368. data/src/core/lib/security/credentials/xds/xds_credentials.h +0 -114
  1369. data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +0 -317
  1370. data/src/core/lib/security/security_connector/alts/alts_security_connector.h +0 -79
  1371. data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +0 -322
  1372. data/src/core/lib/security/security_connector/fake/fake_security_connector.h +0 -43
  1373. data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +0 -120
  1374. data/src/core/lib/security/security_connector/insecure/insecure_security_connector.h +0 -108
  1375. data/src/core/lib/security/security_connector/load_system_roots.h +0 -33
  1376. data/src/core/lib/security/security_connector/load_system_roots_fallback.cc +0 -35
  1377. data/src/core/lib/security/security_connector/load_system_roots_supported.cc +0 -178
  1378. data/src/core/lib/security/security_connector/load_system_roots_supported.h +0 -46
  1379. data/src/core/lib/security/security_connector/local/local_security_connector.cc +0 -310
  1380. data/src/core/lib/security/security_connector/local/local_security_connector.h +0 -63
  1381. data/src/core/lib/security/security_connector/security_connector.cc +0 -127
  1382. data/src/core/lib/security/security_connector/security_connector.h +0 -201
  1383. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +0 -463
  1384. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +0 -83
  1385. data/src/core/lib/security/security_connector/ssl_utils.cc +0 -627
  1386. data/src/core/lib/security/security_connector/ssl_utils.h +0 -187
  1387. data/src/core/lib/security/security_connector/ssl_utils_config.cc +0 -32
  1388. data/src/core/lib/security/security_connector/ssl_utils_config.h +0 -30
  1389. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +0 -834
  1390. data/src/core/lib/security/security_connector/tls/tls_security_connector.h +0 -286
  1391. data/src/core/lib/security/transport/auth_filters.h +0 -76
  1392. data/src/core/lib/security/transport/client_auth_filter.cc +0 -227
  1393. data/src/core/lib/security/transport/secure_endpoint.cc +0 -568
  1394. data/src/core/lib/security/transport/secure_endpoint.h +0 -43
  1395. data/src/core/lib/security/transport/security_handshaker.cc +0 -673
  1396. data/src/core/lib/security/transport/security_handshaker.h +0 -51
  1397. data/src/core/lib/security/transport/server_auth_filter.cc +0 -360
  1398. data/src/core/lib/security/transport/tsi_error.cc +0 -28
  1399. data/src/core/lib/security/transport/tsi_error.h +0 -30
  1400. data/src/core/lib/security/util/json_util.cc +0 -71
  1401. data/src/core/lib/security/util/json_util.h +0 -43
  1402. data/src/core/lib/service_config/service_config.h +0 -89
  1403. data/src/core/lib/service_config/service_config_call_data.h +0 -76
  1404. data/src/core/lib/service_config/service_config_impl.cc +0 -238
  1405. data/src/core/lib/service_config/service_config_impl.h +0 -128
  1406. data/src/core/lib/service_config/service_config_parser.cc +0 -98
  1407. data/src/core/lib/service_config/service_config_parser.h +0 -101
  1408. data/src/core/lib/slice/b64.cc +0 -239
  1409. data/src/core/lib/slice/b64.h +0 -52
  1410. data/src/core/lib/slice/percent_encoding.cc +0 -150
  1411. data/src/core/lib/slice/percent_encoding.h +0 -54
  1412. data/src/core/lib/slice/slice.cc +0 -496
  1413. data/src/core/lib/slice/slice.h +0 -389
  1414. data/src/core/lib/slice/slice_api.cc +0 -39
  1415. data/src/core/lib/slice/slice_buffer.cc +0 -473
  1416. data/src/core/lib/slice/slice_buffer.h +0 -137
  1417. data/src/core/lib/slice/slice_buffer_api.cc +0 -35
  1418. data/src/core/lib/slice/slice_internal.h +0 -105
  1419. data/src/core/lib/slice/slice_refcount.cc +0 -35
  1420. data/src/core/lib/slice/slice_refcount.h +0 -45
  1421. data/src/core/lib/slice/slice_refcount_base.h +0 -60
  1422. data/src/core/lib/slice/slice_string_helpers.cc +0 -28
  1423. data/src/core/lib/slice/slice_string_helpers.h +0 -31
  1424. data/src/core/lib/surface/api_trace.cc +0 -25
  1425. data/src/core/lib/surface/api_trace.h +0 -53
  1426. data/src/core/lib/surface/builtins.cc +0 -54
  1427. data/src/core/lib/surface/builtins.h +0 -26
  1428. data/src/core/lib/surface/byte_buffer.cc +0 -98
  1429. data/src/core/lib/surface/byte_buffer_reader.cc +0 -101
  1430. data/src/core/lib/surface/call.cc +0 -1916
  1431. data/src/core/lib/surface/call.h +0 -135
  1432. data/src/core/lib/surface/call_details.cc +0 -41
  1433. data/src/core/lib/surface/call_log_batch.cc +0 -117
  1434. data/src/core/lib/surface/call_test_only.h +0 -46
  1435. data/src/core/lib/surface/channel.cc +0 -442
  1436. data/src/core/lib/surface/channel.h +0 -206
  1437. data/src/core/lib/surface/channel_init.cc +0 -55
  1438. data/src/core/lib/surface/channel_init.h +0 -84
  1439. data/src/core/lib/surface/channel_ping.cc +0 -69
  1440. data/src/core/lib/surface/channel_stack_type.cc +0 -57
  1441. data/src/core/lib/surface/channel_stack_type.h +0 -45
  1442. data/src/core/lib/surface/completion_queue.cc +0 -1425
  1443. data/src/core/lib/surface/completion_queue.h +0 -100
  1444. data/src/core/lib/surface/completion_queue_factory.cc +0 -94
  1445. data/src/core/lib/surface/completion_queue_factory.h +0 -37
  1446. data/src/core/lib/surface/event_string.cc +0 -56
  1447. data/src/core/lib/surface/event_string.h +0 -31
  1448. data/src/core/lib/surface/init.cc +0 -260
  1449. data/src/core/lib/surface/init.h +0 -25
  1450. data/src/core/lib/surface/init_internally.cc +0 -24
  1451. data/src/core/lib/surface/init_internally.h +0 -28
  1452. data/src/core/lib/surface/lame_client.cc +0 -152
  1453. data/src/core/lib/surface/lame_client.h +0 -71
  1454. data/src/core/lib/surface/metadata_array.cc +0 -38
  1455. data/src/core/lib/surface/server.cc +0 -1577
  1456. data/src/core/lib/surface/server.h +0 -526
  1457. data/src/core/lib/surface/validate_metadata.cc +0 -123
  1458. data/src/core/lib/surface/validate_metadata.h +0 -48
  1459. data/src/core/lib/surface/version.cc +0 -28
  1460. data/src/core/lib/transport/bdp_estimator.cc +0 -86
  1461. data/src/core/lib/transport/bdp_estimator.h +0 -94
  1462. data/src/core/lib/transport/connectivity_state.cc +0 -189
  1463. data/src/core/lib/transport/connectivity_state.h +0 -144
  1464. data/src/core/lib/transport/error_utils.cc +0 -165
  1465. data/src/core/lib/transport/error_utils.h +0 -63
  1466. data/src/core/lib/transport/handshaker.cc +0 -225
  1467. data/src/core/lib/transport/handshaker.h +0 -167
  1468. data/src/core/lib/transport/handshaker_factory.h +0 -48
  1469. data/src/core/lib/transport/handshaker_registry.cc +0 -55
  1470. data/src/core/lib/transport/handshaker_registry.h +0 -70
  1471. data/src/core/lib/transport/http2_errors.h +0 -41
  1472. data/src/core/lib/transport/http_connect_handshaker.cc +0 -401
  1473. data/src/core/lib/transport/http_connect_handshaker.h +0 -42
  1474. data/src/core/lib/transport/metadata_batch.cc +0 -291
  1475. data/src/core/lib/transport/metadata_batch.h +0 -1310
  1476. data/src/core/lib/transport/parsed_metadata.cc +0 -39
  1477. data/src/core/lib/transport/parsed_metadata.h +0 -409
  1478. data/src/core/lib/transport/pid_controller.cc +0 -51
  1479. data/src/core/lib/transport/pid_controller.h +0 -116
  1480. data/src/core/lib/transport/status_conversion.cc +0 -92
  1481. data/src/core/lib/transport/status_conversion.h +0 -38
  1482. data/src/core/lib/transport/tcp_connect_handshaker.cc +0 -251
  1483. data/src/core/lib/transport/tcp_connect_handshaker.h +0 -39
  1484. data/src/core/lib/transport/timeout_encoding.cc +0 -284
  1485. data/src/core/lib/transport/timeout_encoding.h +0 -72
  1486. data/src/core/lib/transport/transport.cc +0 -239
  1487. data/src/core/lib/transport/transport.h +0 -594
  1488. data/src/core/lib/transport/transport_fwd.h +0 -20
  1489. data/src/core/lib/transport/transport_impl.h +0 -95
  1490. data/src/core/lib/transport/transport_op_string.cc +0 -146
  1491. data/src/core/lib/uri/uri_parser.cc +0 -373
  1492. data/src/core/lib/uri/uri_parser.h +0 -101
  1493. data/src/core/plugin_registry/grpc_plugin_registry.cc +0 -117
  1494. data/src/core/plugin_registry/grpc_plugin_registry_extra.cc +0 -73
  1495. data/src/core/tsi/alts/crypt/aes_gcm.cc +0 -690
  1496. data/src/core/tsi/alts/crypt/gsec.cc +0 -190
  1497. data/src/core/tsi/alts/crypt/gsec.h +0 -459
  1498. data/src/core/tsi/alts/frame_protector/alts_counter.cc +0 -118
  1499. data/src/core/tsi/alts/frame_protector/alts_counter.h +0 -98
  1500. data/src/core/tsi/alts/frame_protector/alts_crypter.cc +0 -66
  1501. data/src/core/tsi/alts/frame_protector/alts_crypter.h +0 -255
  1502. data/src/core/tsi/alts/frame_protector/alts_frame_protector.cc +0 -408
  1503. data/src/core/tsi/alts/frame_protector/alts_frame_protector.h +0 -55
  1504. data/src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc +0 -114
  1505. data/src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h +0 -114
  1506. data/src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc +0 -105
  1507. data/src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc +0 -103
  1508. data/src/core/tsi/alts/frame_protector/frame_handler.cc +0 -219
  1509. data/src/core/tsi/alts/frame_protector/frame_handler.h +0 -236
  1510. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +0 -927
  1511. data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +0 -160
  1512. data/src/core/tsi/alts/handshaker/alts_shared_resource.cc +0 -91
  1513. data/src/core/tsi/alts/handshaker/alts_shared_resource.h +0 -73
  1514. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +0 -720
  1515. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +0 -104
  1516. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h +0 -89
  1517. data/src/core/tsi/alts/handshaker/alts_tsi_utils.cc +0 -64
  1518. data/src/core/tsi/alts/handshaker/alts_tsi_utils.h +0 -53
  1519. data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +0 -223
  1520. data/src/core/tsi/alts/handshaker/transport_security_common_api.h +0 -171
  1521. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc +0 -226
  1522. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h +0 -54
  1523. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc +0 -144
  1524. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h +0 -49
  1525. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h +0 -91
  1526. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc +0 -174
  1527. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h +0 -99
  1528. data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc +0 -478
  1529. data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h +0 -199
  1530. data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +0 -315
  1531. data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h +0 -57
  1532. data/src/core/tsi/fake_transport_security.cc +0 -844
  1533. data/src/core/tsi/fake_transport_security.h +0 -53
  1534. data/src/core/tsi/local_transport_security.cc +0 -174
  1535. data/src/core/tsi/local_transport_security.h +0 -47
  1536. data/src/core/tsi/ssl/key_logging/ssl_key_logging.cc +0 -141
  1537. data/src/core/tsi/ssl/key_logging/ssl_key_logging.h +0 -81
  1538. data/src/core/tsi/ssl/session_cache/ssl_session.h +0 -71
  1539. data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +0 -59
  1540. data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +0 -179
  1541. data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +0 -99
  1542. data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +0 -77
  1543. data/src/core/tsi/ssl_transport_security.cc +0 -2441
  1544. data/src/core/tsi/ssl_transport_security.h +0 -405
  1545. data/src/core/tsi/ssl_types.h +0 -42
  1546. data/src/core/tsi/transport_security.cc +0 -396
  1547. data/src/core/tsi/transport_security.h +0 -143
  1548. data/src/core/tsi/transport_security_grpc.cc +0 -74
  1549. data/src/core/tsi/transport_security_grpc.h +0 -83
  1550. data/src/core/tsi/transport_security_interface.h +0 -521
  1551. data/src/ruby/lib/grpc/2.6/grpc_c.so +0 -0
  1552. data/third_party/abseil-cpp/absl/algorithm/algorithm.h +0 -159
  1553. data/third_party/abseil-cpp/absl/algorithm/container.h +0 -1774
  1554. data/third_party/abseil-cpp/absl/base/attributes.h +0 -762
  1555. data/third_party/abseil-cpp/absl/base/call_once.h +0 -219
  1556. data/third_party/abseil-cpp/absl/base/casts.h +0 -180
  1557. data/third_party/abseil-cpp/absl/base/config.h +0 -913
  1558. data/third_party/abseil-cpp/absl/base/const_init.h +0 -76
  1559. data/third_party/abseil-cpp/absl/base/dynamic_annotations.h +0 -471
  1560. data/third_party/abseil-cpp/absl/base/internal/atomic_hook.h +0 -200
  1561. data/third_party/abseil-cpp/absl/base/internal/cycleclock.cc +0 -77
  1562. data/third_party/abseil-cpp/absl/base/internal/cycleclock.h +0 -159
  1563. data/third_party/abseil-cpp/absl/base/internal/direct_mmap.h +0 -169
  1564. data/third_party/abseil-cpp/absl/base/internal/dynamic_annotations.h +0 -398
  1565. data/third_party/abseil-cpp/absl/base/internal/endian.h +0 -282
  1566. data/third_party/abseil-cpp/absl/base/internal/errno_saver.h +0 -43
  1567. data/third_party/abseil-cpp/absl/base/internal/fast_type_id.h +0 -50
  1568. data/third_party/abseil-cpp/absl/base/internal/hide_ptr.h +0 -51
  1569. data/third_party/abseil-cpp/absl/base/internal/identity.h +0 -37
  1570. data/third_party/abseil-cpp/absl/base/internal/inline_variable.h +0 -107
  1571. data/third_party/abseil-cpp/absl/base/internal/invoke.h +0 -241
  1572. data/third_party/abseil-cpp/absl/base/internal/low_level_alloc.cc +0 -620
  1573. data/third_party/abseil-cpp/absl/base/internal/low_level_alloc.h +0 -126
  1574. data/third_party/abseil-cpp/absl/base/internal/low_level_scheduling.h +0 -134
  1575. data/third_party/abseil-cpp/absl/base/internal/per_thread_tls.h +0 -52
  1576. data/third_party/abseil-cpp/absl/base/internal/prefetch.h +0 -138
  1577. data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +0 -249
  1578. data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +0 -196
  1579. data/third_party/abseil-cpp/absl/base/internal/scheduling_mode.h +0 -58
  1580. data/third_party/abseil-cpp/absl/base/internal/spinlock.cc +0 -232
  1581. data/third_party/abseil-cpp/absl/base/internal/spinlock.h +0 -256
  1582. data/third_party/abseil-cpp/absl/base/internal/spinlock_akaros.inc +0 -35
  1583. data/third_party/abseil-cpp/absl/base/internal/spinlock_linux.inc +0 -71
  1584. data/third_party/abseil-cpp/absl/base/internal/spinlock_posix.inc +0 -46
  1585. data/third_party/abseil-cpp/absl/base/internal/spinlock_wait.cc +0 -81
  1586. data/third_party/abseil-cpp/absl/base/internal/spinlock_wait.h +0 -95
  1587. data/third_party/abseil-cpp/absl/base/internal/spinlock_win32.inc +0 -37
  1588. data/third_party/abseil-cpp/absl/base/internal/strerror.cc +0 -88
  1589. data/third_party/abseil-cpp/absl/base/internal/strerror.h +0 -39
  1590. data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +0 -507
  1591. data/third_party/abseil-cpp/absl/base/internal/sysinfo.h +0 -74
  1592. data/third_party/abseil-cpp/absl/base/internal/thread_annotations.h +0 -271
  1593. data/third_party/abseil-cpp/absl/base/internal/thread_identity.cc +0 -156
  1594. data/third_party/abseil-cpp/absl/base/internal/thread_identity.h +0 -265
  1595. data/third_party/abseil-cpp/absl/base/internal/throw_delegate.cc +0 -212
  1596. data/third_party/abseil-cpp/absl/base/internal/throw_delegate.h +0 -75
  1597. data/third_party/abseil-cpp/absl/base/internal/tsan_mutex_interface.h +0 -68
  1598. data/third_party/abseil-cpp/absl/base/internal/unaligned_access.h +0 -82
  1599. data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.cc +0 -153
  1600. data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.h +0 -133
  1601. data/third_party/abseil-cpp/absl/base/log_severity.cc +0 -55
  1602. data/third_party/abseil-cpp/absl/base/log_severity.h +0 -172
  1603. data/third_party/abseil-cpp/absl/base/macros.h +0 -158
  1604. data/third_party/abseil-cpp/absl/base/optimization.h +0 -252
  1605. data/third_party/abseil-cpp/absl/base/options.h +0 -238
  1606. data/third_party/abseil-cpp/absl/base/policy_checks.h +0 -111
  1607. data/third_party/abseil-cpp/absl/base/port.h +0 -25
  1608. data/third_party/abseil-cpp/absl/base/thread_annotations.h +0 -335
  1609. data/third_party/abseil-cpp/absl/container/fixed_array.h +0 -529
  1610. data/third_party/abseil-cpp/absl/container/flat_hash_map.h +0 -613
  1611. data/third_party/abseil-cpp/absl/container/flat_hash_set.h +0 -510
  1612. data/third_party/abseil-cpp/absl/container/inlined_vector.h +0 -866
  1613. data/third_party/abseil-cpp/absl/container/internal/common.h +0 -207
  1614. data/third_party/abseil-cpp/absl/container/internal/compressed_tuple.h +0 -290
  1615. data/third_party/abseil-cpp/absl/container/internal/container_memory.h +0 -442
  1616. data/third_party/abseil-cpp/absl/container/internal/hash_function_defaults.h +0 -163
  1617. data/third_party/abseil-cpp/absl/container/internal/hash_policy_traits.h +0 -208
  1618. data/third_party/abseil-cpp/absl/container/internal/hashtable_debug_hooks.h +0 -85
  1619. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.cc +0 -238
  1620. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +0 -299
  1621. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler_force_weak_definition.cc +0 -31
  1622. data/third_party/abseil-cpp/absl/container/internal/inlined_vector.h +0 -953
  1623. data/third_party/abseil-cpp/absl/container/internal/layout.h +0 -743
  1624. data/third_party/abseil-cpp/absl/container/internal/raw_hash_map.h +0 -198
  1625. data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.cc +0 -71
  1626. data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +0 -2365
  1627. data/third_party/abseil-cpp/absl/debugging/internal/address_is_readable.cc +0 -96
  1628. data/third_party/abseil-cpp/absl/debugging/internal/address_is_readable.h +0 -32
  1629. data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +0 -1959
  1630. data/third_party/abseil-cpp/absl/debugging/internal/demangle.h +0 -71
  1631. data/third_party/abseil-cpp/absl/debugging/internal/elf_mem_image.cc +0 -387
  1632. data/third_party/abseil-cpp/absl/debugging/internal/elf_mem_image.h +0 -139
  1633. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc +0 -204
  1634. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_arm-inl.inc +0 -139
  1635. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_config.h +0 -88
  1636. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_emscripten-inl.inc +0 -110
  1637. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_generic-inl.inc +0 -108
  1638. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_powerpc-inl.inc +0 -258
  1639. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_riscv-inl.inc +0 -236
  1640. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_unimplemented-inl.inc +0 -24
  1641. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_win32-inl.inc +0 -93
  1642. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_x86-inl.inc +0 -369
  1643. data/third_party/abseil-cpp/absl/debugging/internal/symbolize.h +0 -153
  1644. data/third_party/abseil-cpp/absl/debugging/internal/vdso_support.cc +0 -204
  1645. data/third_party/abseil-cpp/absl/debugging/internal/vdso_support.h +0 -158
  1646. data/third_party/abseil-cpp/absl/debugging/stacktrace.cc +0 -142
  1647. data/third_party/abseil-cpp/absl/debugging/stacktrace.h +0 -231
  1648. data/third_party/abseil-cpp/absl/debugging/symbolize.cc +0 -43
  1649. data/third_party/abseil-cpp/absl/debugging/symbolize.h +0 -99
  1650. data/third_party/abseil-cpp/absl/debugging/symbolize_darwin.inc +0 -101
  1651. data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +0 -1613
  1652. data/third_party/abseil-cpp/absl/debugging/symbolize_emscripten.inc +0 -72
  1653. data/third_party/abseil-cpp/absl/debugging/symbolize_unimplemented.inc +0 -40
  1654. data/third_party/abseil-cpp/absl/debugging/symbolize_win32.inc +0 -81
  1655. data/third_party/abseil-cpp/absl/functional/any_invocable.h +0 -313
  1656. data/third_party/abseil-cpp/absl/functional/bind_front.h +0 -193
  1657. data/third_party/abseil-cpp/absl/functional/function_ref.h +0 -143
  1658. data/third_party/abseil-cpp/absl/functional/internal/any_invocable.h +0 -857
  1659. data/third_party/abseil-cpp/absl/functional/internal/front_binder.h +0 -95
  1660. data/third_party/abseil-cpp/absl/functional/internal/function_ref.h +0 -106
  1661. data/third_party/abseil-cpp/absl/hash/hash.h +0 -421
  1662. data/third_party/abseil-cpp/absl/hash/internal/city.cc +0 -349
  1663. data/third_party/abseil-cpp/absl/hash/internal/city.h +0 -78
  1664. data/third_party/abseil-cpp/absl/hash/internal/hash.cc +0 -69
  1665. data/third_party/abseil-cpp/absl/hash/internal/hash.h +0 -1291
  1666. data/third_party/abseil-cpp/absl/hash/internal/low_level_hash.cc +0 -123
  1667. data/third_party/abseil-cpp/absl/hash/internal/low_level_hash.h +0 -50
  1668. data/third_party/abseil-cpp/absl/memory/memory.h +0 -699
  1669. data/third_party/abseil-cpp/absl/meta/type_traits.h +0 -797
  1670. data/third_party/abseil-cpp/absl/numeric/bits.h +0 -178
  1671. data/third_party/abseil-cpp/absl/numeric/int128.cc +0 -385
  1672. data/third_party/abseil-cpp/absl/numeric/int128.h +0 -1165
  1673. data/third_party/abseil-cpp/absl/numeric/int128_have_intrinsic.inc +0 -296
  1674. data/third_party/abseil-cpp/absl/numeric/int128_no_intrinsic.inc +0 -311
  1675. data/third_party/abseil-cpp/absl/numeric/internal/bits.h +0 -358
  1676. data/third_party/abseil-cpp/absl/numeric/internal/representation.h +0 -55
  1677. data/third_party/abseil-cpp/absl/profiling/internal/exponential_biased.cc +0 -93
  1678. data/third_party/abseil-cpp/absl/profiling/internal/exponential_biased.h +0 -130
  1679. data/third_party/abseil-cpp/absl/profiling/internal/sample_recorder.h +0 -245
  1680. data/third_party/abseil-cpp/absl/random/bernoulli_distribution.h +0 -200
  1681. data/third_party/abseil-cpp/absl/random/beta_distribution.h +0 -427
  1682. data/third_party/abseil-cpp/absl/random/discrete_distribution.cc +0 -98
  1683. data/third_party/abseil-cpp/absl/random/discrete_distribution.h +0 -247
  1684. data/third_party/abseil-cpp/absl/random/distributions.h +0 -452
  1685. data/third_party/abseil-cpp/absl/random/exponential_distribution.h +0 -165
  1686. data/third_party/abseil-cpp/absl/random/gaussian_distribution.cc +0 -104
  1687. data/third_party/abseil-cpp/absl/random/gaussian_distribution.h +0 -275
  1688. data/third_party/abseil-cpp/absl/random/internal/distribution_caller.h +0 -95
  1689. data/third_party/abseil-cpp/absl/random/internal/fast_uniform_bits.h +0 -269
  1690. data/third_party/abseil-cpp/absl/random/internal/fastmath.h +0 -57
  1691. data/third_party/abseil-cpp/absl/random/internal/generate_real.h +0 -144
  1692. data/third_party/abseil-cpp/absl/random/internal/iostream_state_saver.h +0 -245
  1693. data/third_party/abseil-cpp/absl/random/internal/nonsecure_base.h +0 -161
  1694. data/third_party/abseil-cpp/absl/random/internal/pcg_engine.h +0 -308
  1695. data/third_party/abseil-cpp/absl/random/internal/platform.h +0 -171
  1696. data/third_party/abseil-cpp/absl/random/internal/pool_urbg.cc +0 -253
  1697. data/third_party/abseil-cpp/absl/random/internal/pool_urbg.h +0 -131
  1698. data/third_party/abseil-cpp/absl/random/internal/randen.cc +0 -91
  1699. data/third_party/abseil-cpp/absl/random/internal/randen.h +0 -96
  1700. data/third_party/abseil-cpp/absl/random/internal/randen_detect.cc +0 -225
  1701. data/third_party/abseil-cpp/absl/random/internal/randen_detect.h +0 -33
  1702. data/third_party/abseil-cpp/absl/random/internal/randen_engine.h +0 -264
  1703. data/third_party/abseil-cpp/absl/random/internal/randen_hwaes.cc +0 -526
  1704. data/third_party/abseil-cpp/absl/random/internal/randen_hwaes.h +0 -50
  1705. data/third_party/abseil-cpp/absl/random/internal/randen_round_keys.cc +0 -462
  1706. data/third_party/abseil-cpp/absl/random/internal/randen_slow.cc +0 -471
  1707. data/third_party/abseil-cpp/absl/random/internal/randen_slow.h +0 -40
  1708. data/third_party/abseil-cpp/absl/random/internal/randen_traits.h +0 -88
  1709. data/third_party/abseil-cpp/absl/random/internal/salted_seed_seq.h +0 -165
  1710. data/third_party/abseil-cpp/absl/random/internal/seed_material.cc +0 -267
  1711. data/third_party/abseil-cpp/absl/random/internal/seed_material.h +0 -104
  1712. data/third_party/abseil-cpp/absl/random/internal/traits.h +0 -149
  1713. data/third_party/abseil-cpp/absl/random/internal/uniform_helper.h +0 -244
  1714. data/third_party/abseil-cpp/absl/random/internal/wide_multiply.h +0 -96
  1715. data/third_party/abseil-cpp/absl/random/log_uniform_int_distribution.h +0 -256
  1716. data/third_party/abseil-cpp/absl/random/poisson_distribution.h +0 -261
  1717. data/third_party/abseil-cpp/absl/random/random.h +0 -189
  1718. data/third_party/abseil-cpp/absl/random/seed_gen_exception.cc +0 -46
  1719. data/third_party/abseil-cpp/absl/random/seed_gen_exception.h +0 -55
  1720. data/third_party/abseil-cpp/absl/random/seed_sequences.cc +0 -29
  1721. data/third_party/abseil-cpp/absl/random/seed_sequences.h +0 -111
  1722. data/third_party/abseil-cpp/absl/random/uniform_int_distribution.h +0 -275
  1723. data/third_party/abseil-cpp/absl/random/uniform_real_distribution.h +0 -202
  1724. data/third_party/abseil-cpp/absl/random/zipf_distribution.h +0 -272
  1725. data/third_party/abseil-cpp/absl/status/internal/status_internal.h +0 -86
  1726. data/third_party/abseil-cpp/absl/status/internal/statusor_internal.h +0 -396
  1727. data/third_party/abseil-cpp/absl/status/status.cc +0 -616
  1728. data/third_party/abseil-cpp/absl/status/status.h +0 -892
  1729. data/third_party/abseil-cpp/absl/status/status_payload_printer.cc +0 -38
  1730. data/third_party/abseil-cpp/absl/status/status_payload_printer.h +0 -51
  1731. data/third_party/abseil-cpp/absl/status/statusor.cc +0 -103
  1732. data/third_party/abseil-cpp/absl/status/statusor.h +0 -776
  1733. data/third_party/abseil-cpp/absl/strings/ascii.cc +0 -200
  1734. data/third_party/abseil-cpp/absl/strings/ascii.h +0 -242
  1735. data/third_party/abseil-cpp/absl/strings/charconv.cc +0 -984
  1736. data/third_party/abseil-cpp/absl/strings/charconv.h +0 -120
  1737. data/third_party/abseil-cpp/absl/strings/cord.cc +0 -1328
  1738. data/third_party/abseil-cpp/absl/strings/cord.h +0 -1642
  1739. data/third_party/abseil-cpp/absl/strings/cord_analysis.cc +0 -188
  1740. data/third_party/abseil-cpp/absl/strings/cord_analysis.h +0 -44
  1741. data/third_party/abseil-cpp/absl/strings/cord_buffer.cc +0 -30
  1742. data/third_party/abseil-cpp/absl/strings/cord_buffer.h +0 -572
  1743. data/third_party/abseil-cpp/absl/strings/escaping.cc +0 -949
  1744. data/third_party/abseil-cpp/absl/strings/escaping.h +0 -164
  1745. data/third_party/abseil-cpp/absl/strings/internal/char_map.h +0 -156
  1746. data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.cc +0 -359
  1747. data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.h +0 -423
  1748. data/third_party/abseil-cpp/absl/strings/internal/charconv_parse.cc +0 -504
  1749. data/third_party/abseil-cpp/absl/strings/internal/charconv_parse.h +0 -99
  1750. data/third_party/abseil-cpp/absl/strings/internal/cord_data_edge.h +0 -63
  1751. data/third_party/abseil-cpp/absl/strings/internal/cord_internal.cc +0 -77
  1752. data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +0 -655
  1753. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_btree.cc +0 -1228
  1754. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_btree.h +0 -924
  1755. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_btree_navigator.cc +0 -187
  1756. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_btree_navigator.h +0 -267
  1757. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_btree_reader.cc +0 -69
  1758. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_btree_reader.h +0 -212
  1759. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_consume.cc +0 -62
  1760. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_consume.h +0 -50
  1761. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_crc.cc +0 -54
  1762. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_crc.h +0 -102
  1763. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_flat.h +0 -187
  1764. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.cc +0 -773
  1765. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.h +0 -607
  1766. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring_reader.h +0 -118
  1767. data/third_party/abseil-cpp/absl/strings/internal/cordz_functions.cc +0 -96
  1768. data/third_party/abseil-cpp/absl/strings/internal/cordz_functions.h +0 -85
  1769. data/third_party/abseil-cpp/absl/strings/internal/cordz_handle.cc +0 -139
  1770. data/third_party/abseil-cpp/absl/strings/internal/cordz_handle.h +0 -131
  1771. data/third_party/abseil-cpp/absl/strings/internal/cordz_info.cc +0 -418
  1772. data/third_party/abseil-cpp/absl/strings/internal/cordz_info.h +0 -298
  1773. data/third_party/abseil-cpp/absl/strings/internal/cordz_statistics.h +0 -88
  1774. data/third_party/abseil-cpp/absl/strings/internal/cordz_update_scope.h +0 -71
  1775. data/third_party/abseil-cpp/absl/strings/internal/cordz_update_tracker.h +0 -123
  1776. data/third_party/abseil-cpp/absl/strings/internal/escaping.cc +0 -181
  1777. data/third_party/abseil-cpp/absl/strings/internal/escaping.h +0 -58
  1778. data/third_party/abseil-cpp/absl/strings/internal/memutil.cc +0 -112
  1779. data/third_party/abseil-cpp/absl/strings/internal/memutil.h +0 -148
  1780. data/third_party/abseil-cpp/absl/strings/internal/ostringstream.cc +0 -36
  1781. data/third_party/abseil-cpp/absl/strings/internal/ostringstream.h +0 -89
  1782. data/third_party/abseil-cpp/absl/strings/internal/resize_uninitialized.h +0 -119
  1783. data/third_party/abseil-cpp/absl/strings/internal/stl_type_traits.h +0 -248
  1784. data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +0 -488
  1785. data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +0 -526
  1786. data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +0 -258
  1787. data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +0 -248
  1788. data/third_party/abseil-cpp/absl/strings/internal/str_format/checker.h +0 -338
  1789. data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.cc +0 -74
  1790. data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.h +0 -448
  1791. data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.cc +0 -1423
  1792. data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.h +0 -37
  1793. data/third_party/abseil-cpp/absl/strings/internal/str_format/output.cc +0 -72
  1794. data/third_party/abseil-cpp/absl/strings/internal/str_format/output.h +0 -97
  1795. data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.cc +0 -339
  1796. data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +0 -359
  1797. data/third_party/abseil-cpp/absl/strings/internal/str_join_internal.h +0 -317
  1798. data/third_party/abseil-cpp/absl/strings/internal/str_split_internal.h +0 -430
  1799. data/third_party/abseil-cpp/absl/strings/internal/string_constant.h +0 -72
  1800. data/third_party/abseil-cpp/absl/strings/internal/utf8.cc +0 -53
  1801. data/third_party/abseil-cpp/absl/strings/internal/utf8.h +0 -50
  1802. data/third_party/abseil-cpp/absl/strings/match.cc +0 -43
  1803. data/third_party/abseil-cpp/absl/strings/match.h +0 -100
  1804. data/third_party/abseil-cpp/absl/strings/numbers.cc +0 -1093
  1805. data/third_party/abseil-cpp/absl/strings/numbers.h +0 -303
  1806. data/third_party/abseil-cpp/absl/strings/str_cat.cc +0 -246
  1807. data/third_party/abseil-cpp/absl/strings/str_cat.h +0 -415
  1808. data/third_party/abseil-cpp/absl/strings/str_format.h +0 -812
  1809. data/third_party/abseil-cpp/absl/strings/str_join.h +0 -287
  1810. data/third_party/abseil-cpp/absl/strings/str_replace.cc +0 -82
  1811. data/third_party/abseil-cpp/absl/strings/str_replace.h +0 -219
  1812. data/third_party/abseil-cpp/absl/strings/str_split.cc +0 -139
  1813. data/third_party/abseil-cpp/absl/strings/str_split.h +0 -547
  1814. data/third_party/abseil-cpp/absl/strings/string_view.cc +0 -219
  1815. data/third_party/abseil-cpp/absl/strings/string_view.h +0 -711
  1816. data/third_party/abseil-cpp/absl/strings/strip.h +0 -93
  1817. data/third_party/abseil-cpp/absl/strings/substitute.cc +0 -172
  1818. data/third_party/abseil-cpp/absl/strings/substitute.h +0 -729
  1819. data/third_party/abseil-cpp/absl/synchronization/barrier.cc +0 -52
  1820. data/third_party/abseil-cpp/absl/synchronization/barrier.h +0 -79
  1821. data/third_party/abseil-cpp/absl/synchronization/blocking_counter.cc +0 -67
  1822. data/third_party/abseil-cpp/absl/synchronization/blocking_counter.h +0 -101
  1823. data/third_party/abseil-cpp/absl/synchronization/internal/create_thread_identity.cc +0 -143
  1824. data/third_party/abseil-cpp/absl/synchronization/internal/create_thread_identity.h +0 -56
  1825. data/third_party/abseil-cpp/absl/synchronization/internal/futex.h +0 -154
  1826. data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.cc +0 -698
  1827. data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.h +0 -141
  1828. data/third_party/abseil-cpp/absl/synchronization/internal/kernel_timeout.h +0 -156
  1829. data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.cc +0 -102
  1830. data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.h +0 -110
  1831. data/third_party/abseil-cpp/absl/synchronization/internal/waiter.cc +0 -403
  1832. data/third_party/abseil-cpp/absl/synchronization/internal/waiter.h +0 -161
  1833. data/third_party/abseil-cpp/absl/synchronization/mutex.cc +0 -2786
  1834. data/third_party/abseil-cpp/absl/synchronization/mutex.h +0 -1090
  1835. data/third_party/abseil-cpp/absl/synchronization/notification.cc +0 -78
  1836. data/third_party/abseil-cpp/absl/synchronization/notification.h +0 -124
  1837. data/third_party/abseil-cpp/absl/time/civil_time.cc +0 -173
  1838. data/third_party/abseil-cpp/absl/time/civil_time.h +0 -538
  1839. data/third_party/abseil-cpp/absl/time/clock.cc +0 -585
  1840. data/third_party/abseil-cpp/absl/time/clock.h +0 -74
  1841. data/third_party/abseil-cpp/absl/time/duration.cc +0 -955
  1842. data/third_party/abseil-cpp/absl/time/format.cc +0 -160
  1843. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time.h +0 -332
  1844. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +0 -632
  1845. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/time_zone.h +0 -459
  1846. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/zone_info_source.h +0 -102
  1847. data/third_party/abseil-cpp/absl/time/internal/cctz/src/civil_time_detail.cc +0 -94
  1848. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.cc +0 -140
  1849. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.h +0 -52
  1850. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +0 -1029
  1851. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.cc +0 -45
  1852. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.h +0 -77
  1853. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.cc +0 -113
  1854. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.h +0 -93
  1855. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +0 -1027
  1856. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.h +0 -137
  1857. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +0 -315
  1858. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.h +0 -55
  1859. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_lookup.cc +0 -236
  1860. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.cc +0 -159
  1861. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.h +0 -132
  1862. data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +0 -122
  1863. data/third_party/abseil-cpp/absl/time/internal/cctz/src/zone_info_source.cc +0 -115
  1864. data/third_party/abseil-cpp/absl/time/internal/get_current_time_chrono.inc +0 -31
  1865. data/third_party/abseil-cpp/absl/time/internal/get_current_time_posix.inc +0 -24
  1866. data/third_party/abseil-cpp/absl/time/time.cc +0 -500
  1867. data/third_party/abseil-cpp/absl/time/time.h +0 -1620
  1868. data/third_party/abseil-cpp/absl/types/bad_optional_access.cc +0 -48
  1869. data/third_party/abseil-cpp/absl/types/bad_optional_access.h +0 -78
  1870. data/third_party/abseil-cpp/absl/types/bad_variant_access.cc +0 -64
  1871. data/third_party/abseil-cpp/absl/types/bad_variant_access.h +0 -82
  1872. data/third_party/abseil-cpp/absl/types/internal/optional.h +0 -404
  1873. data/third_party/abseil-cpp/absl/types/internal/span.h +0 -128
  1874. data/third_party/abseil-cpp/absl/types/internal/variant.h +0 -1646
  1875. data/third_party/abseil-cpp/absl/types/optional.h +0 -779
  1876. data/third_party/abseil-cpp/absl/types/span.h +0 -727
  1877. data/third_party/abseil-cpp/absl/types/variant.h +0 -866
  1878. data/third_party/abseil-cpp/absl/utility/utility.h +0 -350
  1879. data/third_party/address_sorting/address_sorting.c +0 -375
  1880. data/third_party/address_sorting/address_sorting_internal.h +0 -70
  1881. data/third_party/address_sorting/address_sorting_posix.c +0 -98
  1882. data/third_party/address_sorting/address_sorting_windows.c +0 -95
  1883. data/third_party/address_sorting/include/address_sorting/address_sorting.h +0 -115
  1884. data/third_party/boringssl-with-bazel/err_data.c +0 -1493
  1885. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +0 -284
  1886. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +0 -122
  1887. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_d2i_fp.c +0 -91
  1888. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_dup.c +0 -87
  1889. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +0 -195
  1890. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.c +0 -266
  1891. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_i2d_fp.c +0 -88
  1892. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +0 -420
  1893. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +0 -298
  1894. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +0 -299
  1895. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +0 -77
  1896. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_print.c +0 -83
  1897. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strex.c +0 -650
  1898. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +0 -266
  1899. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +0 -212
  1900. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +0 -163
  1901. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +0 -264
  1902. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utf8.c +0 -236
  1903. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +0 -452
  1904. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_par.c +0 -80
  1905. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +0 -101
  1906. data/third_party/boringssl-with-bazel/src/crypto/asn1/charmap.h +0 -15
  1907. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +0 -102
  1908. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +0 -91
  1909. data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +0 -224
  1910. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +0 -969
  1911. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +0 -710
  1912. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +0 -233
  1913. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +0 -332
  1914. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +0 -131
  1915. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +0 -281
  1916. data/third_party/boringssl-with-bazel/src/crypto/asn1/time_support.c +0 -206
  1917. data/third_party/boringssl-with-bazel/src/crypto/base64/base64.c +0 -482
  1918. data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +0 -702
  1919. data/third_party/boringssl-with-bazel/src/crypto/bio/bio_mem.c +0 -324
  1920. data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +0 -541
  1921. data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +0 -275
  1922. data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +0 -311
  1923. data/third_party/boringssl-with-bazel/src/crypto/bio/hexdump.c +0 -192
  1924. data/third_party/boringssl-with-bazel/src/crypto/bio/internal.h +0 -111
  1925. data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +0 -483
  1926. data/third_party/boringssl-with-bazel/src/crypto/bio/printf.c +0 -115
  1927. data/third_party/boringssl-with-bazel/src/crypto/bio/socket.c +0 -192
  1928. data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +0 -122
  1929. data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +0 -156
  1930. data/third_party/boringssl-with-bazel/src/crypto/bn_extra/bn_asn1.c +0 -57
  1931. data/third_party/boringssl-with-bazel/src/crypto/bn_extra/convert.c +0 -470
  1932. data/third_party/boringssl-with-bazel/src/crypto/buf/buf.c +0 -172
  1933. data/third_party/boringssl-with-bazel/src/crypto/bytestring/asn1_compat.c +0 -52
  1934. data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +0 -266
  1935. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbb.c +0 -728
  1936. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +0 -711
  1937. data/third_party/boringssl-with-bazel/src/crypto/bytestring/internal.h +0 -96
  1938. data/third_party/boringssl-with-bazel/src/crypto/bytestring/unicode.c +0 -155
  1939. data/third_party/boringssl-with-bazel/src/crypto/chacha/chacha.c +0 -175
  1940. data/third_party/boringssl-with-bazel/src/crypto/chacha/internal.h +0 -45
  1941. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/cipher_extra.c +0 -127
  1942. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +0 -152
  1943. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesccm.c +0 -447
  1944. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesctrhmac.c +0 -283
  1945. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesgcmsiv.c +0 -891
  1946. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +0 -343
  1947. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_null.c +0 -85
  1948. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc2.c +0 -462
  1949. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc4.c +0 -87
  1950. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +0 -601
  1951. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +0 -226
  1952. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +0 -338
  1953. data/third_party/boringssl-with-bazel/src/crypto/cmac/cmac.c +0 -278
  1954. data/third_party/boringssl-with-bazel/src/crypto/conf/conf.c +0 -821
  1955. data/third_party/boringssl-with-bazel/src/crypto/conf/conf_def.h +0 -127
  1956. data/third_party/boringssl-with-bazel/src/crypto/conf/internal.h +0 -31
  1957. data/third_party/boringssl-with-bazel/src/crypto/cpu-aarch64-fuchsia.c +0 -55
  1958. data/third_party/boringssl-with-bazel/src/crypto/cpu-aarch64-linux.c +0 -62
  1959. data/third_party/boringssl-with-bazel/src/crypto/cpu-aarch64-win.c +0 -41
  1960. data/third_party/boringssl-with-bazel/src/crypto/cpu-arm-linux.c +0 -229
  1961. data/third_party/boringssl-with-bazel/src/crypto/cpu-arm-linux.h +0 -201
  1962. data/third_party/boringssl-with-bazel/src/crypto/cpu-arm.c +0 -38
  1963. data/third_party/boringssl-with-bazel/src/crypto/cpu-intel.c +0 -291
  1964. data/third_party/boringssl-with-bazel/src/crypto/cpu-ppc64le.c +0 -38
  1965. data/third_party/boringssl-with-bazel/src/crypto/crypto.c +0 -226
  1966. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +0 -2159
  1967. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519_tables.h +0 -7872
  1968. data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h +0 -146
  1969. data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +0 -539
  1970. data/third_party/boringssl-with-bazel/src/crypto/dh_extra/dh_asn1.c +0 -160
  1971. data/third_party/boringssl-with-bazel/src/crypto/dh_extra/params.c +0 -272
  1972. data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +0 -268
  1973. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +0 -967
  1974. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa_asn1.c +0 -390
  1975. data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +0 -34
  1976. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +0 -559
  1977. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_derive.c +0 -95
  1978. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +0 -385
  1979. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +0 -56
  1980. data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/ecdh_extra.c +0 -124
  1981. data/third_party/boringssl-with-bazel/src/crypto/ecdsa_extra/ecdsa_asn1.c +0 -267
  1982. data/third_party/boringssl-with-bazel/src/crypto/engine/engine.c +0 -99
  1983. data/third_party/boringssl-with-bazel/src/crypto/err/err.c +0 -857
  1984. data/third_party/boringssl-with-bazel/src/crypto/err/internal.h +0 -58
  1985. data/third_party/boringssl-with-bazel/src/crypto/evp/digestsign.c +0 -231
  1986. data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +0 -456
  1987. data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +0 -547
  1988. data/third_party/boringssl-with-bazel/src/crypto/evp/evp_ctx.c +0 -484
  1989. data/third_party/boringssl-with-bazel/src/crypto/evp/internal.h +0 -269
  1990. data/third_party/boringssl-with-bazel/src/crypto/evp/p_dsa_asn1.c +0 -277
  1991. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec.c +0 -286
  1992. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec_asn1.c +0 -255
  1993. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519.c +0 -104
  1994. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519_asn1.c +0 -221
  1995. data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +0 -648
  1996. data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa_asn1.c +0 -194
  1997. data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519.c +0 -110
  1998. data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519_asn1.c +0 -248
  1999. data/third_party/boringssl-with-bazel/src/crypto/evp/pbkdf.c +0 -146
  2000. data/third_party/boringssl-with-bazel/src/crypto/evp/print.c +0 -489
  2001. data/third_party/boringssl-with-bazel/src/crypto/evp/scrypt.c +0 -211
  2002. data/third_party/boringssl-with-bazel/src/crypto/evp/sign.c +0 -151
  2003. data/third_party/boringssl-with-bazel/src/crypto/ex_data.c +0 -261
  2004. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes.c +0 -108
  2005. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +0 -1282
  2006. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +0 -238
  2007. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/key_wrap.c +0 -236
  2008. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +0 -122
  2009. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +0 -266
  2010. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/add.c +0 -316
  2011. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/asm/x86_64-gcc.c +0 -541
  2012. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +0 -438
  2013. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bytes.c +0 -230
  2014. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/cmp.c +0 -200
  2015. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/ctx.c +0 -236
  2016. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +0 -902
  2017. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div_extra.c +0 -87
  2018. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +0 -1288
  2019. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd.c +0 -378
  2020. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd_extra.c +0 -326
  2021. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/generic.c +0 -711
  2022. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +0 -715
  2023. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/jacobi.c +0 -146
  2024. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +0 -502
  2025. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery_inv.c +0 -186
  2026. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +0 -749
  2027. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +0 -1064
  2028. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/random.c +0 -341
  2029. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.c +0 -226
  2030. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.h +0 -104
  2031. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/shift.c +0 -364
  2032. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/sqrt.c +0 -498
  2033. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/aead.c +0 -284
  2034. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +0 -648
  2035. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +0 -1473
  2036. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_des.c +0 -237
  2037. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/internal.h +0 -128
  2038. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/delocate.h +0 -89
  2039. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/des/des.c +0 -784
  2040. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/des/internal.h +0 -238
  2041. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/check.c +0 -217
  2042. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/dh.c +0 -456
  2043. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +0 -282
  2044. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.c +0 -304
  2045. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/internal.h +0 -112
  2046. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/md32_common.h +0 -195
  2047. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +0 -1268
  2048. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +0 -472
  2049. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +0 -524
  2050. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/felem.c +0 -100
  2051. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +0 -772
  2052. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +0 -328
  2053. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +0 -1180
  2054. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64-table.h +0 -9497
  2055. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64.c +0 -633
  2056. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64.h +0 -153
  2057. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +0 -740
  2058. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +0 -297
  2059. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +0 -175
  2060. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +0 -357
  2061. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +0 -270
  2062. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/util.c +0 -255
  2063. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +0 -270
  2064. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +0 -122
  2065. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +0 -338
  2066. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +0 -39
  2067. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/fips_shared_support.c +0 -32
  2068. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hmac/hmac.c +0 -228
  2069. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md4/md4.c +0 -240
  2070. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md5/internal.h +0 -37
  2071. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md5/md5.c +0 -284
  2072. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +0 -178
  2073. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cfb.c +0 -203
  2074. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +0 -201
  2075. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +0 -733
  2076. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm_nohw.c +0 -304
  2077. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +0 -420
  2078. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +0 -97
  2079. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/polyval.c +0 -91
  2080. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/ctrdrbg.c +0 -202
  2081. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +0 -137
  2082. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +0 -49
  2083. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +0 -64
  2084. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +0 -184
  2085. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +0 -457
  2086. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +0 -401
  2087. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +0 -243
  2088. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +0 -131
  2089. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/padding.c +0 -695
  2090. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +0 -935
  2091. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +0 -1416
  2092. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +0 -79
  2093. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +0 -874
  2094. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +0 -53
  2095. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1-altivec.c +0 -361
  2096. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +0 -357
  2097. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +0 -321
  2098. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +0 -508
  2099. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/internal.h +0 -39
  2100. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/kdf.c +0 -165
  2101. data/third_party/boringssl-with-bazel/src/crypto/hkdf/hkdf.c +0 -112
  2102. data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +0 -618
  2103. data/third_party/boringssl-with-bazel/src/crypto/hrss/hrss.c +0 -2198
  2104. data/third_party/boringssl-with-bazel/src/crypto/hrss/internal.h +0 -68
  2105. data/third_party/boringssl-with-bazel/src/crypto/internal.h +0 -959
  2106. data/third_party/boringssl-with-bazel/src/crypto/lhash/internal.h +0 -253
  2107. data/third_party/boringssl-with-bazel/src/crypto/lhash/lhash.c +0 -353
  2108. data/third_party/boringssl-with-bazel/src/crypto/mem.c +0 -410
  2109. data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +0 -553
  2110. data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +0 -11585
  2111. data/third_party/boringssl-with-bazel/src/crypto/obj/obj_xref.c +0 -122
  2112. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_all.c +0 -252
  2113. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_info.c +0 -358
  2114. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +0 -769
  2115. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_oth.c +0 -87
  2116. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +0 -255
  2117. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +0 -214
  2118. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_x509.c +0 -65
  2119. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_xaux.c +0 -65
  2120. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/internal.h +0 -58
  2121. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7.c +0 -193
  2122. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +0 -526
  2123. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/internal.h +0 -137
  2124. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/p5_pbev2.c +0 -316
  2125. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8.c +0 -530
  2126. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +0 -1383
  2127. data/third_party/boringssl-with-bazel/src/crypto/poly1305/internal.h +0 -41
  2128. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +0 -321
  2129. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +0 -307
  2130. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +0 -860
  2131. data/third_party/boringssl-with-bazel/src/crypto/pool/internal.h +0 -49
  2132. data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +0 -257
  2133. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/deterministic.c +0 -56
  2134. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/forkunsafe.c +0 -46
  2135. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/fuchsia.c +0 -34
  2136. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +0 -34
  2137. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/rand_extra.c +0 -74
  2138. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/windows.c +0 -73
  2139. data/third_party/boringssl-with-bazel/src/crypto/rc4/rc4.c +0 -98
  2140. data/third_party/boringssl-with-bazel/src/crypto/refcount_c11.c +0 -67
  2141. data/third_party/boringssl-with-bazel/src/crypto/refcount_lock.c +0 -53
  2142. data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_asn1.c +0 -324
  2143. data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_print.c +0 -22
  2144. data/third_party/boringssl-with-bazel/src/crypto/siphash/siphash.c +0 -82
  2145. data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +0 -425
  2146. data/third_party/boringssl-with-bazel/src/crypto/thread.c +0 -110
  2147. data/third_party/boringssl-with-bazel/src/crypto/thread_none.c +0 -59
  2148. data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +0 -182
  2149. data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +0 -260
  2150. data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +0 -318
  2151. data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +0 -1399
  2152. data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +0 -858
  2153. data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +0 -766
  2154. data/third_party/boringssl-with-bazel/src/crypto/x509/a_digest.c +0 -96
  2155. data/third_party/boringssl-with-bazel/src/crypto/x509/a_sign.c +0 -128
  2156. data/third_party/boringssl-with-bazel/src/crypto/x509/a_verify.c +0 -118
  2157. data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +0 -163
  2158. data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +0 -826
  2159. data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +0 -459
  2160. data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +0 -277
  2161. data/third_party/boringssl-with-bazel/src/crypto/x509/i2d_pr.c +0 -83
  2162. data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +0 -404
  2163. data/third_party/boringssl-with-bazel/src/crypto/x509/name_print.c +0 -246
  2164. data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +0 -400
  2165. data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +0 -130
  2166. data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +0 -246
  2167. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +0 -365
  2168. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509a.c +0 -116
  2169. data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +0 -90
  2170. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +0 -358
  2171. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +0 -461
  2172. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_d2.c +0 -106
  2173. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_def.c +0 -103
  2174. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +0 -212
  2175. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +0 -830
  2176. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +0 -199
  2177. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +0 -304
  2178. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +0 -240
  2179. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +0 -331
  2180. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_txt.c +0 -204
  2181. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +0 -281
  2182. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +0 -2456
  2183. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +0 -651
  2184. data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +0 -284
  2185. data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +0 -388
  2186. data/third_party/boringssl-with-bazel/src/crypto/x509/x509rset.c +0 -84
  2187. data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.c +0 -137
  2188. data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +0 -153
  2189. data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +0 -386
  2190. data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +0 -98
  2191. data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +0 -565
  2192. data/third_party/boringssl-with-bazel/src/crypto/x509/x_exten.c +0 -77
  2193. data/third_party/boringssl-with-bazel/src/crypto/x509/x_info.c +0 -98
  2194. data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +0 -544
  2195. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +0 -106
  2196. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +0 -217
  2197. data/third_party/boringssl-with-bazel/src/crypto/x509/x_req.c +0 -106
  2198. data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +0 -94
  2199. data/third_party/boringssl-with-bazel/src/crypto/x509/x_spki.c +0 -80
  2200. data/third_party/boringssl-with-bazel/src/crypto/x509/x_val.c +0 -71
  2201. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +0 -394
  2202. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +0 -201
  2203. data/third_party/boringssl-with-bazel/src/crypto/x509v3/ext_dat.h +0 -138
  2204. data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +0 -289
  2205. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_cache.c +0 -287
  2206. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +0 -132
  2207. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_lib.c +0 -155
  2208. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_map.c +0 -131
  2209. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_node.c +0 -189
  2210. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_tree.c +0 -843
  2211. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +0 -226
  2212. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akeya.c +0 -72
  2213. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +0 -640
  2214. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bcons.c +0 -133
  2215. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +0 -144
  2216. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +0 -468
  2217. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +0 -500
  2218. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_crld.c +0 -563
  2219. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +0 -106
  2220. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_extku.c +0 -148
  2221. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +0 -266
  2222. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +0 -121
  2223. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +0 -218
  2224. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_int.c +0 -91
  2225. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +0 -379
  2226. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ncons.c +0 -558
  2227. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ocsp.c +0 -68
  2228. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pci.c +0 -289
  2229. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcia.c +0 -57
  2230. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcons.c +0 -139
  2231. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pmaps.c +0 -154
  2232. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +0 -230
  2233. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +0 -929
  2234. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +0 -156
  2235. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +0 -1437
  2236. data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +0 -480
  2237. data/third_party/boringssl-with-bazel/src/include/openssl/aes.h +0 -207
  2238. data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +0 -240
  2239. data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +0 -2039
  2240. data/third_party/boringssl-with-bazel/src/include/openssl/asn1_mac.h +0 -18
  2241. data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +0 -718
  2242. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +0 -627
  2243. data/third_party/boringssl-with-bazel/src/include/openssl/base64.h +0 -198
  2244. data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +0 -939
  2245. data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +0 -62
  2246. data/third_party/boringssl-with-bazel/src/include/openssl/blowfish.h +0 -93
  2247. data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +0 -1057
  2248. data/third_party/boringssl-with-bazel/src/include/openssl/buf.h +0 -137
  2249. data/third_party/boringssl-with-bazel/src/include/openssl/buffer.h +0 -18
  2250. data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +0 -586
  2251. data/third_party/boringssl-with-bazel/src/include/openssl/cast.h +0 -96
  2252. data/third_party/boringssl-with-bazel/src/include/openssl/chacha.h +0 -41
  2253. data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +0 -673
  2254. data/third_party/boringssl-with-bazel/src/include/openssl/cmac.h +0 -91
  2255. data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +0 -183
  2256. data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +0 -202
  2257. data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +0 -169
  2258. data/third_party/boringssl-with-bazel/src/include/openssl/curve25519.h +0 -201
  2259. data/third_party/boringssl-with-bazel/src/include/openssl/des.h +0 -183
  2260. data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +0 -353
  2261. data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +0 -348
  2262. data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +0 -443
  2263. data/third_party/boringssl-with-bazel/src/include/openssl/dtls1.h +0 -16
  2264. data/third_party/boringssl-with-bazel/src/include/openssl/e_os2.h +0 -18
  2265. data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +0 -442
  2266. data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h +0 -357
  2267. data/third_party/boringssl-with-bazel/src/include/openssl/ecdh.h +0 -118
  2268. data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +0 -236
  2269. data/third_party/boringssl-with-bazel/src/include/openssl/engine.h +0 -109
  2270. data/third_party/boringssl-with-bazel/src/include/openssl/err.h +0 -466
  2271. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +0 -1083
  2272. data/third_party/boringssl-with-bazel/src/include/openssl/evp_errors.h +0 -99
  2273. data/third_party/boringssl-with-bazel/src/include/openssl/ex_data.h +0 -203
  2274. data/third_party/boringssl-with-bazel/src/include/openssl/hkdf.h +0 -68
  2275. data/third_party/boringssl-with-bazel/src/include/openssl/hmac.h +0 -186
  2276. data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +0 -350
  2277. data/third_party/boringssl-with-bazel/src/include/openssl/hrss.h +0 -102
  2278. data/third_party/boringssl-with-bazel/src/include/openssl/is_boringssl.h +0 -16
  2279. data/third_party/boringssl-with-bazel/src/include/openssl/lhash.h +0 -81
  2280. data/third_party/boringssl-with-bazel/src/include/openssl/md4.h +0 -108
  2281. data/third_party/boringssl-with-bazel/src/include/openssl/md5.h +0 -109
  2282. data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +0 -184
  2283. data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +0 -4259
  2284. data/third_party/boringssl-with-bazel/src/include/openssl/obj.h +0 -256
  2285. data/third_party/boringssl-with-bazel/src/include/openssl/obj_mac.h +0 -18
  2286. data/third_party/boringssl-with-bazel/src/include/openssl/objects.h +0 -18
  2287. data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +0 -70
  2288. data/third_party/boringssl-with-bazel/src/include/openssl/opensslv.h +0 -18
  2289. data/third_party/boringssl-with-bazel/src/include/openssl/ossl_typ.h +0 -18
  2290. data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +0 -483
  2291. data/third_party/boringssl-with-bazel/src/include/openssl/pkcs12.h +0 -18
  2292. data/third_party/boringssl-with-bazel/src/include/openssl/pkcs7.h +0 -239
  2293. data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +0 -282
  2294. data/third_party/boringssl-with-bazel/src/include/openssl/poly1305.h +0 -49
  2295. data/third_party/boringssl-with-bazel/src/include/openssl/pool.h +0 -108
  2296. data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +0 -114
  2297. data/third_party/boringssl-with-bazel/src/include/openssl/rc4.h +0 -96
  2298. data/third_party/boringssl-with-bazel/src/include/openssl/ripemd.h +0 -108
  2299. data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +0 -855
  2300. data/third_party/boringssl-with-bazel/src/include/openssl/safestack.h +0 -16
  2301. data/third_party/boringssl-with-bazel/src/include/openssl/sha.h +0 -294
  2302. data/third_party/boringssl-with-bazel/src/include/openssl/siphash.h +0 -37
  2303. data/third_party/boringssl-with-bazel/src/include/openssl/span.h +0 -222
  2304. data/third_party/boringssl-with-bazel/src/include/openssl/srtp.h +0 -18
  2305. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +0 -5624
  2306. data/third_party/boringssl-with-bazel/src/include/openssl/ssl3.h +0 -333
  2307. data/third_party/boringssl-with-bazel/src/include/openssl/stack.h +0 -542
  2308. data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +0 -191
  2309. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +0 -647
  2310. data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +0 -310
  2311. data/third_party/boringssl-with-bazel/src/include/openssl/type_check.h +0 -90
  2312. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +0 -2419
  2313. data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +0 -18
  2314. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +0 -1021
  2315. data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +0 -192
  2316. data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +0 -835
  2317. data/third_party/boringssl-with-bazel/src/ssl/d1_lib.cc +0 -268
  2318. data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +0 -273
  2319. data/third_party/boringssl-with-bazel/src/ssl/d1_srtp.cc +0 -232
  2320. data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +0 -200
  2321. data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +0 -353
  2322. data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +0 -1084
  2323. data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +0 -4325
  2324. data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +0 -986
  2325. data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +0 -758
  2326. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +0 -1986
  2327. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +0 -1956
  2328. data/third_party/boringssl-with-bazel/src/ssl/internal.h +0 -3953
  2329. data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +0 -730
  2330. data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +0 -219
  2331. data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +0 -453
  2332. data/third_party/boringssl-with-bazel/src/ssl/ssl_aead_ctx.cc +0 -432
  2333. data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +0 -896
  2334. data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +0 -306
  2335. data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +0 -1014
  2336. data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +0 -1717
  2337. data/third_party/boringssl-with-bazel/src/ssl/ssl_file.cc +0 -585
  2338. data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +0 -400
  2339. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +0 -3072
  2340. data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +0 -837
  2341. data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +0 -1342
  2342. data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +0 -233
  2343. data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +0 -272
  2344. data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +0 -402
  2345. data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +0 -1363
  2346. data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +0 -384
  2347. data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +0 -733
  2348. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +0 -1122
  2349. data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +0 -582
  2350. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +0 -1349
  2351. data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +0 -319
  2352. data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +0 -705
  2353. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +0 -981
  2354. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +0 -619
  2355. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +0 -3147
  2356. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +0 -1226
  2357. data/third_party/cares/ares_build.h +0 -223
  2358. data/third_party/cares/cares/include/ares.h +0 -742
  2359. data/third_party/cares/cares/include/ares_dns.h +0 -112
  2360. data/third_party/cares/cares/include/ares_rules.h +0 -125
  2361. data/third_party/cares/cares/include/ares_version.h +0 -24
  2362. data/third_party/cares/cares/src/lib/ares__close_sockets.c +0 -61
  2363. data/third_party/cares/cares/src/lib/ares__get_hostent.c +0 -260
  2364. data/third_party/cares/cares/src/lib/ares__parse_into_addrinfo.c +0 -260
  2365. data/third_party/cares/cares/src/lib/ares__read_line.c +0 -73
  2366. data/third_party/cares/cares/src/lib/ares__readaddrinfo.c +0 -264
  2367. data/third_party/cares/cares/src/lib/ares__sortaddrinfo.c +0 -499
  2368. data/third_party/cares/cares/src/lib/ares__timeval.c +0 -111
  2369. data/third_party/cares/cares/src/lib/ares_android.c +0 -444
  2370. data/third_party/cares/cares/src/lib/ares_android.h +0 -27
  2371. data/third_party/cares/cares/src/lib/ares_cancel.c +0 -63
  2372. data/third_party/cares/cares/src/lib/ares_create_query.c +0 -197
  2373. data/third_party/cares/cares/src/lib/ares_data.c +0 -240
  2374. data/third_party/cares/cares/src/lib/ares_data.h +0 -74
  2375. data/third_party/cares/cares/src/lib/ares_destroy.c +0 -113
  2376. data/third_party/cares/cares/src/lib/ares_expand_name.c +0 -300
  2377. data/third_party/cares/cares/src/lib/ares_expand_string.c +0 -67
  2378. data/third_party/cares/cares/src/lib/ares_fds.c +0 -59
  2379. data/third_party/cares/cares/src/lib/ares_free_hostent.c +0 -43
  2380. data/third_party/cares/cares/src/lib/ares_free_string.c +0 -25
  2381. data/third_party/cares/cares/src/lib/ares_freeaddrinfo.c +0 -59
  2382. data/third_party/cares/cares/src/lib/ares_getaddrinfo.c +0 -772
  2383. data/third_party/cares/cares/src/lib/ares_getenv.c +0 -28
  2384. data/third_party/cares/cares/src/lib/ares_getenv.h +0 -26
  2385. data/third_party/cares/cares/src/lib/ares_gethostbyaddr.c +0 -287
  2386. data/third_party/cares/cares/src/lib/ares_gethostbyname.c +0 -534
  2387. data/third_party/cares/cares/src/lib/ares_getnameinfo.c +0 -447
  2388. data/third_party/cares/cares/src/lib/ares_getsock.c +0 -66
  2389. data/third_party/cares/cares/src/lib/ares_inet_net_pton.h +0 -25
  2390. data/third_party/cares/cares/src/lib/ares_init.c +0 -2654
  2391. data/third_party/cares/cares/src/lib/ares_iphlpapi.h +0 -221
  2392. data/third_party/cares/cares/src/lib/ares_ipv6.h +0 -85
  2393. data/third_party/cares/cares/src/lib/ares_library_init.c +0 -200
  2394. data/third_party/cares/cares/src/lib/ares_library_init.h +0 -43
  2395. data/third_party/cares/cares/src/lib/ares_llist.c +0 -63
  2396. data/third_party/cares/cares/src/lib/ares_llist.h +0 -39
  2397. data/third_party/cares/cares/src/lib/ares_mkquery.c +0 -24
  2398. data/third_party/cares/cares/src/lib/ares_nameser.h +0 -482
  2399. data/third_party/cares/cares/src/lib/ares_nowarn.c +0 -260
  2400. data/third_party/cares/cares/src/lib/ares_nowarn.h +0 -61
  2401. data/third_party/cares/cares/src/lib/ares_options.c +0 -406
  2402. data/third_party/cares/cares/src/lib/ares_parse_a_reply.c +0 -209
  2403. data/third_party/cares/cares/src/lib/ares_parse_aaaa_reply.c +0 -212
  2404. data/third_party/cares/cares/src/lib/ares_parse_caa_reply.c +0 -199
  2405. data/third_party/cares/cares/src/lib/ares_parse_mx_reply.c +0 -164
  2406. data/third_party/cares/cares/src/lib/ares_parse_naptr_reply.c +0 -183
  2407. data/third_party/cares/cares/src/lib/ares_parse_ns_reply.c +0 -177
  2408. data/third_party/cares/cares/src/lib/ares_parse_ptr_reply.c +0 -228
  2409. data/third_party/cares/cares/src/lib/ares_parse_soa_reply.c +0 -179
  2410. data/third_party/cares/cares/src/lib/ares_parse_srv_reply.c +0 -168
  2411. data/third_party/cares/cares/src/lib/ares_parse_txt_reply.c +0 -214
  2412. data/third_party/cares/cares/src/lib/ares_platform.c +0 -11042
  2413. data/third_party/cares/cares/src/lib/ares_platform.h +0 -43
  2414. data/third_party/cares/cares/src/lib/ares_private.h +0 -423
  2415. data/third_party/cares/cares/src/lib/ares_process.c +0 -1548
  2416. data/third_party/cares/cares/src/lib/ares_query.c +0 -180
  2417. data/third_party/cares/cares/src/lib/ares_search.c +0 -321
  2418. data/third_party/cares/cares/src/lib/ares_send.c +0 -131
  2419. data/third_party/cares/cares/src/lib/ares_setup.h +0 -220
  2420. data/third_party/cares/cares/src/lib/ares_strcasecmp.c +0 -66
  2421. data/third_party/cares/cares/src/lib/ares_strcasecmp.h +0 -30
  2422. data/third_party/cares/cares/src/lib/ares_strdup.c +0 -49
  2423. data/third_party/cares/cares/src/lib/ares_strdup.h +0 -24
  2424. data/third_party/cares/cares/src/lib/ares_strerror.c +0 -56
  2425. data/third_party/cares/cares/src/lib/ares_strsplit.c +0 -178
  2426. data/third_party/cares/cares/src/lib/ares_strsplit.h +0 -43
  2427. data/third_party/cares/cares/src/lib/ares_timeout.c +0 -88
  2428. data/third_party/cares/cares/src/lib/ares_version.c +0 -11
  2429. data/third_party/cares/cares/src/lib/ares_writev.c +0 -79
  2430. data/third_party/cares/cares/src/lib/ares_writev.h +0 -36
  2431. data/third_party/cares/cares/src/lib/bitncmp.c +0 -59
  2432. data/third_party/cares/cares/src/lib/bitncmp.h +0 -26
  2433. data/third_party/cares/cares/src/lib/config-dos.h +0 -115
  2434. data/third_party/cares/cares/src/lib/config-win32.h +0 -351
  2435. data/third_party/cares/cares/src/lib/inet_net_pton.c +0 -444
  2436. data/third_party/cares/cares/src/lib/inet_ntop.c +0 -201
  2437. data/third_party/cares/cares/src/lib/setup_once.h +0 -554
  2438. data/third_party/cares/cares/src/lib/windows_port.c +0 -22
  2439. data/third_party/cares/config_darwin/ares_config.h +0 -428
  2440. data/third_party/cares/config_freebsd/ares_config.h +0 -505
  2441. data/third_party/cares/config_linux/ares_config.h +0 -461
  2442. data/third_party/cares/config_openbsd/ares_config.h +0 -505
  2443. data/third_party/re2/re2/bitmap256.h +0 -117
  2444. data/third_party/re2/re2/bitstate.cc +0 -385
  2445. data/third_party/re2/re2/compile.cc +0 -1261
  2446. data/third_party/re2/re2/dfa.cc +0 -2118
  2447. data/third_party/re2/re2/filtered_re2.cc +0 -137
  2448. data/third_party/re2/re2/filtered_re2.h +0 -114
  2449. data/third_party/re2/re2/mimics_pcre.cc +0 -197
  2450. data/third_party/re2/re2/nfa.cc +0 -713
  2451. data/third_party/re2/re2/onepass.cc +0 -623
  2452. data/third_party/re2/re2/parse.cc +0 -2483
  2453. data/third_party/re2/re2/perl_groups.cc +0 -119
  2454. data/third_party/re2/re2/pod_array.h +0 -55
  2455. data/third_party/re2/re2/prefilter.cc +0 -711
  2456. data/third_party/re2/re2/prefilter.h +0 -108
  2457. data/third_party/re2/re2/prefilter_tree.cc +0 -407
  2458. data/third_party/re2/re2/prefilter_tree.h +0 -139
  2459. data/third_party/re2/re2/prog.cc +0 -1166
  2460. data/third_party/re2/re2/prog.h +0 -455
  2461. data/third_party/re2/re2/re2.cc +0 -1331
  2462. data/third_party/re2/re2/re2.h +0 -1017
  2463. data/third_party/re2/re2/regexp.cc +0 -987
  2464. data/third_party/re2/re2/regexp.h +0 -665
  2465. data/third_party/re2/re2/set.cc +0 -176
  2466. data/third_party/re2/re2/set.h +0 -85
  2467. data/third_party/re2/re2/simplify.cc +0 -665
  2468. data/third_party/re2/re2/sparse_array.h +0 -392
  2469. data/third_party/re2/re2/sparse_set.h +0 -264
  2470. data/third_party/re2/re2/stringpiece.cc +0 -65
  2471. data/third_party/re2/re2/stringpiece.h +0 -210
  2472. data/third_party/re2/re2/tostring.cc +0 -351
  2473. data/third_party/re2/re2/unicode_casefold.cc +0 -582
  2474. data/third_party/re2/re2/unicode_casefold.h +0 -78
  2475. data/third_party/re2/re2/unicode_groups.cc +0 -6269
  2476. data/third_party/re2/re2/unicode_groups.h +0 -67
  2477. data/third_party/re2/re2/walker-inl.h +0 -246
  2478. data/third_party/re2/util/benchmark.h +0 -156
  2479. data/third_party/re2/util/flags.h +0 -26
  2480. data/third_party/re2/util/logging.h +0 -109
  2481. data/third_party/re2/util/malloc_counter.h +0 -19
  2482. data/third_party/re2/util/mix.h +0 -41
  2483. data/third_party/re2/util/mutex.h +0 -148
  2484. data/third_party/re2/util/pcre.cc +0 -1025
  2485. data/third_party/re2/util/pcre.h +0 -681
  2486. data/third_party/re2/util/rune.cc +0 -260
  2487. data/third_party/re2/util/strutil.cc +0 -149
  2488. data/third_party/re2/util/strutil.h +0 -21
  2489. data/third_party/re2/util/test.h +0 -50
  2490. data/third_party/re2/util/utf.h +0 -44
  2491. data/third_party/re2/util/util.h +0 -42
  2492. data/third_party/upb/third_party/utf8_range/naive.c +0 -92
  2493. data/third_party/upb/third_party/utf8_range/range2-neon.c +0 -157
  2494. data/third_party/upb/third_party/utf8_range/range2-sse.c +0 -170
  2495. data/third_party/upb/third_party/utf8_range/utf8_range.h +0 -9
  2496. data/third_party/upb/upb/arena.c +0 -277
  2497. data/third_party/upb/upb/arena.h +0 -225
  2498. data/third_party/upb/upb/array.c +0 -114
  2499. data/third_party/upb/upb/array.h +0 -83
  2500. data/third_party/upb/upb/collections.h +0 -36
  2501. data/third_party/upb/upb/decode.c +0 -1221
  2502. data/third_party/upb/upb/decode.h +0 -95
  2503. data/third_party/upb/upb/decode_fast.c +0 -1055
  2504. data/third_party/upb/upb/decode_fast.h +0 -153
  2505. data/third_party/upb/upb/def.c +0 -3269
  2506. data/third_party/upb/upb/def.h +0 -416
  2507. data/third_party/upb/upb/def.hpp +0 -441
  2508. data/third_party/upb/upb/encode.c +0 -613
  2509. data/third_party/upb/upb/encode.h +0 -81
  2510. data/third_party/upb/upb/extension_registry.c +0 -93
  2511. data/third_party/upb/upb/extension_registry.h +0 -84
  2512. data/third_party/upb/upb/internal/decode.h +0 -211
  2513. data/third_party/upb/upb/internal/table.h +0 -385
  2514. data/third_party/upb/upb/internal/upb.h +0 -68
  2515. data/third_party/upb/upb/internal/vsnprintf_compat.h +0 -52
  2516. data/third_party/upb/upb/json_decode.c +0 -1512
  2517. data/third_party/upb/upb/json_decode.h +0 -47
  2518. data/third_party/upb/upb/json_encode.c +0 -780
  2519. data/third_party/upb/upb/json_encode.h +0 -65
  2520. data/third_party/upb/upb/map.c +0 -108
  2521. data/third_party/upb/upb/map.h +0 -117
  2522. data/third_party/upb/upb/message_value.h +0 -66
  2523. data/third_party/upb/upb/mini_table.c +0 -1147
  2524. data/third_party/upb/upb/mini_table.h +0 -189
  2525. data/third_party/upb/upb/mini_table.hpp +0 -112
  2526. data/third_party/upb/upb/msg.c +0 -368
  2527. data/third_party/upb/upb/msg.h +0 -71
  2528. data/third_party/upb/upb/msg_internal.h +0 -837
  2529. data/third_party/upb/upb/port_def.inc +0 -262
  2530. data/third_party/upb/upb/port_undef.inc +0 -63
  2531. data/third_party/upb/upb/reflection.c +0 -323
  2532. data/third_party/upb/upb/reflection.h +0 -110
  2533. data/third_party/upb/upb/reflection.hpp +0 -37
  2534. data/third_party/upb/upb/status.c +0 -86
  2535. data/third_party/upb/upb/status.h +0 -66
  2536. data/third_party/upb/upb/table.c +0 -926
  2537. data/third_party/upb/upb/table_internal.h +0 -36
  2538. data/third_party/upb/upb/text_encode.c +0 -473
  2539. data/third_party/upb/upb/text_encode.h +0 -64
  2540. data/third_party/upb/upb/upb.c +0 -76
  2541. data/third_party/upb/upb/upb.h +0 -184
  2542. data/third_party/upb/upb/upb.hpp +0 -115
  2543. data/third_party/xxhash/xxhash.h +0 -5580
  2544. data/third_party/zlib/adler32.c +0 -186
  2545. data/third_party/zlib/compress.c +0 -86
  2546. data/third_party/zlib/crc32.c +0 -1116
  2547. data/third_party/zlib/crc32.h +0 -9446
  2548. data/third_party/zlib/deflate.c +0 -2211
  2549. data/third_party/zlib/deflate.h +0 -346
  2550. data/third_party/zlib/gzclose.c +0 -25
  2551. data/third_party/zlib/gzguts.h +0 -219
  2552. data/third_party/zlib/gzlib.c +0 -639
  2553. data/third_party/zlib/gzread.c +0 -652
  2554. data/third_party/zlib/gzwrite.c +0 -677
  2555. data/third_party/zlib/infback.c +0 -641
  2556. data/third_party/zlib/inffast.c +0 -323
  2557. data/third_party/zlib/inffast.h +0 -11
  2558. data/third_party/zlib/inffixed.h +0 -94
  2559. data/third_party/zlib/inflate.c +0 -1592
  2560. data/third_party/zlib/inflate.h +0 -126
  2561. data/third_party/zlib/inftrees.c +0 -304
  2562. data/third_party/zlib/inftrees.h +0 -62
  2563. data/third_party/zlib/trees.c +0 -1182
  2564. data/third_party/zlib/trees.h +0 -128
  2565. data/third_party/zlib/uncompr.c +0 -93
  2566. data/third_party/zlib/zconf.h +0 -534
  2567. data/third_party/zlib/zlib.h +0 -1935
  2568. data/third_party/zlib/zutil.c +0 -325
  2569. data/third_party/zlib/zutil.h +0 -274
data/third_party/boringssl-with-bazel/src/ssl/extensions.cc DELETED
@@ -1,4325 +0,0 @@
1
- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2
- * All rights reserved.
3
- *
4
- * This package is an SSL implementation written
5
- * by Eric Young (eay@cryptsoft.com).
6
- * The implementation was written so as to conform with Netscapes SSL.
7
- *
8
- * This library is free for commercial and non-commercial use as long as
9
- * the following conditions are aheared to. The following conditions
10
- * apply to all code found in this distribution, be it the RC4, RSA,
11
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12
- * included with this distribution is covered by the same copyright terms
13
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14
- *
15
- * Copyright remains Eric Young's, and as such any Copyright notices in
16
- * the code are not to be removed.
17
- * If this package is used in a product, Eric Young should be given attribution
18
- * as the author of the parts of the library used.
19
- * This can be in the form of a textual message at program startup or
20
- * in documentation (online or textual) provided with the package.
21
- *
22
- * Redistribution and use in source and binary forms, with or without
23
- * modification, are permitted provided that the following conditions
24
- * are met:
25
- * 1. Redistributions of source code must retain the copyright
26
- * notice, this list of conditions and the following disclaimer.
27
- * 2. Redistributions in binary form must reproduce the above copyright
28
- * notice, this list of conditions and the following disclaimer in the
29
- * documentation and/or other materials provided with the distribution.
30
- * 3. All advertising materials mentioning features or use of this software
31
- * must display the following acknowledgement:
32
- * "This product includes cryptographic software written by
33
- * Eric Young (eay@cryptsoft.com)"
34
- * The word 'cryptographic' can be left out if the rouines from the library
35
- * being used are not cryptographic related :-).
36
- * 4. If you include any Windows specific code (or a derivative thereof) from
37
- * the apps directory (application code) you must include an acknowledgement:
38
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39
- *
40
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50
- * SUCH DAMAGE.
51
- *
52
- * The licence and distribution terms for any publically available version or
53
- * derivative of this code cannot be changed. i.e. this code cannot simply be
54
- * copied and put under another distribution licence
55
- * [including the GNU Public Licence.]
56
- */
57
- /* ====================================================================
58
- * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
59
- *
60
- * Redistribution and use in source and binary forms, with or without
61
- * modification, are permitted provided that the following conditions
62
- * are met:
63
- *
64
- * 1. Redistributions of source code must retain the above copyright
65
- * notice, this list of conditions and the following disclaimer.
66
- *
67
- * 2. Redistributions in binary form must reproduce the above copyright
68
- * notice, this list of conditions and the following disclaimer in
69
- * the documentation and/or other materials provided with the
70
- * distribution.
71
- *
72
- * 3. All advertising materials mentioning features or use of this
73
- * software must display the following acknowledgment:
74
- * "This product includes software developed by the OpenSSL Project
75
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
76
- *
77
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
78
- * endorse or promote products derived from this software without
79
- * prior written permission. For written permission, please contact
80
- * openssl-core@openssl.org.
81
- *
82
- * 5. Products derived from this software may not be called "OpenSSL"
83
- * nor may "OpenSSL" appear in their names without prior written
84
- * permission of the OpenSSL Project.
85
- *
86
- * 6. Redistributions of any form whatsoever must retain the following
87
- * acknowledgment:
88
- * "This product includes software developed by the OpenSSL Project
89
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
90
- *
91
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
92
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
93
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
94
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
95
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
96
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
97
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
98
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
99
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
100
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
101
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
102
- * OF THE POSSIBILITY OF SUCH DAMAGE.
103
- * ====================================================================
104
- *
105
- * This product includes cryptographic software written by Eric Young
106
- * (eay@cryptsoft.com). This product includes software written by Tim
107
- * Hudson (tjh@cryptsoft.com). */
108
-
109
- #include <openssl/ssl.h>
110
-
111
- #include <assert.h>
112
- #include <limits.h>
113
- #include <stdlib.h>
114
- #include <string.h>
115
-
116
- #include <algorithm>
117
- #include <utility>
118
-
119
- #include <openssl/aead.h>
120
- #include <openssl/bytestring.h>
121
- #include <openssl/chacha.h>
122
- #include <openssl/curve25519.h>
123
- #include <openssl/digest.h>
124
- #include <openssl/err.h>
125
- #include <openssl/evp.h>
126
- #include <openssl/hmac.h>
127
- #include <openssl/hpke.h>
128
- #include <openssl/mem.h>
129
- #include <openssl/nid.h>
130
- #include <openssl/rand.h>
131
-
132
- #include "../crypto/internal.h"
133
- #include "internal.h"
134
-
135
-
136
- BSSL_NAMESPACE_BEGIN
137
-
138
- static bool ssl_check_clienthello_tlsext(SSL_HANDSHAKE *hs);
139
- static bool ssl_check_serverhello_tlsext(SSL_HANDSHAKE *hs);
140
-
141
- static int compare_uint16_t(const void *p1, const void *p2) {
142
- uint16_t u1 = *((const uint16_t *)p1);
143
- uint16_t u2 = *((const uint16_t *)p2);
144
- if (u1 < u2) {
145
- return -1;
146
- } else if (u1 > u2) {
147
- return 1;
148
- } else {
149
- return 0;
150
- }
151
- }
152
-
153
- // Per http://tools.ietf.org/html/rfc5246#section-7.4.1.4, there may not be
154
- // more than one extension of the same type in a ClientHello or ServerHello.
155
- // This function does an initial scan over the extensions block to filter those
156
- // out.
157
- static bool tls1_check_duplicate_extensions(const CBS *cbs) {
158
- // First pass: count the extensions.
159
- size_t num_extensions = 0;
160
- CBS extensions = *cbs;
161
- while (CBS_len(&extensions) > 0) {
162
- uint16_t type;
163
- CBS extension;
164
-
165
- if (!CBS_get_u16(&extensions, &type) ||
166
- !CBS_get_u16_length_prefixed(&extensions, &extension)) {
167
- return false;
168
- }
169
-
170
- num_extensions++;
171
- }
172
-
173
- if (num_extensions == 0) {
174
- return true;
175
- }
176
-
177
- Array<uint16_t> extension_types;
178
- if (!extension_types.Init(num_extensions)) {
179
- return false;
180
- }
181
-
182
- // Second pass: gather the extension types.
183
- extensions = *cbs;
184
- for (size_t i = 0; i < extension_types.size(); i++) {
185
- CBS extension;
186
-
187
- if (!CBS_get_u16(&extensions, &extension_types[i]) ||
188
- !CBS_get_u16_length_prefixed(&extensions, &extension)) {
189
- // This should not happen.
190
- return false;
191
- }
192
- }
193
- assert(CBS_len(&extensions) == 0);
194
-
195
- // Sort the extensions and make sure there are no duplicates.
196
- qsort(extension_types.data(), extension_types.size(), sizeof(uint16_t),
197
- compare_uint16_t);
198
- for (size_t i = 1; i < num_extensions; i++) {
199
- if (extension_types[i - 1] == extension_types[i]) {
200
- return false;
201
- }
202
- }
203
-
204
- return true;
205
- }
206
-
207
- static bool is_post_quantum_group(uint16_t id) {
208
- return id == SSL_CURVE_CECPQ2;
209
- }
210
-
211
- bool ssl_client_hello_init(const SSL *ssl, SSL_CLIENT_HELLO *out,
212
- Span<const uint8_t> body) {
213
- CBS cbs = body;
214
- if (!ssl_parse_client_hello_with_trailing_data(ssl, &cbs, out) ||
215
- CBS_len(&cbs) != 0) {
216
- return false;
217
- }
218
- return true;
219
- }
220
-
221
- bool ssl_parse_client_hello_with_trailing_data(const SSL *ssl, CBS *cbs,
222
- SSL_CLIENT_HELLO *out) {
223
- OPENSSL_memset(out, 0, sizeof(*out));
224
- out->ssl = const_cast<SSL *>(ssl);
225
-
226
- CBS copy = *cbs;
227
- CBS random, session_id;
228
- if (!CBS_get_u16(cbs, &out->version) ||
229
- !CBS_get_bytes(cbs, &random, SSL3_RANDOM_SIZE) ||
230
- !CBS_get_u8_length_prefixed(cbs, &session_id) ||
231
- CBS_len(&session_id) > SSL_MAX_SSL_SESSION_ID_LENGTH) {
232
- return false;
233
- }
234
-
235
- out->random = CBS_data(&random);
236
- out->random_len = CBS_len(&random);
237
- out->session_id = CBS_data(&session_id);
238
- out->session_id_len = CBS_len(&session_id);
239
-
240
- // Skip past DTLS cookie
241
- if (SSL_is_dtls(out->ssl)) {
242
- CBS cookie;
243
- if (!CBS_get_u8_length_prefixed(cbs, &cookie) ||
244
- CBS_len(&cookie) > DTLS1_COOKIE_LENGTH) {
245
- return false;
246
- }
247
- }
248
-
249
- CBS cipher_suites, compression_methods;
250
- if (!CBS_get_u16_length_prefixed(cbs, &cipher_suites) ||
251
- CBS_len(&cipher_suites) < 2 || (CBS_len(&cipher_suites) & 1) != 0 ||
252
- !CBS_get_u8_length_prefixed(cbs, &compression_methods) ||
253
- CBS_len(&compression_methods) < 1) {
254
- return false;
255
- }
256
-
257
- out->cipher_suites = CBS_data(&cipher_suites);
258
- out->cipher_suites_len = CBS_len(&cipher_suites);
259
- out->compression_methods = CBS_data(&compression_methods);
260
- out->compression_methods_len = CBS_len(&compression_methods);
261
-
262
- // If the ClientHello ends here then it's valid, but doesn't have any
263
- // extensions.
264
- if (CBS_len(cbs) == 0) {
265
- out->extensions = nullptr;
266
- out->extensions_len = 0;
267
- } else {
268
- // Extract extensions and check it is valid.
269
- CBS extensions;
270
- if (!CBS_get_u16_length_prefixed(cbs, &extensions) ||
271
- !tls1_check_duplicate_extensions(&extensions)) {
272
- return false;
273
- }
274
- out->extensions = CBS_data(&extensions);
275
- out->extensions_len = CBS_len(&extensions);
276
- }
277
-
278
- out->client_hello = CBS_data(&copy);
279
- out->client_hello_len = CBS_len(&copy) - CBS_len(cbs);
280
- return true;
281
- }
282
-
283
- bool ssl_client_hello_get_extension(const SSL_CLIENT_HELLO *client_hello,
284
- CBS *out, uint16_t extension_type) {
285
- CBS extensions;
286
- CBS_init(&extensions, client_hello->extensions, client_hello->extensions_len);
287
- while (CBS_len(&extensions) != 0) {
288
- // Decode the next extension.
289
- uint16_t type;
290
- CBS extension;
291
- if (!CBS_get_u16(&extensions, &type) ||
292
- !CBS_get_u16_length_prefixed(&extensions, &extension)) {
293
- return false;
294
- }
295
-
296
- if (type == extension_type) {
297
- *out = extension;
298
- return true;
299
- }
300
- }
301
-
302
- return false;
303
- }
304
-
305
- static const uint16_t kDefaultGroups[] = {
306
- SSL_CURVE_X25519,
307
- SSL_CURVE_SECP256R1,
308
- SSL_CURVE_SECP384R1,
309
- };
310
-
311
- Span<const uint16_t> tls1_get_grouplist(const SSL_HANDSHAKE *hs) {
312
- if (!hs->config->supported_group_list.empty()) {
313
- return hs->config->supported_group_list;
314
- }
315
- return Span<const uint16_t>(kDefaultGroups);
316
- }
317
-
318
- bool tls1_get_shared_group(SSL_HANDSHAKE *hs, uint16_t *out_group_id) {
319
- SSL *const ssl = hs->ssl;
320
- assert(ssl->server);
321
-
322
- // Clients are not required to send a supported_groups extension. In this
323
- // case, the server is free to pick any group it likes. See RFC 4492,
324
- // section 4, paragraph 3.
325
- //
326
- // However, in the interests of compatibility, we will skip ECDH if the
327
- // client didn't send an extension because we can't be sure that they'll
328
- // support our favoured group. Thus we do not special-case an emtpy
329
- // |peer_supported_group_list|.
330
-
331
- Span<const uint16_t> groups = tls1_get_grouplist(hs);
332
- Span<const uint16_t> pref, supp;
333
- if (ssl->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
334
- pref = groups;
335
- supp = hs->peer_supported_group_list;
336
- } else {
337
- pref = hs->peer_supported_group_list;
338
- supp = groups;
339
- }
340
-
341
- for (uint16_t pref_group : pref) {
342
- for (uint16_t supp_group : supp) {
343
- if (pref_group == supp_group &&
344
- // CECPQ2(b) doesn't fit in the u8-length-prefixed ECPoint field in
345
- // TLS 1.2 and below.
346
- (ssl_protocol_version(ssl) >= TLS1_3_VERSION ||
347
- !is_post_quantum_group(pref_group))) {
348
- *out_group_id = pref_group;
349
- return true;
350
- }
351
- }
352
- }
353
-
354
- return false;
355
- }
356
-
357
- bool tls1_set_curves(Array<uint16_t> *out_group_ids, Span<const int> curves) {
358
- Array<uint16_t> group_ids;
359
- if (!group_ids.Init(curves.size())) {
360
- return false;
361
- }
362
-
363
- for (size_t i = 0; i < curves.size(); i++) {
364
- if (!ssl_nid_to_group_id(&group_ids[i], curves[i])) {
365
- return false;
366
- }
367
- }
368
-
369
- *out_group_ids = std::move(group_ids);
370
- return true;
371
- }
372
-
373
- bool tls1_set_curves_list(Array<uint16_t> *out_group_ids, const char *curves) {
374
- // Count the number of curves in the list.
375
- size_t count = 0;
376
- const char *ptr = curves, *col;
377
- do {
378
- col = strchr(ptr, ':');
379
- count++;
380
- if (col) {
381
- ptr = col + 1;
382
- }
383
- } while (col);
384
-
385
- Array<uint16_t> group_ids;
386
- if (!group_ids.Init(count)) {
387
- return false;
388
- }
389
-
390
- size_t i = 0;
391
- ptr = curves;
392
- do {
393
- col = strchr(ptr, ':');
394
- if (!ssl_name_to_group_id(&group_ids[i++], ptr,
395
- col ? (size_t)(col - ptr) : strlen(ptr))) {
396
- return false;
397
- }
398
- if (col) {
399
- ptr = col + 1;
400
- }
401
- } while (col);
402
-
403
- assert(i == count);
404
- *out_group_ids = std::move(group_ids);
405
- return true;
406
- }
407
-
408
- bool tls1_check_group_id(const SSL_HANDSHAKE *hs, uint16_t group_id) {
409
- if (is_post_quantum_group(group_id) &&
410
- ssl_protocol_version(hs->ssl) < TLS1_3_VERSION) {
411
- // CECPQ2(b) requires TLS 1.3.
412
- return false;
413
- }
414
-
415
- // We internally assume zero is never allocated as a group ID.
416
- if (group_id == 0) {
417
- return false;
418
- }
419
-
420
- for (uint16_t supported : tls1_get_grouplist(hs)) {
421
- if (supported == group_id) {
422
- return true;
423
- }
424
- }
425
-
426
- return false;
427
- }
428
-
429
- // kVerifySignatureAlgorithms is the default list of accepted signature
430
- // algorithms for verifying.
431
- static const uint16_t kVerifySignatureAlgorithms[] = {
432
- // List our preferred algorithms first.
433
- SSL_SIGN_ECDSA_SECP256R1_SHA256,
434
- SSL_SIGN_RSA_PSS_RSAE_SHA256,
435
- SSL_SIGN_RSA_PKCS1_SHA256,
436
-
437
- // Larger hashes are acceptable.
438
- SSL_SIGN_ECDSA_SECP384R1_SHA384,
439
- SSL_SIGN_RSA_PSS_RSAE_SHA384,
440
- SSL_SIGN_RSA_PKCS1_SHA384,
441
-
442
- SSL_SIGN_RSA_PSS_RSAE_SHA512,
443
- SSL_SIGN_RSA_PKCS1_SHA512,
444
-
445
- // For now, SHA-1 is still accepted but least preferable.
446
- SSL_SIGN_RSA_PKCS1_SHA1,
447
- };
448
-
449
- // kSignSignatureAlgorithms is the default list of supported signature
450
- // algorithms for signing.
451
- static const uint16_t kSignSignatureAlgorithms[] = {
452
- // List our preferred algorithms first.
453
- SSL_SIGN_ED25519,
454
- SSL_SIGN_ECDSA_SECP256R1_SHA256,
455
- SSL_SIGN_RSA_PSS_RSAE_SHA256,
456
- SSL_SIGN_RSA_PKCS1_SHA256,
457
-
458
- // If needed, sign larger hashes.
459
- //
460
- // TODO(davidben): Determine which of these may be pruned.
461
- SSL_SIGN_ECDSA_SECP384R1_SHA384,
462
- SSL_SIGN_RSA_PSS_RSAE_SHA384,
463
- SSL_SIGN_RSA_PKCS1_SHA384,
464
-
465
- SSL_SIGN_ECDSA_SECP521R1_SHA512,
466
- SSL_SIGN_RSA_PSS_RSAE_SHA512,
467
- SSL_SIGN_RSA_PKCS1_SHA512,
468
-
469
- // If the peer supports nothing else, sign with SHA-1.
470
- SSL_SIGN_ECDSA_SHA1,
471
- SSL_SIGN_RSA_PKCS1_SHA1,
472
- };
473
-
474
- static Span<const uint16_t> tls12_get_verify_sigalgs(const SSL_HANDSHAKE *hs) {
475
- if (hs->config->verify_sigalgs.empty()) {
476
- return Span<const uint16_t>(kVerifySignatureAlgorithms);
477
- }
478
- return hs->config->verify_sigalgs;
479
- }
480
-
481
- bool tls12_add_verify_sigalgs(const SSL_HANDSHAKE *hs, CBB *out) {
482
- for (uint16_t sigalg : tls12_get_verify_sigalgs(hs)) {
483
- if (!CBB_add_u16(out, sigalg)) {
484
- return false;
485
- }
486
- }
487
- return true;
488
- }
489
-
490
- bool tls12_check_peer_sigalg(const SSL_HANDSHAKE *hs, uint8_t *out_alert,
491
- uint16_t sigalg) {
492
- for (uint16_t verify_sigalg : tls12_get_verify_sigalgs(hs)) {
493
- if (verify_sigalg == sigalg) {
494
- return true;
495
- }
496
- }
497
-
498
- OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_SIGNATURE_TYPE);
499
- *out_alert = SSL_AD_ILLEGAL_PARAMETER;
500
- return false;
501
- }
502
-
503
- // tls_extension represents a TLS extension that is handled internally.
504
- //
505
- // The parse callbacks receive a |CBS| that contains the contents of the
506
- // extension (i.e. not including the type and length bytes). If an extension is
507
- // not received then the parse callbacks will be called with a NULL CBS so that
508
- // they can do any processing needed to handle the absence of an extension.
509
- //
510
- // The add callbacks receive a |CBB| to which the extension can be appended but
511
- // the function is responsible for appending the type and length bytes too.
512
- //
513
- // |add_clienthello| may be called multiple times and must not mutate |hs|. It
514
- // is additionally passed two output |CBB|s. If the extension is the same
515
- // independent of the value of |type|, the callback may write to
516
- // |out_compressible| instead of |out|. When serializing the ClientHelloInner,
517
- // all compressible extensions will be made continguous and replaced with
518
- // ech_outer_extensions when encrypted. When serializing the ClientHelloOuter
519
- // or not offering ECH, |out| will be equal to |out_compressible|, so writing to
520
- // |out_compressible| still works.
521
- //
522
- // Note the |parse_serverhello| and |add_serverhello| callbacks refer to the
523
- // TLS 1.2 ServerHello. In TLS 1.3, these callbacks act on EncryptedExtensions,
524
- // with ServerHello extensions handled elsewhere in the handshake.
525
- //
526
- // All callbacks return true for success and false for error. If a parse
527
- // function returns zero then a fatal alert with value |*out_alert| will be
528
- // sent. If |*out_alert| isn't set, then a |decode_error| alert will be sent.
529
- struct tls_extension {
530
- uint16_t value;
531
-
532
- bool (*add_clienthello)(const SSL_HANDSHAKE *hs, CBB *out,
533
- CBB *out_compressible, ssl_client_hello_type_t type);
534
- bool (*parse_serverhello)(SSL_HANDSHAKE *hs, uint8_t *out_alert,
535
- CBS *contents);
536
-
537
- bool (*parse_clienthello)(SSL_HANDSHAKE *hs, uint8_t *out_alert,
538
- CBS *contents);
539
- bool (*add_serverhello)(SSL_HANDSHAKE *hs, CBB *out);
540
- };
541
-
542
- static bool forbid_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
543
- CBS *contents) {
544
- if (contents != NULL) {
545
- // Servers MUST NOT send this extension.
546
- *out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
547
- OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
548
- return false;
549
- }
550
-
551
- return true;
552
- }
553
-
554
- static bool ignore_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
555
- CBS *contents) {
556
- // This extension from the client is handled elsewhere.
557
- return true;
558
- }
559
-
560
- static bool dont_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
561
- return true;
562
- }
563
-
564
- // Server name indication (SNI).
565
- //
566
- // https://tools.ietf.org/html/rfc6066#section-3.
567
-
568
- static bool ext_sni_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out,
569
- CBB *out_compressible,
570
- ssl_client_hello_type_t type) {
571
- const SSL *const ssl = hs->ssl;
572
- // If offering ECH, send the public name instead of the configured name.
573
- Span<const uint8_t> hostname;
574
- if (type == ssl_client_hello_outer) {
575
- hostname = hs->selected_ech_config->public_name;
576
- } else {
577
- if (ssl->hostname == nullptr) {
578
- return true;
579
- }
580
- hostname =
581
- MakeConstSpan(reinterpret_cast<const uint8_t *>(ssl->hostname.get()),
582
- strlen(ssl->hostname.get()));
583
- }
584
-
585
- CBB contents, server_name_list, name;
586
- if (!CBB_add_u16(out, TLSEXT_TYPE_server_name) ||
587
- !CBB_add_u16_length_prefixed(out, &contents) ||
588
- !CBB_add_u16_length_prefixed(&contents, &server_name_list) ||
589
- !CBB_add_u8(&server_name_list, TLSEXT_NAMETYPE_host_name) ||
590
- !CBB_add_u16_length_prefixed(&server_name_list, &name) ||
591
- !CBB_add_bytes(&name, hostname.data(), hostname.size()) ||
592
- !CBB_flush(out)) {
593
- return false;
594
- }
595
-
596
- return true;
597
- }
598
-
599
- static bool ext_sni_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
600
- CBS *contents) {
601
- // The server may acknowledge SNI with an empty extension. We check the syntax
602
- // but otherwise ignore this signal.
603
- return contents == NULL || CBS_len(contents) == 0;
604
- }
605
-
606
- static bool ext_sni_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
607
- CBS *contents) {
608
- // SNI has already been parsed earlier in the handshake. See |extract_sni|.
609
- return true;
610
- }
611
-
612
- static bool ext_sni_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
613
- if (hs->ssl->s3->session_reused ||
614
- !hs->should_ack_sni) {
615
- return true;
616
- }
617
-
618
- if (!CBB_add_u16(out, TLSEXT_TYPE_server_name) ||
619
- !CBB_add_u16(out, 0 /* length */)) {
620
- return false;
621
- }
622
-
623
- return true;
624
- }
625
-
626
-
627
- // Encrypted ClientHello (ECH)
628
- //
629
- // https://tools.ietf.org/html/draft-ietf-tls-esni-13
630
-
631
- static bool ext_ech_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out,
632
- CBB *out_compressible,
633
- ssl_client_hello_type_t type) {
634
- if (type == ssl_client_hello_inner) {
635
- if (!CBB_add_u16(out, TLSEXT_TYPE_encrypted_client_hello) ||
636
- !CBB_add_u16(out, /* length */ 1) ||
637
- !CBB_add_u8(out, ECH_CLIENT_INNER)) {
638
- return false;
639
- }
640
- return true;
641
- }
642
-
643
- if (hs->ech_client_outer.empty()) {
644
- return true;
645
- }
646
-
647
- CBB ech_body;
648
- if (!CBB_add_u16(out, TLSEXT_TYPE_encrypted_client_hello) ||
649
- !CBB_add_u16_length_prefixed(out, &ech_body) ||
650
- !CBB_add_u8(&ech_body, ECH_CLIENT_OUTER) ||
651
- !CBB_add_bytes(&ech_body, hs->ech_client_outer.data(),
652
- hs->ech_client_outer.size()) ||
653
- !CBB_flush(out)) {
654
- return false;
655
- }
656
- return true;
657
- }
658
-
659
- static bool ext_ech_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
660
- CBS *contents) {
661
- SSL *const ssl = hs->ssl;
662
- if (contents == NULL) {
663
- return true;
664
- }
665
-
666
- // The ECH extension may not be sent in TLS 1.2 ServerHello, only TLS 1.3
667
- // EncryptedExtensions. It also may not be sent in response to an inner ECH
668
- // extension.
669
- if (ssl_protocol_version(ssl) < TLS1_3_VERSION ||
670
- ssl->s3->ech_status == ssl_ech_accepted) {
671
- *out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
672
- OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
673
- return false;
674
- }
675
-
676
- if (!ssl_is_valid_ech_config_list(*contents)) {
677
- *out_alert = SSL_AD_DECODE_ERROR;
678
- return false;
679
- }
680
-
681
- if (ssl->s3->ech_status == ssl_ech_rejected &&
682
- !hs->ech_retry_configs.CopyFrom(*contents)) {
683
- *out_alert = SSL_AD_INTERNAL_ERROR;
684
- return false;
685
- }
686
-
687
- return true;
688
- }
689
-
690
- static bool ext_ech_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
691
- CBS *contents) {
692
- if (contents == nullptr) {
693
- return true;
694
- }
695
-
696
- uint8_t type;
697
- if (!CBS_get_u8(contents, &type)) {
698
- return false;
699
- }
700
- if (type == ECH_CLIENT_OUTER) {
701
- // Outer ECH extensions are handled outside the callback.
702
- return true;
703
- }
704
- if (type != ECH_CLIENT_INNER || CBS_len(contents) != 0) {
705
- return false;
706
- }
707
-
708
- hs->ech_is_inner = true;
709
- return true;
710
- }
711
-
712
- static bool ext_ech_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
713
- SSL *const ssl = hs->ssl;
714
- if (ssl_protocol_version(ssl) < TLS1_3_VERSION ||
715
- ssl->s3->ech_status == ssl_ech_accepted || //
716
- hs->ech_keys == nullptr) {
717
- return true;
718
- }
719
-
720
- // Write the list of retry configs to |out|. Note |SSL_CTX_set1_ech_keys|
721
- // ensures |ech_keys| contains at least one retry config.
722
- CBB body, retry_configs;
723
- if (!CBB_add_u16(out, TLSEXT_TYPE_encrypted_client_hello) ||
724
- !CBB_add_u16_length_prefixed(out, &body) ||
725
- !CBB_add_u16_length_prefixed(&body, &retry_configs)) {
726
- return false;
727
- }
728
- for (const auto &config : hs->ech_keys->configs) {
729
- if (!config->is_retry_config()) {
730
- continue;
731
- }
732
- if (!CBB_add_bytes(&retry_configs, config->ech_config().raw.data(),
733
- config->ech_config().raw.size())) {
734
- return false;
735
- }
736
- }
737
- return CBB_flush(out);
738
- }
739
-
740
-
741
- // Renegotiation indication.
742
- //
743
- // https://tools.ietf.org/html/rfc5746
744
-
745
- static bool ext_ri_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out,
746
- CBB *out_compressible,
747
- ssl_client_hello_type_t type) {
748
- const SSL *const ssl = hs->ssl;
749
- // Renegotiation indication is not necessary in TLS 1.3.
750
- if (hs->min_version >= TLS1_3_VERSION ||
751
- type == ssl_client_hello_inner) {
752
- return true;
753
- }
754
-
755
- assert(ssl->s3->initial_handshake_complete ==
756
- (ssl->s3->previous_client_finished_len != 0));
757
-
758
- CBB contents, prev_finished;
759
- if (!CBB_add_u16(out, TLSEXT_TYPE_renegotiate) ||
760
- !CBB_add_u16_length_prefixed(out, &contents) ||
761
- !CBB_add_u8_length_prefixed(&contents, &prev_finished) ||
762
- !CBB_add_bytes(&prev_finished, ssl->s3->previous_client_finished,
763
- ssl->s3->previous_client_finished_len) ||
764
- !CBB_flush(out)) {
765
- return false;
766
- }
767
-
768
- return true;
769
- }
770
-
771
- static bool ext_ri_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
772
- CBS *contents) {
773
- SSL *const ssl = hs->ssl;
774
- if (contents != NULL && ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
775
- *out_alert = SSL_AD_ILLEGAL_PARAMETER;
776
- return false;
777
- }
778
-
779
- // Servers may not switch between omitting the extension and supporting it.
780
- // See RFC 5746, sections 3.5 and 4.2.
781
- if (ssl->s3->initial_handshake_complete &&
782
- (contents != NULL) != ssl->s3->send_connection_binding) {
783
- *out_alert = SSL_AD_HANDSHAKE_FAILURE;
784
- OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_MISMATCH);
785
- return false;
786
- }
787
-
788
- if (contents == NULL) {
789
- // Strictly speaking, if we want to avoid an attack we should *always* see
790
- // RI even on initial ServerHello because the client doesn't see any
791
- // renegotiation during an attack. However this would mean we could not
792
- // connect to any server which doesn't support RI.
793
- //
794
- // OpenSSL has |SSL_OP_LEGACY_SERVER_CONNECT| to control this, but in
795
- // practical terms every client sets it so it's just assumed here.
796
- return true;
797
- }
798
-
799
- const size_t expected_len = ssl->s3->previous_client_finished_len +
800
- ssl->s3->previous_server_finished_len;
801
-
802
- // Check for logic errors
803
- assert(!expected_len || ssl->s3->previous_client_finished_len);
804
- assert(!expected_len || ssl->s3->previous_server_finished_len);
805
- assert(ssl->s3->initial_handshake_complete ==
806
- (ssl->s3->previous_client_finished_len != 0));
807
- assert(ssl->s3->initial_handshake_complete ==
808
- (ssl->s3->previous_server_finished_len != 0));
809
-
810
- // Parse out the extension contents.
811
- CBS renegotiated_connection;
812
- if (!CBS_get_u8_length_prefixed(contents, &renegotiated_connection) ||
813
- CBS_len(contents) != 0) {
814
- OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_ENCODING_ERR);
815
- *out_alert = SSL_AD_ILLEGAL_PARAMETER;
816
- return false;
817
- }
818
-
819
- // Check that the extension matches.
820
- if (CBS_len(&renegotiated_connection) != expected_len) {
821
- OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_MISMATCH);
822
- *out_alert = SSL_AD_HANDSHAKE_FAILURE;
823
- return false;
824
- }
825
-
826
- const uint8_t *d = CBS_data(&renegotiated_connection);
827
- bool ok = CRYPTO_memcmp(d, ssl->s3->previous_client_finished,
828
- ssl->s3->previous_client_finished_len) == 0;
829
- #if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
830
- ok = true;
831
- #endif
832
- if (!ok) {
833
- OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_MISMATCH);
834
- *out_alert = SSL_AD_HANDSHAKE_FAILURE;
835
- return false;
836
- }
837
- d += ssl->s3->previous_client_finished_len;
838
-
839
- ok = CRYPTO_memcmp(d, ssl->s3->previous_server_finished,
840
- ssl->s3->previous_server_finished_len) == 0;
841
- #if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
842
- ok = true;
843
- #endif
844
- if (!ok) {
845
- OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_MISMATCH);
846
- *out_alert = SSL_AD_HANDSHAKE_FAILURE;
847
- return false;
848
- }
849
- ssl->s3->send_connection_binding = true;
850
-
851
- return true;
852
- }
853
-
854
- static bool ext_ri_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
855
- CBS *contents) {
856
- SSL *const ssl = hs->ssl;
857
- // Renegotiation isn't supported as a server so this function should never be
858
- // called after the initial handshake.
859
- assert(!ssl->s3->initial_handshake_complete);
860
-
861
- if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
862
- return true;
863
- }
864
-
865
- if (contents == NULL) {
866
- return true;
867
- }
868
-
869
- CBS renegotiated_connection;
870
- if (!CBS_get_u8_length_prefixed(contents, &renegotiated_connection) ||
871
- CBS_len(contents) != 0) {
872
- OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_ENCODING_ERR);
873
- return false;
874
- }
875
-
876
- // Check that the extension matches. We do not support renegotiation as a
877
- // server, so this must be empty.
878
- if (CBS_len(&renegotiated_connection) != 0) {
879
- OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_MISMATCH);
880
- *out_alert = SSL_AD_HANDSHAKE_FAILURE;
881
- return false;
882
- }
883
-
884
- ssl->s3->send_connection_binding = true;
885
-
886
- return true;
887
- }
888
-
889
- static bool ext_ri_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
890
- SSL *const ssl = hs->ssl;
891
- // Renegotiation isn't supported as a server so this function should never be
892
- // called after the initial handshake.
893
- assert(!ssl->s3->initial_handshake_complete);
894
-
895
- if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
896
- return true;
897
- }
898
-
899
- if (!CBB_add_u16(out, TLSEXT_TYPE_renegotiate) ||
900
- !CBB_add_u16(out, 1 /* length */) ||
901
- !CBB_add_u8(out, 0 /* empty renegotiation info */)) {
902
- return false;
903
- }
904
-
905
- return true;
906
- }
907
-
908
-
909
- // Extended Master Secret.
910
- //
911
- // https://tools.ietf.org/html/rfc7627
912
-
913
- static bool ext_ems_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out,
914
- CBB *out_compressible,
915
- ssl_client_hello_type_t type) {
916
- // Extended master secret is not necessary in TLS 1.3.
917
- if (hs->min_version >= TLS1_3_VERSION || type == ssl_client_hello_inner) {
918
- return true;
919
- }
920
-
921
- if (!CBB_add_u16(out, TLSEXT_TYPE_extended_master_secret) ||
922
- !CBB_add_u16(out, 0 /* length */)) {
923
- return false;
924
- }
925
-
926
- return true;
927
- }
928
-
929
- static bool ext_ems_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
930
- CBS *contents) {
931
- SSL *const ssl = hs->ssl;
932
-
933
- if (contents != NULL) {
934
- if (ssl_protocol_version(ssl) >= TLS1_3_VERSION ||
935
- CBS_len(contents) != 0) {
936
- return false;
937
- }
938
-
939
- hs->extended_master_secret = true;
940
- }
941
-
942
- // Whether EMS is negotiated may not change on renegotiation.
943
- if (ssl->s3->established_session != nullptr &&
944
- hs->extended_master_secret !=
945
- !!ssl->s3->established_session->extended_master_secret) {
946
- OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_EMS_MISMATCH);
947
- *out_alert = SSL_AD_ILLEGAL_PARAMETER;
948
- return false;
949
- }
950
-
951
- return true;
952
- }
953
-
954
- static bool ext_ems_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
955
- CBS *contents) {
956
- if (ssl_protocol_version(hs->ssl) >= TLS1_3_VERSION) {
957
- return true;
958
- }
959
-
960
- if (contents == NULL) {
961
- return true;
962
- }
963
-
964
- if (CBS_len(contents) != 0) {
965
- return false;
966
- }
967
-
968
- hs->extended_master_secret = true;
969
- return true;
970
- }
971
-
972
- static bool ext_ems_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
973
- if (!hs->extended_master_secret) {
974
- return true;
975
- }
976
-
977
- if (!CBB_add_u16(out, TLSEXT_TYPE_extended_master_secret) ||
978
- !CBB_add_u16(out, 0 /* length */)) {
979
- return false;
980
- }
981
-
982
- return true;
983
- }
984
-
985
-
986
- // Session tickets.
987
- //
988
- // https://tools.ietf.org/html/rfc5077
989
-
990
- static bool ext_ticket_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out,
991
- CBB *out_compressible,
992
- ssl_client_hello_type_t type) {
993
- const SSL *const ssl = hs->ssl;
994
- // TLS 1.3 uses a different ticket extension.
995
- if (hs->min_version >= TLS1_3_VERSION || type == ssl_client_hello_inner ||
996
- SSL_get_options(ssl) & SSL_OP_NO_TICKET) {
997
- return true;
998
- }
999
-
1000
- Span<const uint8_t> ticket;
1001
-
1002
- // Renegotiation does not participate in session resumption. However, still
1003
- // advertise the extension to avoid potentially breaking servers which carry
1004
- // over the state from the previous handshake, such as OpenSSL servers
1005
- // without upstream's 3c3f0259238594d77264a78944d409f2127642c4.
1006
- if (!ssl->s3->initial_handshake_complete &&
1007
- ssl->session != nullptr &&
1008
- !ssl->session->ticket.empty() &&
1009
- // Don't send TLS 1.3 session tickets in the ticket extension.
1010
- ssl_session_protocol_version(ssl->session.get()) < TLS1_3_VERSION) {
1011
- ticket = ssl->session->ticket;
1012
- }
1013
-
1014
- CBB ticket_cbb;
1015
- if (!CBB_add_u16(out, TLSEXT_TYPE_session_ticket) ||
1016
- !CBB_add_u16_length_prefixed(out, &ticket_cbb) ||
1017
- !CBB_add_bytes(&ticket_cbb, ticket.data(), ticket.size()) ||
1018
- !CBB_flush(out)) {
1019
- return false;
1020
- }
1021
-
1022
- return true;
1023
- }
1024
-
1025
- static bool ext_ticket_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
1026
- CBS *contents) {
1027
- SSL *const ssl = hs->ssl;
1028
- if (contents == NULL) {
1029
- return true;
1030
- }
1031
-
1032
- if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
1033
- return false;
1034
- }
1035
-
1036
- // If |SSL_OP_NO_TICKET| is set then no extension will have been sent and
1037
- // this function should never be called, even if the server tries to send the
1038
- // extension.
1039
- assert((SSL_get_options(ssl) & SSL_OP_NO_TICKET) == 0);
1040
-
1041
- if (CBS_len(contents) != 0) {
1042
- return false;
1043
- }
1044
-
1045
- hs->ticket_expected = true;
1046
- return true;
1047
- }
1048
-
1049
- static bool ext_ticket_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
1050
- if (!hs->ticket_expected) {
1051
- return true;
1052
- }
1053
-
1054
- // If |SSL_OP_NO_TICKET| is set, |ticket_expected| should never be true.
1055
- assert((SSL_get_options(hs->ssl) & SSL_OP_NO_TICKET) == 0);
1056
-
1057
- if (!CBB_add_u16(out, TLSEXT_TYPE_session_ticket) ||
1058
- !CBB_add_u16(out, 0 /* length */)) {
1059
- return false;
1060
- }
1061
-
1062
- return true;
1063
- }
1064
-
1065
-
1066
- // Signature Algorithms.
1067
- //
1068
- // https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
1069
-
1070
- static bool ext_sigalgs_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out,
1071
- CBB *out_compressible,
1072
- ssl_client_hello_type_t type) {
1073
- if (hs->max_version < TLS1_2_VERSION) {
1074
- return true;
1075
- }
1076
-
1077
- CBB contents, sigalgs_cbb;
1078
- if (!CBB_add_u16(out_compressible, TLSEXT_TYPE_signature_algorithms) ||
1079
- !CBB_add_u16_length_prefixed(out_compressible, &contents) ||
1080
- !CBB_add_u16_length_prefixed(&contents, &sigalgs_cbb) ||
1081
- !tls12_add_verify_sigalgs(hs, &sigalgs_cbb) ||
1082
- !CBB_flush(out_compressible)) {
1083
- return false;
1084
- }
1085
-
1086
- return true;
1087
- }
1088
-
1089
- static bool ext_sigalgs_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
1090
- CBS *contents) {
1091
- hs->peer_sigalgs.Reset();
1092
- if (contents == NULL) {
1093
- return true;
1094
- }
1095
-
1096
- CBS supported_signature_algorithms;
1097
- if (!CBS_get_u16_length_prefixed(contents, &supported_signature_algorithms) ||
1098
- CBS_len(contents) != 0 ||
1099
- !tls1_parse_peer_sigalgs(hs, &supported_signature_algorithms)) {
1100
- return false;
1101
- }
1102
-
1103
- return true;
1104
- }
1105
-
1106
-
1107
- // OCSP Stapling.
1108
- //
1109
- // https://tools.ietf.org/html/rfc6066#section-8
1110
-
1111
- static bool ext_ocsp_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out,
1112
- CBB *out_compressible,
1113
- ssl_client_hello_type_t type) {
1114
- if (!hs->config->ocsp_stapling_enabled) {
1115
- return true;
1116
- }
1117
-
1118
- CBB contents;
1119
- if (!CBB_add_u16(out_compressible, TLSEXT_TYPE_status_request) ||
1120
- !CBB_add_u16_length_prefixed(out_compressible, &contents) ||
1121
- !CBB_add_u8(&contents, TLSEXT_STATUSTYPE_ocsp) ||
1122
- !CBB_add_u16(&contents, 0 /* empty responder ID list */) ||
1123
- !CBB_add_u16(&contents, 0 /* empty request extensions */) ||
1124
- !CBB_flush(out_compressible)) {
1125
- return false;
1126
- }
1127
-
1128
- return true;
1129
- }
1130
-
1131
- static bool ext_ocsp_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
1132
- CBS *contents) {
1133
- SSL *const ssl = hs->ssl;
1134
- if (contents == NULL) {
1135
- return true;
1136
- }
1137
-
1138
- // TLS 1.3 OCSP responses are included in the Certificate extensions.
1139
- if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
1140
- return false;
1141
- }
1142
-
1143
- // OCSP stapling is forbidden on non-certificate ciphers.
1144
- if (CBS_len(contents) != 0 ||
1145
- !ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
1146
- return false;
1147
- }
1148
-
1149
- // Note this does not check for resumption in TLS 1.2. Sending
1150
- // status_request here does not make sense, but OpenSSL does so and the
1151
- // specification does not say anything. Tolerate it but ignore it.
1152
-
1153
- hs->certificate_status_expected = true;
1154
- return true;
1155
- }
1156
-
1157
- static bool ext_ocsp_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
1158
- CBS *contents) {
1159
- if (contents == NULL) {
1160
- return true;
1161
- }
1162
-
1163
- uint8_t status_type;
1164
- if (!CBS_get_u8(contents, &status_type)) {
1165
- return false;
1166
- }
1167
-
1168
- // We cannot decide whether OCSP stapling will occur yet because the correct
1169
- // SSL_CTX might not have been selected.
1170
- hs->ocsp_stapling_requested = status_type == TLSEXT_STATUSTYPE_ocsp;
1171
-
1172
- return true;
1173
- }
1174
-
1175
- static bool ext_ocsp_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
1176
- SSL *const ssl = hs->ssl;
1177
- if (ssl_protocol_version(ssl) >= TLS1_3_VERSION ||
1178
- !hs->ocsp_stapling_requested || hs->config->cert->ocsp_response == NULL ||
1179
- ssl->s3->session_reused ||
1180
- !ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
1181
- return true;
1182
- }
1183
-
1184
- hs->certificate_status_expected = true;
1185
-
1186
- return CBB_add_u16(out, TLSEXT_TYPE_status_request) &&
1187
- CBB_add_u16(out, 0 /* length */);
1188
- }
1189
-
1190
-
1191
- // Next protocol negotiation.
1192
- //
1193
- // https://htmlpreview.github.io/?https://github.com/agl/technotes/blob/master/nextprotoneg.html
1194
-
1195
- static bool ext_npn_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out,
1196
- CBB *out_compressible,
1197
- ssl_client_hello_type_t type) {
1198
- const SSL *const ssl = hs->ssl;
1199
- if (ssl->ctx->next_proto_select_cb == NULL ||
1200
- // Do not allow NPN to change on renegotiation.
1201
- ssl->s3->initial_handshake_complete ||
1202
- // NPN is not defined in DTLS or TLS 1.3.
1203
- SSL_is_dtls(ssl) || hs->min_version >= TLS1_3_VERSION ||
1204
- type == ssl_client_hello_inner) {
1205
- return true;
1206
- }
1207
-
1208
- if (!CBB_add_u16(out, TLSEXT_TYPE_next_proto_neg) ||
1209
- !CBB_add_u16(out, 0 /* length */)) {
1210
- return false;
1211
- }
1212
-
1213
- return true;
1214
- }
1215
-
1216
- static bool ext_npn_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
1217
- CBS *contents) {
1218
- SSL *const ssl = hs->ssl;
1219
- if (contents == NULL) {
1220
- return true;
1221
- }
1222
-
1223
- if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
1224
- return false;
1225
- }
1226
-
1227
- // If any of these are false then we should never have sent the NPN
1228
- // extension in the ClientHello and thus this function should never have been
1229
- // called.
1230
- assert(!ssl->s3->initial_handshake_complete);
1231
- assert(!SSL_is_dtls(ssl));
1232
- assert(ssl->ctx->next_proto_select_cb != NULL);
1233
-
1234
- if (!ssl->s3->alpn_selected.empty()) {
1235
- // NPN and ALPN may not be negotiated in the same connection.
1236
- *out_alert = SSL_AD_ILLEGAL_PARAMETER;
1237
- OPENSSL_PUT_ERROR(SSL, SSL_R_NEGOTIATED_BOTH_NPN_AND_ALPN);
1238
- return false;
1239
- }
1240
-
1241
- const uint8_t *const orig_contents = CBS_data(contents);
1242
- const size_t orig_len = CBS_len(contents);
1243
-
1244
- while (CBS_len(contents) != 0) {
1245
- CBS proto;
1246
- if (!CBS_get_u8_length_prefixed(contents, &proto) ||
1247
- CBS_len(&proto) == 0) {
1248
- return false;
1249
- }
1250
- }
1251
-
1252
- uint8_t *selected;
1253
- uint8_t selected_len;
1254
- if (ssl->ctx->next_proto_select_cb(
1255
- ssl, &selected, &selected_len, orig_contents, orig_len,
1256
- ssl->ctx->next_proto_select_cb_arg) != SSL_TLSEXT_ERR_OK ||
1257
- !ssl->s3->next_proto_negotiated.CopyFrom(
1258
- MakeConstSpan(selected, selected_len))) {
1259
- *out_alert = SSL_AD_INTERNAL_ERROR;
1260
- return false;
1261
- }
1262
-
1263
- hs->next_proto_neg_seen = true;
1264
- return true;
1265
- }
1266
-
1267
- static bool ext_npn_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
1268
- CBS *contents) {
1269
- SSL *const ssl = hs->ssl;
1270
- if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
1271
- return true;
1272
- }
1273
-
1274
- if (contents != NULL && CBS_len(contents) != 0) {
1275
- return false;
1276
- }
1277
-
1278
- if (contents == NULL ||
1279
- ssl->s3->initial_handshake_complete ||
1280
- ssl->ctx->next_protos_advertised_cb == NULL ||
1281
- SSL_is_dtls(ssl)) {
1282
- return true;
1283
- }
1284
-
1285
- hs->next_proto_neg_seen = true;
1286
- return true;
1287
- }
1288
-
1289
- static bool ext_npn_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
1290
- SSL *const ssl = hs->ssl;
1291
- // |next_proto_neg_seen| might have been cleared when an ALPN extension was
1292
- // parsed.
1293
- if (!hs->next_proto_neg_seen) {
1294
- return true;
1295
- }
1296
-
1297
- const uint8_t *npa;
1298
- unsigned npa_len;
1299
-
1300
- if (ssl->ctx->next_protos_advertised_cb(
1301
- ssl, &npa, &npa_len, ssl->ctx->next_protos_advertised_cb_arg) !=
1302
- SSL_TLSEXT_ERR_OK) {
1303
- hs->next_proto_neg_seen = false;
1304
- return true;
1305
- }
1306
-
1307
- CBB contents;
1308
- if (!CBB_add_u16(out, TLSEXT_TYPE_next_proto_neg) ||
1309
- !CBB_add_u16_length_prefixed(out, &contents) ||
1310
- !CBB_add_bytes(&contents, npa, npa_len) ||
1311
- !CBB_flush(out)) {
1312
- return false;
1313
- }
1314
-
1315
- return true;
1316
- }
1317
-
1318
-
1319
- // Signed certificate timestamps.
1320
- //
1321
- // https://tools.ietf.org/html/rfc6962#section-3.3.1
1322
-
1323
- static bool ext_sct_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out,
1324
- CBB *out_compressible,
1325
- ssl_client_hello_type_t type) {
1326
- if (!hs->config->signed_cert_timestamps_enabled) {
1327
- return true;
1328
- }
1329
-
1330
- if (!CBB_add_u16(out_compressible, TLSEXT_TYPE_certificate_timestamp) ||
1331
- !CBB_add_u16(out_compressible, 0 /* length */)) {
1332
- return false;
1333
- }
1334
-
1335
- return true;
1336
- }
1337
-
1338
- static bool ext_sct_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
1339
- CBS *contents) {
1340
- SSL *const ssl = hs->ssl;
1341
- if (contents == NULL) {
1342
- return true;
1343
- }
1344
-
1345
- // TLS 1.3 SCTs are included in the Certificate extensions.
1346
- if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
1347
- *out_alert = SSL_AD_DECODE_ERROR;
1348
- return false;
1349
- }
1350
-
1351
- // If this is false then we should never have sent the SCT extension in the
1352
- // ClientHello and thus this function should never have been called.
1353
- assert(hs->config->signed_cert_timestamps_enabled);
1354
-
1355
- if (!ssl_is_sct_list_valid(contents)) {
1356
- *out_alert = SSL_AD_DECODE_ERROR;
1357
- return false;
1358
- }
1359
-
1360
- // Session resumption uses the original session information. The extension
1361
- // should not be sent on resumption, but RFC 6962 did not make it a
1362
- // requirement, so tolerate this.
1363
- //
1364
- // TODO(davidben): Enforce this anyway.
1365
- if (!ssl->s3->session_reused) {
1366
- hs->new_session->signed_cert_timestamp_list.reset(
1367
- CRYPTO_BUFFER_new_from_CBS(contents, ssl->ctx->pool));
1368
- if (hs->new_session->signed_cert_timestamp_list == nullptr) {
1369
- *out_alert = SSL_AD_INTERNAL_ERROR;
1370
- return false;
1371
- }
1372
- }
1373
-
1374
- return true;
1375
- }
1376
-
1377
- static bool ext_sct_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
1378
- CBS *contents) {
1379
- if (contents == NULL) {
1380
- return true;
1381
- }
1382
-
1383
- if (CBS_len(contents) != 0) {
1384
- return false;
1385
- }
1386
-
1387
- hs->scts_requested = true;
1388
- return true;
1389
- }
1390
-
1391
- static bool ext_sct_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
1392
- SSL *const ssl = hs->ssl;
1393
- // The extension shouldn't be sent when resuming sessions.
1394
- if (ssl_protocol_version(ssl) >= TLS1_3_VERSION || ssl->s3->session_reused ||
1395
- hs->config->cert->signed_cert_timestamp_list == NULL) {
1396
- return true;
1397
- }
1398
-
1399
- CBB contents;
1400
- return CBB_add_u16(out, TLSEXT_TYPE_certificate_timestamp) &&
1401
- CBB_add_u16_length_prefixed(out, &contents) &&
1402
- CBB_add_bytes(
1403
- &contents,
1404
- CRYPTO_BUFFER_data(
1405
- hs->config->cert->signed_cert_timestamp_list.get()),
1406
- CRYPTO_BUFFER_len(
1407
- hs->config->cert->signed_cert_timestamp_list.get())) &&
1408
- CBB_flush(out);
1409
- }
1410
-
1411
-
1412
- // Application-level Protocol Negotiation.
1413
- //
1414
- // https://tools.ietf.org/html/rfc7301
1415
-
1416
- static bool ext_alpn_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out,
1417
- CBB *out_compressible,
1418
- ssl_client_hello_type_t type) {
1419
- const SSL *const ssl = hs->ssl;
1420
- if (hs->config->alpn_client_proto_list.empty() && ssl->quic_method) {
1421
- // ALPN MUST be used with QUIC.
1422
- OPENSSL_PUT_ERROR(SSL, SSL_R_NO_APPLICATION_PROTOCOL);
1423
- return false;
1424
- }
1425
-
1426
- if (hs->config->alpn_client_proto_list.empty() ||
1427
- ssl->s3->initial_handshake_complete) {
1428
- return true;
1429
- }
1430
-
1431
- CBB contents, proto_list;
1432
- if (!CBB_add_u16(out_compressible,
1433
- TLSEXT_TYPE_application_layer_protocol_negotiation) ||
1434
- !CBB_add_u16_length_prefixed(out_compressible, &contents) ||
1435
- !CBB_add_u16_length_prefixed(&contents, &proto_list) ||
1436
- !CBB_add_bytes(&proto_list, hs->config->alpn_client_proto_list.data(),
1437
- hs->config->alpn_client_proto_list.size()) ||
1438
- !CBB_flush(out_compressible)) {
1439
- return false;
1440
- }
1441
-
1442
- return true;
1443
- }
1444
-
1445
- static bool ext_alpn_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
1446
- CBS *contents) {
1447
- SSL *const ssl = hs->ssl;
1448
- if (contents == NULL) {
1449
- if (ssl->quic_method) {
1450
- // ALPN is required when QUIC is used.
1451
- OPENSSL_PUT_ERROR(SSL, SSL_R_NO_APPLICATION_PROTOCOL);
1452
- *out_alert = SSL_AD_NO_APPLICATION_PROTOCOL;
1453
- return false;
1454
- }
1455
- return true;
1456
- }
1457
-
1458
- assert(!ssl->s3->initial_handshake_complete);
1459
- assert(!hs->config->alpn_client_proto_list.empty());
1460
-
1461
- if (hs->next_proto_neg_seen) {
1462
- // NPN and ALPN may not be negotiated in the same connection.
1463
- *out_alert = SSL_AD_ILLEGAL_PARAMETER;
1464
- OPENSSL_PUT_ERROR(SSL, SSL_R_NEGOTIATED_BOTH_NPN_AND_ALPN);
1465
- return false;
1466
- }
1467
-
1468
- // The extension data consists of a ProtocolNameList which must have
1469
- // exactly one ProtocolName. Each of these is length-prefixed.
1470
- CBS protocol_name_list, protocol_name;
1471
- if (!CBS_get_u16_length_prefixed(contents, &protocol_name_list) ||
1472
- CBS_len(contents) != 0 ||
1473
- !CBS_get_u8_length_prefixed(&protocol_name_list, &protocol_name) ||
1474
- // Empty protocol names are forbidden.
1475
- CBS_len(&protocol_name) == 0 ||
1476
- CBS_len(&protocol_name_list) != 0) {
1477
- return false;
1478
- }
1479
-
1480
- if (!ssl_is_alpn_protocol_allowed(hs, protocol_name)) {
1481
- OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_ALPN_PROTOCOL);
1482
- *out_alert = SSL_AD_ILLEGAL_PARAMETER;
1483
- return false;
1484
- }
1485
-
1486
- if (!ssl->s3->alpn_selected.CopyFrom(protocol_name)) {
1487
- *out_alert = SSL_AD_INTERNAL_ERROR;
1488
- return false;
1489
- }
1490
-
1491
- return true;
1492
- }
1493
-
1494
- bool ssl_is_valid_alpn_list(Span<const uint8_t> in) {
1495
- CBS protocol_name_list = in;
1496
- if (CBS_len(&protocol_name_list) == 0) {
1497
- return false;
1498
- }
1499
- while (CBS_len(&protocol_name_list) > 0) {
1500
- CBS protocol_name;
1501
- if (!CBS_get_u8_length_prefixed(&protocol_name_list, &protocol_name) ||
1502
- // Empty protocol names are forbidden.
1503
- CBS_len(&protocol_name) == 0) {
1504
- return false;
1505
- }
1506
- }
1507
- return true;
1508
- }
1509
-
1510
- bool ssl_is_alpn_protocol_allowed(const SSL_HANDSHAKE *hs,
1511
- Span<const uint8_t> protocol) {
1512
- if (hs->config->alpn_client_proto_list.empty()) {
1513
- return false;
1514
- }
1515
-
1516
- if (hs->ssl->ctx->allow_unknown_alpn_protos) {
1517
- return true;
1518
- }
1519
-
1520
- // Check that the protocol name is one of the ones we advertised.
1521
- CBS client_protocol_name_list =
1522
- MakeConstSpan(hs->config->alpn_client_proto_list),
1523
- client_protocol_name;
1524
- while (CBS_len(&client_protocol_name_list) > 0) {
1525
- if (!CBS_get_u8_length_prefixed(&client_protocol_name_list,
1526
- &client_protocol_name)) {
1527
- return false;
1528
- }
1529
-
1530
- if (client_protocol_name == protocol) {
1531
- return true;
1532
- }
1533
- }
1534
-
1535
- return false;
1536
- }
1537
-
1538
- bool ssl_negotiate_alpn(SSL_HANDSHAKE *hs, uint8_t *out_alert,
1539
- const SSL_CLIENT_HELLO *client_hello) {
1540
- SSL *const ssl = hs->ssl;
1541
- CBS contents;
1542
- if (ssl->ctx->alpn_select_cb == NULL ||
1543
- !ssl_client_hello_get_extension(
1544
- client_hello, &contents,
1545
- TLSEXT_TYPE_application_layer_protocol_negotiation)) {
1546
- if (ssl->quic_method) {
1547
- // ALPN is required when QUIC is used.
1548
- OPENSSL_PUT_ERROR(SSL, SSL_R_NO_APPLICATION_PROTOCOL);
1549
- *out_alert = SSL_AD_NO_APPLICATION_PROTOCOL;
1550
- return false;
1551
- }
1552
- // Ignore ALPN if not configured or no extension was supplied.
1553
- return true;
1554
- }
1555
-
1556
- // ALPN takes precedence over NPN.
1557
- hs->next_proto_neg_seen = false;
1558
-
1559
- CBS protocol_name_list;
1560
- if (!CBS_get_u16_length_prefixed(&contents, &protocol_name_list) ||
1561
- CBS_len(&contents) != 0 ||
1562
- !ssl_is_valid_alpn_list(protocol_name_list)) {
1563
- OPENSSL_PUT_ERROR(SSL, SSL_R_PARSE_TLSEXT);
1564
- *out_alert = SSL_AD_DECODE_ERROR;
1565
- return false;
1566
- }
1567
-
1568
- const uint8_t *selected;
1569
- uint8_t selected_len;
1570
- int ret = ssl->ctx->alpn_select_cb(
1571
- ssl, &selected, &selected_len, CBS_data(&protocol_name_list),
1572
- CBS_len(&protocol_name_list), ssl->ctx->alpn_select_cb_arg);
1573
- // ALPN is required when QUIC is used.
1574
- if (ssl->quic_method &&
1575
- (ret == SSL_TLSEXT_ERR_NOACK || ret == SSL_TLSEXT_ERR_ALERT_WARNING)) {
1576
- ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1577
- }
1578
- switch (ret) {
1579
- case SSL_TLSEXT_ERR_OK:
1580
- if (selected_len == 0) {
1581
- OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_ALPN_PROTOCOL);
1582
- *out_alert = SSL_AD_INTERNAL_ERROR;
1583
- return false;
1584
- }
1585
- if (!ssl->s3->alpn_selected.CopyFrom(
1586
- MakeConstSpan(selected, selected_len))) {
1587
- *out_alert = SSL_AD_INTERNAL_ERROR;
1588
- return false;
1589
- }
1590
- break;
1591
- case SSL_TLSEXT_ERR_NOACK:
1592
- case SSL_TLSEXT_ERR_ALERT_WARNING:
1593
- break;
1594
- case SSL_TLSEXT_ERR_ALERT_FATAL:
1595
- *out_alert = SSL_AD_NO_APPLICATION_PROTOCOL;
1596
- OPENSSL_PUT_ERROR(SSL, SSL_R_NO_APPLICATION_PROTOCOL);
1597
- return false;
1598
- default:
1599
- // Invalid return value.
1600
- *out_alert = SSL_AD_INTERNAL_ERROR;
1601
- OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
1602
- return false;
1603
- }
1604
-
1605
- return true;
1606
- }
1607
-
1608
- static bool ext_alpn_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
1609
- SSL *const ssl = hs->ssl;
1610
- if (ssl->s3->alpn_selected.empty()) {
1611
- return true;
1612
- }
1613
-
1614
- CBB contents, proto_list, proto;
1615
- if (!CBB_add_u16(out, TLSEXT_TYPE_application_layer_protocol_negotiation) ||
1616
- !CBB_add_u16_length_prefixed(out, &contents) ||
1617
- !CBB_add_u16_length_prefixed(&contents, &proto_list) ||
1618
- !CBB_add_u8_length_prefixed(&proto_list, &proto) ||
1619
- !CBB_add_bytes(&proto, ssl->s3->alpn_selected.data(),
1620
- ssl->s3->alpn_selected.size()) ||
1621
- !CBB_flush(out)) {
1622
- return false;
1623
- }
1624
-
1625
- return true;
1626
- }
1627
-
1628
-
1629
- // Channel ID.
1630
- //
1631
- // https://tools.ietf.org/html/draft-balfanz-tls-channelid-01
1632
-
1633
- static bool ext_channel_id_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out,
1634
- CBB *out_compressible,
1635
- ssl_client_hello_type_t type) {
1636
- const SSL *const ssl = hs->ssl;
1637
- if (!hs->config->channel_id_private || SSL_is_dtls(ssl) ||
1638
- // Don't offer Channel ID in ClientHelloOuter. ClientHelloOuter handshakes
1639
- // are not authenticated for the name that can learn the Channel ID.
1640
- //
1641
- // We could alternatively offer the extension but sign with a random key.
1642
- // For other extensions, we try to align |ssl_client_hello_outer| and
1643
- // |ssl_client_hello_unencrypted|, to improve the effectiveness of ECH
1644
- // GREASE. However, Channel ID is deprecated and unlikely to be used with
1645
- // ECH, so do the simplest thing.
1646
- type == ssl_client_hello_outer) {
1647
- return true;
1648
- }
1649
-
1650
- if (!CBB_add_u16(out, TLSEXT_TYPE_channel_id) ||
1651
- !CBB_add_u16(out, 0 /* length */)) {
1652
- return false;
1653
- }
1654
-
1655
- return true;
1656
- }
1657
-
1658
- static bool ext_channel_id_parse_serverhello(SSL_HANDSHAKE *hs,
1659
- uint8_t *out_alert,
1660
- CBS *contents) {
1661
- if (contents == NULL) {
1662
- return true;
1663
- }
1664
-
1665
- assert(!SSL_is_dtls(hs->ssl));
1666
- assert(hs->config->channel_id_private);
1667
-
1668
- if (CBS_len(contents) != 0) {
1669
- return false;
1670
- }
1671
-
1672
- hs->channel_id_negotiated = true;
1673
- return true;
1674
- }
1675
-
1676
- static bool ext_channel_id_parse_clienthello(SSL_HANDSHAKE *hs,
1677
- uint8_t *out_alert,
1678
- CBS *contents) {
1679
- SSL *const ssl = hs->ssl;
1680
- if (contents == NULL || !hs->config->channel_id_enabled || SSL_is_dtls(ssl)) {
1681
- return true;
1682
- }
1683
-
1684
- if (CBS_len(contents) != 0) {
1685
- return false;
1686
- }
1687
-
1688
- hs->channel_id_negotiated = true;
1689
- return true;
1690
- }
1691
-
1692
- static bool ext_channel_id_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
1693
- if (!hs->channel_id_negotiated) {
1694
- return true;
1695
- }
1696
-
1697
- if (!CBB_add_u16(out, TLSEXT_TYPE_channel_id) ||
1698
- !CBB_add_u16(out, 0 /* length */)) {
1699
- return false;
1700
- }
1701
-
1702
- return true;
1703
- }
1704
-
1705
-
1706
- // Secure Real-time Transport Protocol (SRTP) extension.
1707
- //
1708
- // https://tools.ietf.org/html/rfc5764
1709
-
1710
- static bool ext_srtp_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out,
1711
- CBB *out_compressible,
1712
- ssl_client_hello_type_t type) {
1713
- const SSL *const ssl = hs->ssl;
1714
- const STACK_OF(SRTP_PROTECTION_PROFILE) *profiles =
1715
- SSL_get_srtp_profiles(ssl);
1716
- if (profiles == NULL ||
1717
- sk_SRTP_PROTECTION_PROFILE_num(profiles) == 0 ||
1718
- !SSL_is_dtls(ssl)) {
1719
- return true;
1720
- }
1721
-
1722
- CBB contents, profile_ids;
1723
- if (!CBB_add_u16(out_compressible, TLSEXT_TYPE_srtp) ||
1724
- !CBB_add_u16_length_prefixed(out_compressible, &contents) ||
1725
- !CBB_add_u16_length_prefixed(&contents, &profile_ids)) {
1726
- return false;
1727
- }
1728
-
1729
- for (const SRTP_PROTECTION_PROFILE *profile : profiles) {
1730
- if (!CBB_add_u16(&profile_ids, profile->id)) {
1731
- return false;
1732
- }
1733
- }
1734
-
1735
- if (!CBB_add_u8(&contents, 0 /* empty use_mki value */) ||
1736
- !CBB_flush(out_compressible)) {
1737
- return false;
1738
- }
1739
-
1740
- return true;
1741
- }
1742
-
1743
- static bool ext_srtp_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
1744
- CBS *contents) {
1745
- SSL *const ssl = hs->ssl;
1746
- if (contents == NULL) {
1747
- return true;
1748
- }
1749
-
1750
- // The extension consists of a u16-prefixed profile ID list containing a
1751
- // single uint16_t profile ID, then followed by a u8-prefixed srtp_mki field.
1752
- //
1753
- // See https://tools.ietf.org/html/rfc5764#section-4.1.1
1754
- assert(SSL_is_dtls(ssl));
1755
- CBS profile_ids, srtp_mki;
1756
- uint16_t profile_id;
1757
- if (!CBS_get_u16_length_prefixed(contents, &profile_ids) ||
1758
- !CBS_get_u16(&profile_ids, &profile_id) ||
1759
- CBS_len(&profile_ids) != 0 ||
1760
- !CBS_get_u8_length_prefixed(contents, &srtp_mki) ||
1761
- CBS_len(contents) != 0) {
1762
- OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
1763
- return false;
1764
- }
1765
-
1766
- if (CBS_len(&srtp_mki) != 0) {
1767
- // Must be no MKI, since we never offer one.
1768
- OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SRTP_MKI_VALUE);
1769
- *out_alert = SSL_AD_ILLEGAL_PARAMETER;
1770
- return false;
1771
- }
1772
-
1773
- // Check to see if the server gave us something we support and offered.
1774
- for (const SRTP_PROTECTION_PROFILE *profile : SSL_get_srtp_profiles(ssl)) {
1775
- if (profile->id == profile_id) {
1776
- ssl->s3->srtp_profile = profile;
1777
- return true;
1778
- }
1779
- }
1780
-
1781
- OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
1782
- *out_alert = SSL_AD_ILLEGAL_PARAMETER;
1783
- return false;
1784
- }
1785
-
1786
- static bool ext_srtp_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
1787
- CBS *contents) {
1788
- SSL *const ssl = hs->ssl;
1789
- // DTLS-SRTP is only defined for DTLS.
1790
- if (contents == NULL || !SSL_is_dtls(ssl)) {
1791
- return true;
1792
- }
1793
-
1794
- CBS profile_ids, srtp_mki;
1795
- if (!CBS_get_u16_length_prefixed(contents, &profile_ids) ||
1796
- CBS_len(&profile_ids) < 2 ||
1797
- !CBS_get_u8_length_prefixed(contents, &srtp_mki) ||
1798
- CBS_len(contents) != 0) {
1799
- OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
1800
- return false;
1801
- }
1802
- // Discard the MKI value for now.
1803
-
1804
- const STACK_OF(SRTP_PROTECTION_PROFILE) *server_profiles =
1805
- SSL_get_srtp_profiles(ssl);
1806
-
1807
- // Pick the server's most preferred profile.
1808
- for (const SRTP_PROTECTION_PROFILE *server_profile : server_profiles) {
1809
- CBS profile_ids_tmp;
1810
- CBS_init(&profile_ids_tmp, CBS_data(&profile_ids), CBS_len(&profile_ids));
1811
-
1812
- while (CBS_len(&profile_ids_tmp) > 0) {
1813
- uint16_t profile_id;
1814
- if (!CBS_get_u16(&profile_ids_tmp, &profile_id)) {
1815
- return false;
1816
- }
1817
-
1818
- if (server_profile->id == profile_id) {
1819
- ssl->s3->srtp_profile = server_profile;
1820
- return true;
1821
- }
1822
- }
1823
- }
1824
-
1825
- return true;
1826
- }
1827
-
1828
- static bool ext_srtp_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
1829
- SSL *const ssl = hs->ssl;
1830
- if (ssl->s3->srtp_profile == NULL) {
1831
- return true;
1832
- }
1833
-
1834
- assert(SSL_is_dtls(ssl));
1835
- CBB contents, profile_ids;
1836
- if (!CBB_add_u16(out, TLSEXT_TYPE_srtp) ||
1837
- !CBB_add_u16_length_prefixed(out, &contents) ||
1838
- !CBB_add_u16_length_prefixed(&contents, &profile_ids) ||
1839
- !CBB_add_u16(&profile_ids, ssl->s3->srtp_profile->id) ||
1840
- !CBB_add_u8(&contents, 0 /* empty MKI */) ||
1841
- !CBB_flush(out)) {
1842
- return false;
1843
- }
1844
-
1845
- return true;
1846
- }
1847
-
1848
-
1849
- // EC point formats.
1850
- //
1851
- // https://tools.ietf.org/html/rfc4492#section-5.1.2
1852
-
1853
- static bool ext_ec_point_add_extension(const SSL_HANDSHAKE *hs, CBB *out) {
1854
- CBB contents, formats;
1855
- if (!CBB_add_u16(out, TLSEXT_TYPE_ec_point_formats) ||
1856
- !CBB_add_u16_length_prefixed(out, &contents) ||
1857
- !CBB_add_u8_length_prefixed(&contents, &formats) ||
1858
- !CBB_add_u8(&formats, TLSEXT_ECPOINTFORMAT_uncompressed) ||
1859
- !CBB_flush(out)) {
1860
- return false;
1861
- }
1862
-
1863
- return true;
1864
- }
1865
-
1866
- static bool ext_ec_point_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out,
1867
- CBB *out_compressible,
1868
- ssl_client_hello_type_t type) {
1869
- // The point format extension is unnecessary in TLS 1.3.
1870
- if (hs->min_version >= TLS1_3_VERSION || type == ssl_client_hello_inner) {
1871
- return true;
1872
- }
1873
-
1874
- return ext_ec_point_add_extension(hs, out);
1875
- }
1876
-
1877
- static bool ext_ec_point_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
1878
- CBS *contents) {
1879
- if (contents == NULL) {
1880
- return true;
1881
- }
1882
-
1883
- if (ssl_protocol_version(hs->ssl) >= TLS1_3_VERSION) {
1884
- return false;
1885
- }
1886
-
1887
- CBS ec_point_format_list;
1888
- if (!CBS_get_u8_length_prefixed(contents, &ec_point_format_list) ||
1889
- CBS_len(contents) != 0) {
1890
- return false;
1891
- }
1892
-
1893
- // Per RFC 4492, section 5.1.2, implementations MUST support the uncompressed
1894
- // point format.
1895
- if (OPENSSL_memchr(CBS_data(&ec_point_format_list),
1896
- TLSEXT_ECPOINTFORMAT_uncompressed,
1897
- CBS_len(&ec_point_format_list)) == NULL) {
1898
- *out_alert = SSL_AD_ILLEGAL_PARAMETER;
1899
- return false;
1900
- }
1901
-
1902
- return true;
1903
- }
1904
-
1905
- static bool ext_ec_point_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
1906
- CBS *contents) {
1907
- if (ssl_protocol_version(hs->ssl) >= TLS1_3_VERSION) {
1908
- return true;
1909
- }
1910
-
1911
- return ext_ec_point_parse_serverhello(hs, out_alert, contents);
1912
- }
1913
-
1914
- static bool ext_ec_point_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
1915
- SSL *const ssl = hs->ssl;
1916
- if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
1917
- return true;
1918
- }
1919
-
1920
- const uint32_t alg_k = hs->new_cipher->algorithm_mkey;
1921
- const uint32_t alg_a = hs->new_cipher->algorithm_auth;
1922
- const bool using_ecc = (alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA);
1923
-
1924
- if (!using_ecc) {
1925
- return true;
1926
- }
1927
-
1928
- return ext_ec_point_add_extension(hs, out);
1929
- }
1930
-
1931
-
1932
- // Pre Shared Key
1933
- //
1934
- // https://tools.ietf.org/html/rfc8446#section-4.2.11
1935
-
1936
- static bool should_offer_psk(const SSL_HANDSHAKE *hs,
1937
- ssl_client_hello_type_t type) {
1938
- const SSL *const ssl = hs->ssl;
1939
- if (hs->max_version < TLS1_3_VERSION || ssl->session == nullptr ||
1940
- ssl_session_protocol_version(ssl->session.get()) < TLS1_3_VERSION ||
1941
- // TODO(https://crbug.com/boringssl/275): Should we synthesize a
1942
- // placeholder PSK, at least when we offer early data? Otherwise
1943
- // ClientHelloOuter will contain an early_data extension without a
1944
- // pre_shared_key extension and potentially break the recovery flow.
1945
- type == ssl_client_hello_outer) {
1946
- return false;
1947
- }
1948
-
1949
- // Per RFC 8446 section 4.1.4, skip offering the session if the selected
1950
- // cipher in HelloRetryRequest does not match. This avoids performing the
1951
- // transcript hash transformation for multiple hashes.
1952
- if (ssl->s3->used_hello_retry_request &&
1953
- ssl->session->cipher->algorithm_prf != hs->new_cipher->algorithm_prf) {
1954
- return false;
1955
- }
1956
-
1957
- return true;
1958
- }
1959
-
1960
- static size_t ext_pre_shared_key_clienthello_length(
1961
- const SSL_HANDSHAKE *hs, ssl_client_hello_type_t type) {
1962
- const SSL *const ssl = hs->ssl;
1963
- if (!should_offer_psk(hs, type)) {
1964
- return 0;
1965
- }
1966
-
1967
- size_t binder_len = EVP_MD_size(ssl_session_get_digest(ssl->session.get()));
1968
- return 15 + ssl->session->ticket.size() + binder_len;
1969
- }
1970
-
1971
- static bool ext_pre_shared_key_add_clienthello(const SSL_HANDSHAKE *hs,
1972
- CBB *out, bool *out_needs_binder,
1973
- ssl_client_hello_type_t type) {
1974
- const SSL *const ssl = hs->ssl;
1975
- *out_needs_binder = false;
1976
- if (!should_offer_psk(hs, type)) {
1977
- return true;
1978
- }
1979
-
1980
- struct OPENSSL_timeval now;
1981
- ssl_get_current_time(ssl, &now);
1982
- uint32_t ticket_age = 1000 * (now.tv_sec - ssl->session->time);
1983
- uint32_t obfuscated_ticket_age = ticket_age + ssl->session->ticket_age_add;
1984
-
1985
- // Fill in a placeholder zero binder of the appropriate length. It will be
1986
- // computed and filled in later after length prefixes are computed.
1987
- size_t binder_len = EVP_MD_size(ssl_session_get_digest(ssl->session.get()));
1988
-
1989
- CBB contents, identity, ticket, binders, binder;
1990
- if (!CBB_add_u16(out, TLSEXT_TYPE_pre_shared_key) ||
1991
- !CBB_add_u16_length_prefixed(out, &contents) ||
1992
- !CBB_add_u16_length_prefixed(&contents, &identity) ||
1993
- !CBB_add_u16_length_prefixed(&identity, &ticket) ||
1994
- !CBB_add_bytes(&ticket, ssl->session->ticket.data(),
1995
- ssl->session->ticket.size()) ||
1996
- !CBB_add_u32(&identity, obfuscated_ticket_age) ||
1997
- !CBB_add_u16_length_prefixed(&contents, &binders) ||
1998
- !CBB_add_u8_length_prefixed(&binders, &binder) ||
1999
- !CBB_add_zeros(&binder, binder_len)) {
2000
- return false;
2001
- }
2002
-
2003
- *out_needs_binder = true;
2004
- return CBB_flush(out);
2005
- }
2006
-
2007
- bool ssl_ext_pre_shared_key_parse_serverhello(SSL_HANDSHAKE *hs,
2008
- uint8_t *out_alert,
2009
- CBS *contents) {
2010
- uint16_t psk_id;
2011
- if (!CBS_get_u16(contents, &psk_id) ||
2012
- CBS_len(contents) != 0) {
2013
- OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
2014
- *out_alert = SSL_AD_DECODE_ERROR;
2015
- return false;
2016
- }
2017
-
2018
- // We only advertise one PSK identity, so the only legal index is zero.
2019
- if (psk_id != 0) {
2020
- OPENSSL_PUT_ERROR(SSL, SSL_R_PSK_IDENTITY_NOT_FOUND);
2021
- *out_alert = SSL_AD_UNKNOWN_PSK_IDENTITY;
2022
- return false;
2023
- }
2024
-
2025
- return true;
2026
- }
2027
-
2028
- bool ssl_ext_pre_shared_key_parse_clienthello(
2029
- SSL_HANDSHAKE *hs, CBS *out_ticket, CBS *out_binders,
2030
- uint32_t *out_obfuscated_ticket_age, uint8_t *out_alert,
2031
- const SSL_CLIENT_HELLO *client_hello, CBS *contents) {
2032
- // Verify that the pre_shared_key extension is the last extension in
2033
- // ClientHello.
2034
- if (CBS_data(contents) + CBS_len(contents) !=
2035
- client_hello->extensions + client_hello->extensions_len) {
2036
- OPENSSL_PUT_ERROR(SSL, SSL_R_PRE_SHARED_KEY_MUST_BE_LAST);
2037
- *out_alert = SSL_AD_ILLEGAL_PARAMETER;
2038
- return false;
2039
- }
2040
-
2041
- // We only process the first PSK identity since we don't support pure PSK.
2042
- CBS identities, binders;
2043
- if (!CBS_get_u16_length_prefixed(contents, &identities) ||
2044
- !CBS_get_u16_length_prefixed(&identities, out_ticket) ||
2045
- !CBS_get_u32(&identities, out_obfuscated_ticket_age) ||
2046
- !CBS_get_u16_length_prefixed(contents, &binders) ||
2047
- CBS_len(&binders) == 0 ||
2048
- CBS_len(contents) != 0) {
2049
- OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
2050
- *out_alert = SSL_AD_DECODE_ERROR;
2051
- return false;
2052
- }
2053
-
2054
- *out_binders = binders;
2055
-
2056
- // Check the syntax of the remaining identities, but do not process them.
2057
- size_t num_identities = 1;
2058
- while (CBS_len(&identities) != 0) {
2059
- CBS unused_ticket;
2060
- uint32_t unused_obfuscated_ticket_age;
2061
- if (!CBS_get_u16_length_prefixed(&identities, &unused_ticket) ||
2062
- !CBS_get_u32(&identities, &unused_obfuscated_ticket_age)) {
2063
- OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
2064
- *out_alert = SSL_AD_DECODE_ERROR;
2065
- return false;
2066
- }
2067
-
2068
- num_identities++;
2069
- }
2070
-
2071
- // Check the syntax of the binders. The value will be checked later if
2072
- // resuming.
2073
- size_t num_binders = 0;
2074
- while (CBS_len(&binders) != 0) {
2075
- CBS binder;
2076
- if (!CBS_get_u8_length_prefixed(&binders, &binder)) {
2077
- OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
2078
- *out_alert = SSL_AD_DECODE_ERROR;
2079
- return false;
2080
- }
2081
-
2082
- num_binders++;
2083
- }
2084
-
2085
- if (num_identities != num_binders) {
2086
- OPENSSL_PUT_ERROR(SSL, SSL_R_PSK_IDENTITY_BINDER_COUNT_MISMATCH);
2087
- *out_alert = SSL_AD_ILLEGAL_PARAMETER;
2088
- return false;
2089
- }
2090
-
2091
- return true;
2092
- }
2093
-
2094
- bool ssl_ext_pre_shared_key_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
2095
- if (!hs->ssl->s3->session_reused) {
2096
- return true;
2097
- }
2098
-
2099
- CBB contents;
2100
- if (!CBB_add_u16(out, TLSEXT_TYPE_pre_shared_key) ||
2101
- !CBB_add_u16_length_prefixed(out, &contents) ||
2102
- // We only consider the first identity for resumption
2103
- !CBB_add_u16(&contents, 0) ||
2104
- !CBB_flush(out)) {
2105
- return false;
2106
- }
2107
-
2108
- return true;
2109
- }
2110
-
2111
-
2112
- // Pre-Shared Key Exchange Modes
2113
- //
2114
- // https://tools.ietf.org/html/rfc8446#section-4.2.9
2115
-
2116
- static bool ext_psk_key_exchange_modes_add_clienthello(
2117
- const SSL_HANDSHAKE *hs, CBB *out, CBB *out_compressible,
2118
- ssl_client_hello_type_t type) {
2119
- if (hs->max_version < TLS1_3_VERSION) {
2120
- return true;
2121
- }
2122
-
2123
- CBB contents, ke_modes;
2124
- if (!CBB_add_u16(out_compressible, TLSEXT_TYPE_psk_key_exchange_modes) ||
2125
- !CBB_add_u16_length_prefixed(out_compressible, &contents) ||
2126
- !CBB_add_u8_length_prefixed(&contents, &ke_modes) ||
2127
- !CBB_add_u8(&ke_modes, SSL_PSK_DHE_KE)) {
2128
- return false;
2129
- }
2130
-
2131
- return CBB_flush(out_compressible);
2132
- }
2133
-
2134
- static bool ext_psk_key_exchange_modes_parse_clienthello(SSL_HANDSHAKE *hs,
2135
- uint8_t *out_alert,
2136
- CBS *contents) {
2137
- if (contents == NULL) {
2138
- return true;
2139
- }
2140
-
2141
- CBS ke_modes;
2142
- if (!CBS_get_u8_length_prefixed(contents, &ke_modes) ||
2143
- CBS_len(&ke_modes) == 0 ||
2144
- CBS_len(contents) != 0) {
2145
- *out_alert = SSL_AD_DECODE_ERROR;
2146
- return false;
2147
- }
2148
-
2149
- // We only support tickets with PSK_DHE_KE.
2150
- hs->accept_psk_mode = OPENSSL_memchr(CBS_data(&ke_modes), SSL_PSK_DHE_KE,
2151
- CBS_len(&ke_modes)) != NULL;
2152
-
2153
- return true;
2154
- }
2155
-
2156
-
2157
- // Early Data Indication
2158
- //
2159
- // https://tools.ietf.org/html/rfc8446#section-4.2.10
2160
-
2161
- static bool ext_early_data_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out,
2162
- CBB *out_compressible,
2163
- ssl_client_hello_type_t type) {
2164
- const SSL *const ssl = hs->ssl;
2165
- // The second ClientHello never offers early data, and we must have already
2166
- // filled in |early_data_reason| by this point.
2167
- if (ssl->s3->used_hello_retry_request) {
2168
- assert(ssl->s3->early_data_reason != ssl_early_data_unknown);
2169
- return true;
2170
- }
2171
-
2172
- if (!hs->early_data_offered) {
2173
- return true;
2174
- }
2175
-
2176
- // If offering ECH, the extension only applies to ClientHelloInner, but we
2177
- // send the extension in both ClientHellos. This ensures that, if the server
2178
- // handshakes with ClientHelloOuter, it can skip past early data. See
2179
- // draft-ietf-tls-esni-13, section 6.1.
2180
- if (!CBB_add_u16(out_compressible, TLSEXT_TYPE_early_data) ||
2181
- !CBB_add_u16(out_compressible, 0) ||
2182
- !CBB_flush(out_compressible)) {
2183
- return false;
2184
- }
2185
-
2186
- return true;
2187
- }
2188
-
2189
- static bool ext_early_data_parse_serverhello(SSL_HANDSHAKE *hs,
2190
- uint8_t *out_alert,
2191
- CBS *contents) {
2192
- SSL *const ssl = hs->ssl;
2193
- if (contents == NULL) {
2194
- if (hs->early_data_offered && !ssl->s3->used_hello_retry_request) {
2195
- ssl->s3->early_data_reason = ssl->s3->session_reused
2196
- ? ssl_early_data_peer_declined
2197
- : ssl_early_data_session_not_resumed;
2198
- } else {
2199
- // We already filled in |early_data_reason| when declining to offer 0-RTT
2200
- // or handling the implicit HelloRetryRequest reject.
2201
- assert(ssl->s3->early_data_reason != ssl_early_data_unknown);
2202
- }
2203
- return true;
2204
- }
2205
-
2206
- // If we received an HRR, the second ClientHello never offers early data, so
2207
- // the extensions logic will automatically reject early data extensions as
2208
- // unsolicited. This covered by the ServerAcceptsEarlyDataOnHRR test.
2209
- assert(!ssl->s3->used_hello_retry_request);
2210
-
2211
- if (CBS_len(contents) != 0) {
2212
- *out_alert = SSL_AD_DECODE_ERROR;
2213
- return false;
2214
- }
2215
-
2216
- if (!ssl->s3->session_reused) {
2217
- *out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
2218
- OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
2219
- return false;
2220
- }
2221
-
2222
- ssl->s3->early_data_reason = ssl_early_data_accepted;
2223
- ssl->s3->early_data_accepted = true;
2224
- return true;
2225
- }
2226
-
2227
- static bool ext_early_data_parse_clienthello(SSL_HANDSHAKE *hs,
2228
- uint8_t *out_alert, CBS *contents) {
2229
- SSL *const ssl = hs->ssl;
2230
- if (contents == NULL ||
2231
- ssl_protocol_version(ssl) < TLS1_3_VERSION) {
2232
- return true;
2233
- }
2234
-
2235
- if (CBS_len(contents) != 0) {
2236
- *out_alert = SSL_AD_DECODE_ERROR;
2237
- return false;
2238
- }
2239
-
2240
- hs->early_data_offered = true;
2241
- return true;
2242
- }
2243
-
2244
- static bool ext_early_data_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
2245
- if (!hs->ssl->s3->early_data_accepted) {
2246
- return true;
2247
- }
2248
-
2249
- if (!CBB_add_u16(out, TLSEXT_TYPE_early_data) ||
2250
- !CBB_add_u16(out, 0) ||
2251
- !CBB_flush(out)) {
2252
- return false;
2253
- }
2254
-
2255
- return true;
2256
- }
2257
-
2258
-
2259
- // Key Share
2260
- //
2261
- // https://tools.ietf.org/html/rfc8446#section-4.2.8
2262
-
2263
- bool ssl_setup_key_shares(SSL_HANDSHAKE *hs, uint16_t override_group_id) {
2264
- SSL *const ssl = hs->ssl;
2265
- hs->key_shares[0].reset();
2266
- hs->key_shares[1].reset();
2267
- hs->key_share_bytes.Reset();
2268
-
2269
- if (hs->max_version < TLS1_3_VERSION) {
2270
- return true;
2271
- }
2272
-
2273
- bssl::ScopedCBB cbb;
2274
- if (!CBB_init(cbb.get(), 64)) {
2275
- return false;
2276
- }
2277
-
2278
- if (override_group_id == 0 && ssl->ctx->grease_enabled) {
2279
- // Add a fake group. See RFC 8701.
2280
- if (!CBB_add_u16(cbb.get(), ssl_get_grease_value(hs, ssl_grease_group)) ||
2281
- !CBB_add_u16(cbb.get(), 1 /* length */) ||
2282
- !CBB_add_u8(cbb.get(), 0 /* one byte key share */)) {
2283
- return false;
2284
- }
2285
- }
2286
-
2287
- uint16_t group_id = override_group_id;
2288
- uint16_t second_group_id = 0;
2289
- if (override_group_id == 0) {
2290
- // Predict the most preferred group.
2291
- Span<const uint16_t> groups = tls1_get_grouplist(hs);
2292
- if (groups.empty()) {
2293
- OPENSSL_PUT_ERROR(SSL, SSL_R_NO_GROUPS_SPECIFIED);
2294
- return false;
2295
- }
2296
-
2297
- group_id = groups[0];
2298
-
2299
- if (is_post_quantum_group(group_id) && groups.size() >= 2) {
2300
- // CECPQ2(b) is not sent as the only initial key share. We'll include the
2301
- // 2nd preference group too to avoid round-trips.
2302
- second_group_id = groups[1];
2303
- assert(second_group_id != group_id);
2304
- }
2305
- }
2306
-
2307
- CBB key_exchange;
2308
- hs->key_shares[0] = SSLKeyShare::Create(group_id);
2309
- if (!hs->key_shares[0] || //
2310
- !CBB_add_u16(cbb.get(), group_id) ||
2311
- !CBB_add_u16_length_prefixed(cbb.get(), &key_exchange) ||
2312
- !hs->key_shares[0]->Offer(&key_exchange)) {
2313
- return false;
2314
- }
2315
-
2316
- if (second_group_id != 0) {
2317
- hs->key_shares[1] = SSLKeyShare::Create(second_group_id);
2318
- if (!hs->key_shares[1] || //
2319
- !CBB_add_u16(cbb.get(), second_group_id) ||
2320
- !CBB_add_u16_length_prefixed(cbb.get(), &key_exchange) ||
2321
- !hs->key_shares[1]->Offer(&key_exchange)) {
2322
- return false;
2323
- }
2324
- }
2325
-
2326
- return CBBFinishArray(cbb.get(), &hs->key_share_bytes);
2327
- }
2328
-
2329
- static bool ext_key_share_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out,
2330
- CBB *out_compressible,
2331
- ssl_client_hello_type_t type) {
2332
- if (hs->max_version < TLS1_3_VERSION) {
2333
- return true;
2334
- }
2335
-
2336
- assert(!hs->key_share_bytes.empty());
2337
- CBB contents, kse_bytes;
2338
- if (!CBB_add_u16(out_compressible, TLSEXT_TYPE_key_share) ||
2339
- !CBB_add_u16_length_prefixed(out_compressible, &contents) ||
2340
- !CBB_add_u16_length_prefixed(&contents, &kse_bytes) ||
2341
- !CBB_add_bytes(&kse_bytes, hs->key_share_bytes.data(),
2342
- hs->key_share_bytes.size()) ||
2343
- !CBB_flush(out_compressible)) {
2344
- return false;
2345
- }
2346
-
2347
- return true;
2348
- }
2349
-
2350
- bool ssl_ext_key_share_parse_serverhello(SSL_HANDSHAKE *hs,
2351
- Array<uint8_t> *out_secret,
2352
- uint8_t *out_alert, CBS *contents) {
2353
- CBS peer_key;
2354
- uint16_t group_id;
2355
- if (!CBS_get_u16(contents, &group_id) ||
2356
- !CBS_get_u16_length_prefixed(contents, &peer_key) ||
2357
- CBS_len(contents) != 0) {
2358
- OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
2359
- *out_alert = SSL_AD_DECODE_ERROR;
2360
- return false;
2361
- }
2362
-
2363
- SSLKeyShare *key_share = hs->key_shares[0].get();
2364
- if (key_share->GroupID() != group_id) {
2365
- if (!hs->key_shares[1] || hs->key_shares[1]->GroupID() != group_id) {
2366
- *out_alert = SSL_AD_ILLEGAL_PARAMETER;
2367
- OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CURVE);
2368
- return false;
2369
- }
2370
- key_share = hs->key_shares[1].get();
2371
- }
2372
-
2373
- if (!key_share->Finish(out_secret, out_alert, peer_key)) {
2374
- *out_alert = SSL_AD_INTERNAL_ERROR;
2375
- return false;
2376
- }
2377
-
2378
- hs->new_session->group_id = group_id;
2379
- hs->key_shares[0].reset();
2380
- hs->key_shares[1].reset();
2381
- return true;
2382
- }
2383
-
2384
- bool ssl_ext_key_share_parse_clienthello(SSL_HANDSHAKE *hs, bool *out_found,
2385
- Span<const uint8_t> *out_peer_key,
2386
- uint8_t *out_alert,
2387
- const SSL_CLIENT_HELLO *client_hello) {
2388
- // We only support connections that include an ECDHE key exchange.
2389
- CBS contents;
2390
- if (!ssl_client_hello_get_extension(client_hello, &contents,
2391
- TLSEXT_TYPE_key_share)) {
2392
- OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_KEY_SHARE);
2393
- *out_alert = SSL_AD_MISSING_EXTENSION;
2394
- return false;
2395
- }
2396
-
2397
- CBS key_shares;
2398
- if (!CBS_get_u16_length_prefixed(&contents, &key_shares) ||
2399
- CBS_len(&contents) != 0) {
2400
- OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
2401
- return false;
2402
- }
2403
-
2404
- // Find the corresponding key share.
2405
- const uint16_t group_id = hs->new_session->group_id;
2406
- CBS peer_key;
2407
- CBS_init(&peer_key, nullptr, 0);
2408
- while (CBS_len(&key_shares) > 0) {
2409
- uint16_t id;
2410
- CBS peer_key_tmp;
2411
- if (!CBS_get_u16(&key_shares, &id) ||
2412
- !CBS_get_u16_length_prefixed(&key_shares, &peer_key_tmp) ||
2413
- CBS_len(&peer_key_tmp) == 0) {
2414
- OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
2415
- return false;
2416
- }
2417
-
2418
- if (id == group_id) {
2419
- if (CBS_len(&peer_key) != 0) {
2420
- OPENSSL_PUT_ERROR(SSL, SSL_R_DUPLICATE_KEY_SHARE);
2421
- *out_alert = SSL_AD_ILLEGAL_PARAMETER;
2422
- return false;
2423
- }
2424
-
2425
- peer_key = peer_key_tmp;
2426
- // Continue parsing the structure to keep peers honest.
2427
- }
2428
- }
2429
-
2430
- if (out_peer_key != nullptr) {
2431
- *out_peer_key = peer_key;
2432
- }
2433
- *out_found = CBS_len(&peer_key) != 0;
2434
- return true;
2435
- }
2436
-
2437
- bool ssl_ext_key_share_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
2438
- CBB kse_bytes, public_key;
2439
- if (!CBB_add_u16(out, TLSEXT_TYPE_key_share) ||
2440
- !CBB_add_u16_length_prefixed(out, &kse_bytes) ||
2441
- !CBB_add_u16(&kse_bytes, hs->new_session->group_id) ||
2442
- !CBB_add_u16_length_prefixed(&kse_bytes, &public_key) ||
2443
- !CBB_add_bytes(&public_key, hs->ecdh_public_key.data(),
2444
- hs->ecdh_public_key.size()) ||
2445
- !CBB_flush(out)) {
2446
- return false;
2447
- }
2448
- return true;
2449
- }
2450
-
2451
-
2452
- // Supported Versions
2453
- //
2454
- // https://tools.ietf.org/html/rfc8446#section-4.2.1
2455
-
2456
- static bool ext_supported_versions_add_clienthello(
2457
- const SSL_HANDSHAKE *hs, CBB *out, CBB *out_compressible,
2458
- ssl_client_hello_type_t type) {
2459
- const SSL *const ssl = hs->ssl;
2460
- if (hs->max_version <= TLS1_2_VERSION) {
2461
- return true;
2462
- }
2463
-
2464
- // supported_versions is compressible in ECH if ClientHelloOuter already
2465
- // requires TLS 1.3. Otherwise the extensions differ in the older versions.
2466
- if (hs->min_version >= TLS1_3_VERSION) {
2467
- out = out_compressible;
2468
- }
2469
-
2470
- CBB contents, versions;
2471
- if (!CBB_add_u16(out, TLSEXT_TYPE_supported_versions) ||
2472
- !CBB_add_u16_length_prefixed(out, &contents) ||
2473
- !CBB_add_u8_length_prefixed(&contents, &versions)) {
2474
- return false;
2475
- }
2476
-
2477
- // Add a fake version. See RFC 8701.
2478
- if (ssl->ctx->grease_enabled &&
2479
- !CBB_add_u16(&versions, ssl_get_grease_value(hs, ssl_grease_version))) {
2480
- return false;
2481
- }
2482
-
2483
- // Encrypted ClientHellos requires TLS 1.3 or later.
2484
- uint16_t extra_min_version =
2485
- type == ssl_client_hello_inner ? TLS1_3_VERSION : 0;
2486
- if (!ssl_add_supported_versions(hs, &versions, extra_min_version) ||
2487
- !CBB_flush(out)) {
2488
- return false;
2489
- }
2490
-
2491
- return true;
2492
- }
2493
-
2494
-
2495
- // Cookie
2496
- //
2497
- // https://tools.ietf.org/html/rfc8446#section-4.2.2
2498
-
2499
- static bool ext_cookie_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out,
2500
- CBB *out_compressible,
2501
- ssl_client_hello_type_t type) {
2502
- if (hs->cookie.empty()) {
2503
- return true;
2504
- }
2505
-
2506
- CBB contents, cookie;
2507
- if (!CBB_add_u16(out_compressible, TLSEXT_TYPE_cookie) ||
2508
- !CBB_add_u16_length_prefixed(out_compressible, &contents) ||
2509
- !CBB_add_u16_length_prefixed(&contents, &cookie) ||
2510
- !CBB_add_bytes(&cookie, hs->cookie.data(), hs->cookie.size()) ||
2511
- !CBB_flush(out_compressible)) {
2512
- return false;
2513
- }
2514
-
2515
- return true;
2516
- }
2517
-
2518
-
2519
- // Supported Groups
2520
- //
2521
- // https://tools.ietf.org/html/rfc4492#section-5.1.1
2522
- // https://tools.ietf.org/html/rfc8446#section-4.2.7
2523
-
2524
- static bool ext_supported_groups_add_clienthello(const SSL_HANDSHAKE *hs,
2525
- CBB *out,
2526
- CBB *out_compressible,
2527
- ssl_client_hello_type_t type) {
2528
- const SSL *const ssl = hs->ssl;
2529
- CBB contents, groups_bytes;
2530
- if (!CBB_add_u16(out_compressible, TLSEXT_TYPE_supported_groups) ||
2531
- !CBB_add_u16_length_prefixed(out_compressible, &contents) ||
2532
- !CBB_add_u16_length_prefixed(&contents, &groups_bytes)) {
2533
- return false;
2534
- }
2535
-
2536
- // Add a fake group. See RFC 8701.
2537
- if (ssl->ctx->grease_enabled &&
2538
- !CBB_add_u16(&groups_bytes,
2539
- ssl_get_grease_value(hs, ssl_grease_group))) {
2540
- return false;
2541
- }
2542
-
2543
- for (uint16_t group : tls1_get_grouplist(hs)) {
2544
- if (is_post_quantum_group(group) &&
2545
- hs->max_version < TLS1_3_VERSION) {
2546
- continue;
2547
- }
2548
- if (!CBB_add_u16(&groups_bytes, group)) {
2549
- return false;
2550
- }
2551
- }
2552
-
2553
- return CBB_flush(out_compressible);
2554
- }
2555
-
2556
- static bool ext_supported_groups_parse_serverhello(SSL_HANDSHAKE *hs,
2557
- uint8_t *out_alert,
2558
- CBS *contents) {
2559
- // This extension is not expected to be echoed by servers in TLS 1.2, but some
2560
- // BigIP servers send it nonetheless, so do not enforce this.
2561
- return true;
2562
- }
2563
-
2564
- static bool parse_u16_array(const CBS *cbs, Array<uint16_t> *out) {
2565
- CBS copy = *cbs;
2566
- if ((CBS_len(&copy) & 1) != 0) {
2567
- OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
2568
- return false;
2569
- }
2570
-
2571
- Array<uint16_t> ret;
2572
- if (!ret.Init(CBS_len(&copy) / 2)) {
2573
- return false;
2574
- }
2575
- for (size_t i = 0; i < ret.size(); i++) {
2576
- if (!CBS_get_u16(&copy, &ret[i])) {
2577
- OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
2578
- return false;
2579
- }
2580
- }
2581
-
2582
- assert(CBS_len(&copy) == 0);
2583
- *out = std::move(ret);
2584
- return 1;
2585
- }
2586
-
2587
- static bool ext_supported_groups_parse_clienthello(SSL_HANDSHAKE *hs,
2588
- uint8_t *out_alert,
2589
- CBS *contents) {
2590
- if (contents == NULL) {
2591
- return true;
2592
- }
2593
-
2594
- CBS supported_group_list;
2595
- if (!CBS_get_u16_length_prefixed(contents, &supported_group_list) ||
2596
- CBS_len(&supported_group_list) == 0 ||
2597
- CBS_len(contents) != 0 ||
2598
- !parse_u16_array(&supported_group_list, &hs->peer_supported_group_list)) {
2599
- return false;
2600
- }
2601
-
2602
- return true;
2603
- }
2604
-
2605
-
2606
- // QUIC Transport Parameters
2607
-
2608
- static bool ext_quic_transport_params_add_clienthello_impl(
2609
- const SSL_HANDSHAKE *hs, CBB *out, bool use_legacy_codepoint) {
2610
- if (hs->config->quic_transport_params.empty() && !hs->ssl->quic_method) {
2611
- return true;
2612
- }
2613
- if (hs->config->quic_transport_params.empty() || !hs->ssl->quic_method) {
2614
- // QUIC Transport Parameters must be sent over QUIC, and they must not be
2615
- // sent over non-QUIC transports. If transport params are set, then
2616
- // SSL(_CTX)_set_quic_method must also be called.
2617
- OPENSSL_PUT_ERROR(SSL, SSL_R_QUIC_TRANSPORT_PARAMETERS_MISCONFIGURED);
2618
- return false;
2619
- }
2620
- assert(hs->min_version > TLS1_2_VERSION);
2621
- if (use_legacy_codepoint != hs->config->quic_use_legacy_codepoint) {
2622
- // Do nothing, we'll send the other codepoint.
2623
- return true;
2624
- }
2625
-
2626
- uint16_t extension_type = TLSEXT_TYPE_quic_transport_parameters;
2627
- if (hs->config->quic_use_legacy_codepoint) {
2628
- extension_type = TLSEXT_TYPE_quic_transport_parameters_legacy;
2629
- }
2630
-
2631
- CBB contents;
2632
- if (!CBB_add_u16(out, extension_type) ||
2633
- !CBB_add_u16_length_prefixed(out, &contents) ||
2634
- !CBB_add_bytes(&contents, hs->config->quic_transport_params.data(),
2635
- hs->config->quic_transport_params.size()) ||
2636
- !CBB_flush(out)) {
2637
- return false;
2638
- }
2639
- return true;
2640
- }
2641
-
2642
- static bool ext_quic_transport_params_add_clienthello(
2643
- const SSL_HANDSHAKE *hs, CBB *out, CBB *out_compressible,
2644
- ssl_client_hello_type_t type) {
2645
- return ext_quic_transport_params_add_clienthello_impl(
2646
- hs, out_compressible, /*use_legacy_codepoint=*/false);
2647
- }
2648
-
2649
- static bool ext_quic_transport_params_add_clienthello_legacy(
2650
- const SSL_HANDSHAKE *hs, CBB *out, CBB *out_compressible,
2651
- ssl_client_hello_type_t type) {
2652
- return ext_quic_transport_params_add_clienthello_impl(
2653
- hs, out_compressible, /*use_legacy_codepoint=*/true);
2654
- }
2655
-
2656
- static bool ext_quic_transport_params_parse_serverhello_impl(
2657
- SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents,
2658
- bool used_legacy_codepoint) {
2659
- SSL *const ssl = hs->ssl;
2660
- if (contents == nullptr) {
2661
- if (used_legacy_codepoint != hs->config->quic_use_legacy_codepoint) {
2662
- // Silently ignore because we expect the other QUIC codepoint.
2663
- return true;
2664
- }
2665
- if (!ssl->quic_method) {
2666
- return true;
2667
- }
2668
- *out_alert = SSL_AD_MISSING_EXTENSION;
2669
- return false;
2670
- }
2671
- // The extensions parser will check for unsolicited extensions before
2672
- // calling the callback.
2673
- assert(ssl->quic_method != nullptr);
2674
- assert(ssl_protocol_version(ssl) == TLS1_3_VERSION);
2675
- assert(used_legacy_codepoint == hs->config->quic_use_legacy_codepoint);
2676
- return ssl->s3->peer_quic_transport_params.CopyFrom(*contents);
2677
- }
2678
-
2679
- static bool ext_quic_transport_params_parse_serverhello(SSL_HANDSHAKE *hs,
2680
- uint8_t *out_alert,
2681
- CBS *contents) {
2682
- return ext_quic_transport_params_parse_serverhello_impl(
2683
- hs, out_alert, contents, /*used_legacy_codepoint=*/false);
2684
- }
2685
-
2686
- static bool ext_quic_transport_params_parse_serverhello_legacy(
2687
- SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) {
2688
- return ext_quic_transport_params_parse_serverhello_impl(
2689
- hs, out_alert, contents, /*used_legacy_codepoint=*/true);
2690
- }
2691
-
2692
- static bool ext_quic_transport_params_parse_clienthello_impl(
2693
- SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents,
2694
- bool used_legacy_codepoint) {
2695
- SSL *const ssl = hs->ssl;
2696
- if (!contents) {
2697
- if (!ssl->quic_method) {
2698
- if (hs->config->quic_transport_params.empty()) {
2699
- return true;
2700
- }
2701
- // QUIC transport parameters must not be set if |ssl| is not configured
2702
- // for QUIC.
2703
- OPENSSL_PUT_ERROR(SSL, SSL_R_QUIC_TRANSPORT_PARAMETERS_MISCONFIGURED);
2704
- *out_alert = SSL_AD_INTERNAL_ERROR;
2705
- return false;
2706
- }
2707
- if (used_legacy_codepoint != hs->config->quic_use_legacy_codepoint) {
2708
- // Silently ignore because we expect the other QUIC codepoint.
2709
- return true;
2710
- }
2711
- *out_alert = SSL_AD_MISSING_EXTENSION;
2712
- return false;
2713
- }
2714
- if (!ssl->quic_method) {
2715
- if (used_legacy_codepoint) {
2716
- // Ignore the legacy private-use codepoint because that could be sent
2717
- // to mean something else than QUIC transport parameters.
2718
- return true;
2719
- }
2720
- // Fail if we received the codepoint registered with IANA for QUIC
2721
- // because that is not allowed outside of QUIC.
2722
- *out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
2723
- return false;
2724
- }
2725
- assert(ssl_protocol_version(ssl) == TLS1_3_VERSION);
2726
- if (used_legacy_codepoint != hs->config->quic_use_legacy_codepoint) {
2727
- // Silently ignore because we expect the other QUIC codepoint.
2728
- return true;
2729
- }
2730
- return ssl->s3->peer_quic_transport_params.CopyFrom(*contents);
2731
- }
2732
-
2733
- static bool ext_quic_transport_params_parse_clienthello(SSL_HANDSHAKE *hs,
2734
- uint8_t *out_alert,
2735
- CBS *contents) {
2736
- return ext_quic_transport_params_parse_clienthello_impl(
2737
- hs, out_alert, contents, /*used_legacy_codepoint=*/false);
2738
- }
2739
-
2740
- static bool ext_quic_transport_params_parse_clienthello_legacy(
2741
- SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) {
2742
- return ext_quic_transport_params_parse_clienthello_impl(
2743
- hs, out_alert, contents, /*used_legacy_codepoint=*/true);
2744
- }
2745
-
2746
- static bool ext_quic_transport_params_add_serverhello_impl(
2747
- SSL_HANDSHAKE *hs, CBB *out, bool use_legacy_codepoint) {
2748
- if (hs->ssl->quic_method == nullptr && use_legacy_codepoint) {
2749
- // Ignore the legacy private-use codepoint because that could be sent
2750
- // to mean something else than QUIC transport parameters.
2751
- return true;
2752
- }
2753
- assert(hs->ssl->quic_method != nullptr);
2754
- if (hs->config->quic_transport_params.empty()) {
2755
- // Transport parameters must be set when using QUIC.
2756
- OPENSSL_PUT_ERROR(SSL, SSL_R_QUIC_TRANSPORT_PARAMETERS_MISCONFIGURED);
2757
- return false;
2758
- }
2759
- if (use_legacy_codepoint != hs->config->quic_use_legacy_codepoint) {
2760
- // Do nothing, we'll send the other codepoint.
2761
- return true;
2762
- }
2763
-
2764
- uint16_t extension_type = TLSEXT_TYPE_quic_transport_parameters;
2765
- if (hs->config->quic_use_legacy_codepoint) {
2766
- extension_type = TLSEXT_TYPE_quic_transport_parameters_legacy;
2767
- }
2768
-
2769
- CBB contents;
2770
- if (!CBB_add_u16(out, extension_type) ||
2771
- !CBB_add_u16_length_prefixed(out, &contents) ||
2772
- !CBB_add_bytes(&contents, hs->config->quic_transport_params.data(),
2773
- hs->config->quic_transport_params.size()) ||
2774
- !CBB_flush(out)) {
2775
- return false;
2776
- }
2777
-
2778
- return true;
2779
- }
2780
-
2781
- static bool ext_quic_transport_params_add_serverhello(SSL_HANDSHAKE *hs,
2782
- CBB *out) {
2783
- return ext_quic_transport_params_add_serverhello_impl(
2784
- hs, out, /*use_legacy_codepoint=*/false);
2785
- }
2786
-
2787
- static bool ext_quic_transport_params_add_serverhello_legacy(SSL_HANDSHAKE *hs,
2788
- CBB *out) {
2789
- return ext_quic_transport_params_add_serverhello_impl(
2790
- hs, out, /*use_legacy_codepoint=*/true);
2791
- }
2792
-
2793
- // Delegated credentials.
2794
- //
2795
- // https://tools.ietf.org/html/draft-ietf-tls-subcerts
2796
-
2797
- static bool ext_delegated_credential_add_clienthello(
2798
- const SSL_HANDSHAKE *hs, CBB *out, CBB *out_compressible,
2799
- ssl_client_hello_type_t type) {
2800
- return true;
2801
- }
2802
-
2803
- static bool ext_delegated_credential_parse_clienthello(SSL_HANDSHAKE *hs,
2804
- uint8_t *out_alert,
2805
- CBS *contents) {
2806
- if (contents == nullptr || ssl_protocol_version(hs->ssl) < TLS1_3_VERSION) {
2807
- // Don't use delegated credentials unless we're negotiating TLS 1.3 or
2808
- // higher.
2809
- return true;
2810
- }
2811
-
2812
- // The contents of the extension are the signature algorithms the client will
2813
- // accept for a delegated credential.
2814
- CBS sigalg_list;
2815
- if (!CBS_get_u16_length_prefixed(contents, &sigalg_list) ||
2816
- CBS_len(&sigalg_list) == 0 ||
2817
- CBS_len(contents) != 0 ||
2818
- !parse_u16_array(&sigalg_list, &hs->peer_delegated_credential_sigalgs)) {
2819
- return false;
2820
- }
2821
-
2822
- hs->delegated_credential_requested = true;
2823
- return true;
2824
- }
2825
-
2826
- // Certificate compression
2827
-
2828
- static bool cert_compression_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out,
2829
- CBB *out_compressible,
2830
- ssl_client_hello_type_t type) {
2831
- bool first = true;
2832
- CBB contents, algs;
2833
-
2834
- for (const auto &alg : hs->ssl->ctx->cert_compression_algs) {
2835
- if (alg.decompress == nullptr) {
2836
- continue;
2837
- }
2838
-
2839
- if (first &&
2840
- (!CBB_add_u16(out_compressible, TLSEXT_TYPE_cert_compression) ||
2841
- !CBB_add_u16_length_prefixed(out_compressible, &contents) ||
2842
- !CBB_add_u8_length_prefixed(&contents, &algs))) {
2843
- return false;
2844
- }
2845
- first = false;
2846
- if (!CBB_add_u16(&algs, alg.alg_id)) {
2847
- return false;
2848
- }
2849
- }
2850
-
2851
- return first || CBB_flush(out_compressible);
2852
- }
2853
-
2854
- static bool cert_compression_parse_serverhello(SSL_HANDSHAKE *hs,
2855
- uint8_t *out_alert,
2856
- CBS *contents) {
2857
- if (contents == nullptr) {
2858
- return true;
2859
- }
2860
-
2861
- // The server may not echo this extension. Any server to client negotiation is
2862
- // advertised in the CertificateRequest message.
2863
- return false;
2864
- }
2865
-
2866
- static bool cert_compression_parse_clienthello(SSL_HANDSHAKE *hs,
2867
- uint8_t *out_alert,
2868
- CBS *contents) {
2869
- if (contents == nullptr) {
2870
- return true;
2871
- }
2872
-
2873
- const SSL_CTX *ctx = hs->ssl->ctx.get();
2874
- const size_t num_algs = ctx->cert_compression_algs.size();
2875
-
2876
- CBS alg_ids;
2877
- if (!CBS_get_u8_length_prefixed(contents, &alg_ids) ||
2878
- CBS_len(contents) != 0 ||
2879
- CBS_len(&alg_ids) == 0 ||
2880
- CBS_len(&alg_ids) % 2 == 1) {
2881
- return false;
2882
- }
2883
-
2884
- const size_t num_given_alg_ids = CBS_len(&alg_ids) / 2;
2885
- Array<uint16_t> given_alg_ids;
2886
- if (!given_alg_ids.Init(num_given_alg_ids)) {
2887
- return false;
2888
- }
2889
-
2890
- size_t best_index = num_algs;
2891
- size_t given_alg_idx = 0;
2892
-
2893
- while (CBS_len(&alg_ids) > 0) {
2894
- uint16_t alg_id;
2895
- if (!CBS_get_u16(&alg_ids, &alg_id)) {
2896
- return false;
2897
- }
2898
-
2899
- given_alg_ids[given_alg_idx++] = alg_id;
2900
-
2901
- for (size_t i = 0; i < num_algs; i++) {
2902
- const auto &alg = ctx->cert_compression_algs[i];
2903
- if (alg.alg_id == alg_id && alg.compress != nullptr) {
2904
- if (i < best_index) {
2905
- best_index = i;
2906
- }
2907
- break;
2908
- }
2909
- }
2910
- }
2911
-
2912
- qsort(given_alg_ids.data(), given_alg_ids.size(), sizeof(uint16_t),
2913
- compare_uint16_t);
2914
- for (size_t i = 1; i < num_given_alg_ids; i++) {
2915
- if (given_alg_ids[i - 1] == given_alg_ids[i]) {
2916
- return false;
2917
- }
2918
- }
2919
-
2920
- if (best_index < num_algs &&
2921
- ssl_protocol_version(hs->ssl) >= TLS1_3_VERSION) {
2922
- hs->cert_compression_negotiated = true;
2923
- hs->cert_compression_alg_id = ctx->cert_compression_algs[best_index].alg_id;
2924
- }
2925
-
2926
- return true;
2927
- }
2928
-
2929
- static bool cert_compression_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
2930
- return true;
2931
- }
2932
-
2933
- // Application-level Protocol Settings
2934
- //
2935
- // https://tools.ietf.org/html/draft-vvv-tls-alps-01
2936
-
2937
- bool ssl_get_local_application_settings(const SSL_HANDSHAKE *hs,
2938
- Span<const uint8_t> *out_settings,
2939
- Span<const uint8_t> protocol) {
2940
- for (const ALPSConfig &config : hs->config->alps_configs) {
2941
- if (protocol == config.protocol) {
2942
- *out_settings = config.settings;
2943
- return true;
2944
- }
2945
- }
2946
- return false;
2947
- }
2948
-
2949
- static bool ext_alps_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out,
2950
- CBB *out_compressible,
2951
- ssl_client_hello_type_t type) {
2952
- const SSL *const ssl = hs->ssl;
2953
- if (// ALPS requires TLS 1.3.
2954
- hs->max_version < TLS1_3_VERSION ||
2955
- // Do not offer ALPS without ALPN.
2956
- hs->config->alpn_client_proto_list.empty() ||
2957
- // Do not offer ALPS if not configured.
2958
- hs->config->alps_configs.empty() ||
2959
- // Do not offer ALPS on renegotiation handshakes.
2960
- ssl->s3->initial_handshake_complete) {
2961
- return true;
2962
- }
2963
-
2964
- CBB contents, proto_list, proto;
2965
- if (!CBB_add_u16(out_compressible, TLSEXT_TYPE_application_settings) ||
2966
- !CBB_add_u16_length_prefixed(out_compressible, &contents) ||
2967
- !CBB_add_u16_length_prefixed(&contents, &proto_list)) {
2968
- return false;
2969
- }
2970
-
2971
- for (const ALPSConfig &config : hs->config->alps_configs) {
2972
- if (!CBB_add_u8_length_prefixed(&proto_list, &proto) ||
2973
- !CBB_add_bytes(&proto, config.protocol.data(),
2974
- config.protocol.size())) {
2975
- return false;
2976
- }
2977
- }
2978
-
2979
- return CBB_flush(out_compressible);
2980
- }
2981
-
2982
- static bool ext_alps_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
2983
- CBS *contents) {
2984
- SSL *const ssl = hs->ssl;
2985
- if (contents == nullptr) {
2986
- return true;
2987
- }
2988
-
2989
- assert(!ssl->s3->initial_handshake_complete);
2990
- assert(!hs->config->alpn_client_proto_list.empty());
2991
- assert(!hs->config->alps_configs.empty());
2992
-
2993
- // ALPS requires TLS 1.3.
2994
- if (ssl_protocol_version(ssl) < TLS1_3_VERSION) {
2995
- *out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
2996
- OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
2997
- return false;
2998
- }
2999
-
3000
- // Note extension callbacks may run in any order, so we defer checking
3001
- // consistency with ALPN to |ssl_check_serverhello_tlsext|.
3002
- if (!hs->new_session->peer_application_settings.CopyFrom(*contents)) {
3003
- *out_alert = SSL_AD_INTERNAL_ERROR;
3004
- return false;
3005
- }
3006
-
3007
- hs->new_session->has_application_settings = true;
3008
- return true;
3009
- }
3010
-
3011
- static bool ext_alps_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
3012
- SSL *const ssl = hs->ssl;
3013
- // If early data is accepted, we omit the ALPS extension. It is implicitly
3014
- // carried over from the previous connection.
3015
- if (hs->new_session == nullptr ||
3016
- !hs->new_session->has_application_settings ||
3017
- ssl->s3->early_data_accepted) {
3018
- return true;
3019
- }
3020
-
3021
- CBB contents;
3022
- if (!CBB_add_u16(out, TLSEXT_TYPE_application_settings) ||
3023
- !CBB_add_u16_length_prefixed(out, &contents) ||
3024
- !CBB_add_bytes(&contents,
3025
- hs->new_session->local_application_settings.data(),
3026
- hs->new_session->local_application_settings.size()) ||
3027
- !CBB_flush(out)) {
3028
- return false;
3029
- }
3030
-
3031
- return true;
3032
- }
3033
-
3034
- bool ssl_negotiate_alps(SSL_HANDSHAKE *hs, uint8_t *out_alert,
3035
- const SSL_CLIENT_HELLO *client_hello) {
3036
- SSL *const ssl = hs->ssl;
3037
- if (ssl->s3->alpn_selected.empty()) {
3038
- return true;
3039
- }
3040
-
3041
- // If we negotiate ALPN over TLS 1.3, try to negotiate ALPS.
3042
- CBS alps_contents;
3043
- Span<const uint8_t> settings;
3044
- if (ssl_protocol_version(ssl) >= TLS1_3_VERSION &&
3045
- ssl_get_local_application_settings(hs, &settings,
3046
- ssl->s3->alpn_selected) &&
3047
- ssl_client_hello_get_extension(client_hello, &alps_contents,
3048
- TLSEXT_TYPE_application_settings)) {
3049
- // Check if the client supports ALPS with the selected ALPN.
3050
- bool found = false;
3051
- CBS alps_list;
3052
- if (!CBS_get_u16_length_prefixed(&alps_contents, &alps_list) ||
3053
- CBS_len(&alps_contents) != 0 ||
3054
- CBS_len(&alps_list) == 0) {
3055
- OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
3056
- *out_alert = SSL_AD_DECODE_ERROR;
3057
- return false;
3058
- }
3059
- while (CBS_len(&alps_list) > 0) {
3060
- CBS protocol_name;
3061
- if (!CBS_get_u8_length_prefixed(&alps_list, &protocol_name) ||
3062
- // Empty protocol names are forbidden.
3063
- CBS_len(&protocol_name) == 0) {
3064
- OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
3065
- *out_alert = SSL_AD_DECODE_ERROR;
3066
- return false;
3067
- }
3068
- if (protocol_name == MakeConstSpan(ssl->s3->alpn_selected)) {
3069
- found = true;
3070
- }
3071
- }
3072
-
3073
- // Negotiate ALPS if both client also supports ALPS for this protocol.
3074
- if (found) {
3075
- hs->new_session->has_application_settings = true;
3076
- if (!hs->new_session->local_application_settings.CopyFrom(settings)) {
3077
- *out_alert = SSL_AD_INTERNAL_ERROR;
3078
- return false;
3079
- }
3080
- }
3081
- }
3082
-
3083
- return true;
3084
- }
3085
-
3086
- // kExtensions contains all the supported extensions.
3087
- static const struct tls_extension kExtensions[] = {
3088
- {
3089
- TLSEXT_TYPE_server_name,
3090
- ext_sni_add_clienthello,
3091
- ext_sni_parse_serverhello,
3092
- ext_sni_parse_clienthello,
3093
- ext_sni_add_serverhello,
3094
- },
3095
- {
3096
- TLSEXT_TYPE_encrypted_client_hello,
3097
- ext_ech_add_clienthello,
3098
- ext_ech_parse_serverhello,
3099
- ext_ech_parse_clienthello,
3100
- ext_ech_add_serverhello,
3101
- },
3102
- {
3103
- TLSEXT_TYPE_extended_master_secret,
3104
- ext_ems_add_clienthello,
3105
- ext_ems_parse_serverhello,
3106
- ext_ems_parse_clienthello,
3107
- ext_ems_add_serverhello,
3108
- },
3109
- {
3110
- TLSEXT_TYPE_renegotiate,
3111
- ext_ri_add_clienthello,
3112
- ext_ri_parse_serverhello,
3113
- ext_ri_parse_clienthello,
3114
- ext_ri_add_serverhello,
3115
- },
3116
- {
3117
- TLSEXT_TYPE_supported_groups,
3118
- ext_supported_groups_add_clienthello,
3119
- ext_supported_groups_parse_serverhello,
3120
- ext_supported_groups_parse_clienthello,
3121
- dont_add_serverhello,
3122
- },
3123
- {
3124
- TLSEXT_TYPE_ec_point_formats,
3125
- ext_ec_point_add_clienthello,
3126
- ext_ec_point_parse_serverhello,
3127
- ext_ec_point_parse_clienthello,
3128
- ext_ec_point_add_serverhello,
3129
- },
3130
- {
3131
- TLSEXT_TYPE_session_ticket,
3132
- ext_ticket_add_clienthello,
3133
- ext_ticket_parse_serverhello,
3134
- // Ticket extension client parsing is handled in ssl_session.c
3135
- ignore_parse_clienthello,
3136
- ext_ticket_add_serverhello,
3137
- },
3138
- {
3139
- TLSEXT_TYPE_application_layer_protocol_negotiation,
3140
- ext_alpn_add_clienthello,
3141
- ext_alpn_parse_serverhello,
3142
- // ALPN is negotiated late in |ssl_negotiate_alpn|.
3143
- ignore_parse_clienthello,
3144
- ext_alpn_add_serverhello,
3145
- },
3146
- {
3147
- TLSEXT_TYPE_status_request,
3148
- ext_ocsp_add_clienthello,
3149
- ext_ocsp_parse_serverhello,
3150
- ext_ocsp_parse_clienthello,
3151
- ext_ocsp_add_serverhello,
3152
- },
3153
- {
3154
- TLSEXT_TYPE_signature_algorithms,
3155
- ext_sigalgs_add_clienthello,
3156
- forbid_parse_serverhello,
3157
- ext_sigalgs_parse_clienthello,
3158
- dont_add_serverhello,
3159
- },
3160
- {
3161
- TLSEXT_TYPE_next_proto_neg,
3162
- ext_npn_add_clienthello,
3163
- ext_npn_parse_serverhello,
3164
- ext_npn_parse_clienthello,
3165
- ext_npn_add_serverhello,
3166
- },
3167
- {
3168
- TLSEXT_TYPE_certificate_timestamp,
3169
- ext_sct_add_clienthello,
3170
- ext_sct_parse_serverhello,
3171
- ext_sct_parse_clienthello,
3172
- ext_sct_add_serverhello,
3173
- },
3174
- {
3175
- TLSEXT_TYPE_channel_id,
3176
- ext_channel_id_add_clienthello,
3177
- ext_channel_id_parse_serverhello,
3178
- ext_channel_id_parse_clienthello,
3179
- ext_channel_id_add_serverhello,
3180
- },
3181
- {
3182
- TLSEXT_TYPE_srtp,
3183
- ext_srtp_add_clienthello,
3184
- ext_srtp_parse_serverhello,
3185
- ext_srtp_parse_clienthello,
3186
- ext_srtp_add_serverhello,
3187
- },
3188
- {
3189
- TLSEXT_TYPE_key_share,
3190
- ext_key_share_add_clienthello,
3191
- forbid_parse_serverhello,
3192
- ignore_parse_clienthello,
3193
- dont_add_serverhello,
3194
- },
3195
- {
3196
- TLSEXT_TYPE_psk_key_exchange_modes,
3197
- ext_psk_key_exchange_modes_add_clienthello,
3198
- forbid_parse_serverhello,
3199
- ext_psk_key_exchange_modes_parse_clienthello,
3200
- dont_add_serverhello,
3201
- },
3202
- {
3203
- TLSEXT_TYPE_early_data,
3204
- ext_early_data_add_clienthello,
3205
- ext_early_data_parse_serverhello,
3206
- ext_early_data_parse_clienthello,
3207
- ext_early_data_add_serverhello,
3208
- },
3209
- {
3210
- TLSEXT_TYPE_supported_versions,
3211
- ext_supported_versions_add_clienthello,
3212
- forbid_parse_serverhello,
3213
- ignore_parse_clienthello,
3214
- dont_add_serverhello,
3215
- },
3216
- {
3217
- TLSEXT_TYPE_cookie,
3218
- ext_cookie_add_clienthello,
3219
- forbid_parse_serverhello,
3220
- ignore_parse_clienthello,
3221
- dont_add_serverhello,
3222
- },
3223
- {
3224
- TLSEXT_TYPE_quic_transport_parameters,
3225
- ext_quic_transport_params_add_clienthello,
3226
- ext_quic_transport_params_parse_serverhello,
3227
- ext_quic_transport_params_parse_clienthello,
3228
- ext_quic_transport_params_add_serverhello,
3229
- },
3230
- {
3231
- TLSEXT_TYPE_quic_transport_parameters_legacy,
3232
- ext_quic_transport_params_add_clienthello_legacy,
3233
- ext_quic_transport_params_parse_serverhello_legacy,
3234
- ext_quic_transport_params_parse_clienthello_legacy,
3235
- ext_quic_transport_params_add_serverhello_legacy,
3236
- },
3237
- {
3238
- TLSEXT_TYPE_cert_compression,
3239
- cert_compression_add_clienthello,
3240
- cert_compression_parse_serverhello,
3241
- cert_compression_parse_clienthello,
3242
- cert_compression_add_serverhello,
3243
- },
3244
- {
3245
- TLSEXT_TYPE_delegated_credential,
3246
- ext_delegated_credential_add_clienthello,
3247
- forbid_parse_serverhello,
3248
- ext_delegated_credential_parse_clienthello,
3249
- dont_add_serverhello,
3250
- },
3251
- {
3252
- TLSEXT_TYPE_application_settings,
3253
- ext_alps_add_clienthello,
3254
- ext_alps_parse_serverhello,
3255
- // ALPS is negotiated late in |ssl_negotiate_alpn|.
3256
- ignore_parse_clienthello,
3257
- ext_alps_add_serverhello,
3258
- },
3259
- };
3260
-
3261
- #define kNumExtensions (sizeof(kExtensions) / sizeof(struct tls_extension))
3262
-
3263
- static_assert(kNumExtensions <=
3264
- sizeof(((SSL_HANDSHAKE *)NULL)->extensions.sent) * 8,
3265
- "too many extensions for sent bitset");
3266
- static_assert(kNumExtensions <=
3267
- sizeof(((SSL_HANDSHAKE *)NULL)->extensions.received) * 8,
3268
- "too many extensions for received bitset");
3269
-
3270
- bool ssl_setup_extension_permutation(SSL_HANDSHAKE *hs) {
3271
- if (!hs->config->permute_extensions) {
3272
- return true;
3273
- }
3274
-
3275
- static_assert(kNumExtensions <= UINT8_MAX,
3276
- "extensions_permutation type is too small");
3277
- uint32_t seeds[kNumExtensions - 1];
3278
- Array<uint8_t> permutation;
3279
- if (!RAND_bytes(reinterpret_cast<uint8_t *>(seeds), sizeof(seeds)) ||
3280
- !permutation.Init(kNumExtensions)) {
3281
- return false;
3282
- }
3283
- for (size_t i = 0; i < kNumExtensions; i++) {
3284
- permutation[i] = i;
3285
- }
3286
- for (size_t i = kNumExtensions - 1; i > 0; i--) {
3287
- // Set element |i| to a randomly-selected element 0 <= j <= i.
3288
- std::swap(permutation[i], permutation[seeds[i - 1] % (i + 1)]);
3289
- }
3290
- hs->extension_permutation = std::move(permutation);
3291
- return true;
3292
- }
3293
-
3294
- static const struct tls_extension *tls_extension_find(uint32_t *out_index,
3295
- uint16_t value) {
3296
- unsigned i;
3297
- for (i = 0; i < kNumExtensions; i++) {
3298
- if (kExtensions[i].value == value) {
3299
- *out_index = i;
3300
- return &kExtensions[i];
3301
- }
3302
- }
3303
-
3304
- return NULL;
3305
- }
3306
-
3307
- static bool add_padding_extension(CBB *cbb, uint16_t ext, size_t len) {
3308
- CBB child;
3309
- if (!CBB_add_u16(cbb, ext) || //
3310
- !CBB_add_u16_length_prefixed(cbb, &child) ||
3311
- !CBB_add_zeros(&child, len)) {
3312
- OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
3313
- return false;
3314
- }
3315
- return CBB_flush(cbb);
3316
- }
3317
-
3318
- static bool ssl_add_clienthello_tlsext_inner(SSL_HANDSHAKE *hs, CBB *out,
3319
- CBB *out_encoded,
3320
- bool *out_needs_psk_binder) {
3321
- // When writing ClientHelloInner, we construct the real and encoded
3322
- // ClientHellos concurrently, to handle compression. Uncompressed extensions
3323
- // are written to |extensions| and copied to |extensions_encoded|. Compressed
3324
- // extensions are buffered in |compressed| and written to the end. (ECH can
3325
- // only compress continguous extensions.)
3326
- SSL *const ssl = hs->ssl;
3327
- bssl::ScopedCBB compressed, outer_extensions;
3328
- CBB extensions, extensions_encoded;
3329
- if (!CBB_add_u16_length_prefixed(out, &extensions) ||
3330
- !CBB_add_u16_length_prefixed(out_encoded, &extensions_encoded) ||
3331
- !CBB_init(compressed.get(), 64) ||
3332
- !CBB_init(outer_extensions.get(), 64)) {
3333
- OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
3334
- return false;
3335
- }
3336
-
3337
- hs->inner_extensions_sent = 0;
3338
-
3339
- if (ssl->ctx->grease_enabled) {
3340
- // Add a fake empty extension. See RFC 8701. This always matches
3341
- // |ssl_add_clienthello_tlsext|, so compress it.
3342
- uint16_t grease_ext = ssl_get_grease_value(hs, ssl_grease_extension1);
3343
- if (!add_padding_extension(compressed.get(), grease_ext, 0) ||
3344
- !CBB_add_u16(outer_extensions.get(), grease_ext)) {
3345
- return false;
3346
- }
3347
- }
3348
-
3349
- for (size_t unpermuted = 0; unpermuted < kNumExtensions; unpermuted++) {
3350
- size_t i = hs->extension_permutation.empty()
3351
- ? unpermuted
3352
- : hs->extension_permutation[unpermuted];
3353
- const size_t len_before = CBB_len(&extensions);
3354
- const size_t len_compressed_before = CBB_len(compressed.get());
3355
- if (!kExtensions[i].add_clienthello(hs, &extensions, compressed.get(),
3356
- ssl_client_hello_inner)) {
3357
- OPENSSL_PUT_ERROR(SSL, SSL_R_ERROR_ADDING_EXTENSION);
3358
- ERR_add_error_dataf("extension %u", (unsigned)kExtensions[i].value);
3359
- return false;
3360
- }
3361
-
3362
- const size_t bytes_written = CBB_len(&extensions) - len_before;
3363
- const size_t bytes_written_compressed =
3364
- CBB_len(compressed.get()) - len_compressed_before;
3365
- // The callback may write to at most one output.
3366
- assert(bytes_written == 0 || bytes_written_compressed == 0);
3367
- if (bytes_written != 0 || bytes_written_compressed != 0) {
3368
- hs->inner_extensions_sent |= (1u << i);
3369
- }
3370
- // If compressed, update the running ech_outer_extensions extension.
3371
- if (bytes_written_compressed != 0 &&
3372
- !CBB_add_u16(outer_extensions.get(), kExtensions[i].value)) {
3373
- return false;
3374
- }
3375
- }
3376
-
3377
- if (ssl->ctx->grease_enabled) {
3378
- // Add a fake non-empty extension. See RFC 8701. This always matches
3379
- // |ssl_add_clienthello_tlsext|, so compress it.
3380
- uint16_t grease_ext = ssl_get_grease_value(hs, ssl_grease_extension2);
3381
- if (!add_padding_extension(compressed.get(), grease_ext, 1) ||
3382
- !CBB_add_u16(outer_extensions.get(), grease_ext)) {
3383
- return false;
3384
- }
3385
- }
3386
-
3387
- // Uncompressed extensions are encoded as-is.
3388
- if (!CBB_add_bytes(&extensions_encoded, CBB_data(&extensions),
3389
- CBB_len(&extensions))) {
3390
- return false;
3391
- }
3392
-
3393
- // Flush all the compressed extensions.
3394
- if (CBB_len(compressed.get()) != 0) {
3395
- CBB extension, child;
3396
- // Copy them as-is in the real ClientHelloInner.
3397
- if (!CBB_add_bytes(&extensions, CBB_data(compressed.get()),
3398
- CBB_len(compressed.get())) ||
3399
- // Replace with ech_outer_extensions in the encoded form.
3400
- !CBB_add_u16(&extensions_encoded, TLSEXT_TYPE_ech_outer_extensions) ||
3401
- !CBB_add_u16_length_prefixed(&extensions_encoded, &extension) ||
3402
- !CBB_add_u8_length_prefixed(&extension, &child) ||
3403
- !CBB_add_bytes(&child, CBB_data(outer_extensions.get()),
3404
- CBB_len(outer_extensions.get())) ||
3405
- !CBB_flush(&extensions_encoded)) {
3406
- return false;
3407
- }
3408
- }
3409
-
3410
- // The PSK extension must be last. It is never compressed. Note, if there is a
3411
- // binder, the caller will need to update both ClientHelloInner and
3412
- // EncodedClientHelloInner after computing it.
3413
- const size_t len_before = CBB_len(&extensions);
3414
- if (!ext_pre_shared_key_add_clienthello(hs, &extensions, out_needs_psk_binder,
3415
- ssl_client_hello_inner) ||
3416
- !CBB_add_bytes(&extensions_encoded, CBB_data(&extensions) + len_before,
3417
- CBB_len(&extensions) - len_before) ||
3418
- !CBB_flush(out) || //
3419
- !CBB_flush(out_encoded)) {
3420
- return false;
3421
- }
3422
-
3423
- return true;
3424
- }
3425
-
3426
- bool ssl_add_clienthello_tlsext(SSL_HANDSHAKE *hs, CBB *out, CBB *out_encoded,
3427
- bool *out_needs_psk_binder,
3428
- ssl_client_hello_type_t type,
3429
- size_t header_len) {
3430
- *out_needs_psk_binder = false;
3431
-
3432
- if (type == ssl_client_hello_inner) {
3433
- return ssl_add_clienthello_tlsext_inner(hs, out, out_encoded,
3434
- out_needs_psk_binder);
3435
- }
3436
-
3437
- assert(out_encoded == nullptr); // Only ClientHelloInner needs two outputs.
3438
- SSL *const ssl = hs->ssl;
3439
- CBB extensions;
3440
- if (!CBB_add_u16_length_prefixed(out, &extensions)) {
3441
- OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
3442
- return false;
3443
- }
3444
-
3445
- // Note we may send multiple ClientHellos for DTLS HelloVerifyRequest and TLS
3446
- // 1.3 HelloRetryRequest. For the latter, the extensions may change, so it is
3447
- // important to reset this value.
3448
- hs->extensions.sent = 0;
3449
-
3450
- // Add a fake empty extension. See RFC 8701.
3451
- if (ssl->ctx->grease_enabled &&
3452
- !add_padding_extension(
3453
- &extensions, ssl_get_grease_value(hs, ssl_grease_extension1), 0)) {
3454
- return false;
3455
- }
3456
-
3457
- bool last_was_empty = false;
3458
- for (size_t unpermuted = 0; unpermuted < kNumExtensions; unpermuted++) {
3459
- size_t i = hs->extension_permutation.empty()
3460
- ? unpermuted
3461
- : hs->extension_permutation[unpermuted];
3462
- const size_t len_before = CBB_len(&extensions);
3463
- if (!kExtensions[i].add_clienthello(hs, &extensions, &extensions, type)) {
3464
- OPENSSL_PUT_ERROR(SSL, SSL_R_ERROR_ADDING_EXTENSION);
3465
- ERR_add_error_dataf("extension %u", (unsigned)kExtensions[i].value);
3466
- return false;
3467
- }
3468
-
3469
- const size_t bytes_written = CBB_len(&extensions) - len_before;
3470
- if (bytes_written != 0) {
3471
- hs->extensions.sent |= (1u << i);
3472
- }
3473
- // If the difference in lengths is only four bytes then the extension had
3474
- // an empty body.
3475
- last_was_empty = (bytes_written == 4);
3476
- }
3477
-
3478
- if (ssl->ctx->grease_enabled) {
3479
- // Add a fake non-empty extension. See RFC 8701.
3480
- if (!add_padding_extension(
3481
- &extensions, ssl_get_grease_value(hs, ssl_grease_extension2), 1)) {
3482
- return false;
3483
- }
3484
- last_was_empty = false;
3485
- }
3486
-
3487
- // In cleartext ClientHellos, we add the padding extension to work around
3488
- // bugs. We also apply this padding to ClientHelloOuter, to keep the wire
3489
- // images aligned.
3490
- size_t psk_extension_len = ext_pre_shared_key_clienthello_length(hs, type);
3491
- if (!SSL_is_dtls(ssl) && !ssl->quic_method &&
3492
- !ssl->s3->used_hello_retry_request) {
3493
- header_len +=
3494
- SSL3_HM_HEADER_LENGTH + 2 + CBB_len(&extensions) + psk_extension_len;
3495
- size_t padding_len = 0;
3496
-
3497
- // The final extension must be non-empty. WebSphere Application
3498
- // Server 7.0 is intolerant to the last extension being zero-length. See
3499
- // https://crbug.com/363583.
3500
- if (last_was_empty && psk_extension_len == 0) {
3501
- padding_len = 1;
3502
- // The addition of the padding extension may push us into the F5 bug.
3503
- header_len += 4 + padding_len;
3504
- }
3505
-
3506
- // Add padding to workaround bugs in F5 terminators. See RFC 7685.
3507
- //
3508
- // NB: because this code works out the length of all existing extensions
3509
- // it MUST always appear last (save for any PSK extension).
3510
- if (header_len > 0xff && header_len < 0x200) {
3511
- // If our calculations already included a padding extension, remove that
3512
- // factor because we're about to change its length.
3513
- if (padding_len != 0) {
3514
- header_len -= 4 + padding_len;
3515
- }
3516
- padding_len = 0x200 - header_len;
3517
- // Extensions take at least four bytes to encode. Always include at least
3518
- // one byte of data if including the extension. WebSphere Application
3519
- // Server 7.0 is intolerant to the last extension being zero-length. See
3520
- // https://crbug.com/363583.
3521
- if (padding_len >= 4 + 1) {
3522
- padding_len -= 4;
3523
- } else {
3524
- padding_len = 1;
3525
- }
3526
- }
3527
-
3528
- if (padding_len != 0 &&
3529
- !add_padding_extension(&extensions, TLSEXT_TYPE_padding, padding_len)) {
3530
- return false;
3531
- }
3532
- }
3533
-
3534
- // The PSK extension must be last, including after the padding.
3535
- const size_t len_before = CBB_len(&extensions);
3536
- if (!ext_pre_shared_key_add_clienthello(hs, &extensions, out_needs_psk_binder,
3537
- type)) {
3538
- OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
3539
- return false;
3540
- }
3541
- assert(psk_extension_len == CBB_len(&extensions) - len_before);
3542
- (void)len_before; // |assert| is omitted in release builds.
3543
-
3544
- // Discard empty extensions blocks.
3545
- if (CBB_len(&extensions) == 0) {
3546
- CBB_discard_child(out);
3547
- }
3548
-
3549
- return CBB_flush(out);
3550
- }
3551
-
3552
- bool ssl_add_serverhello_tlsext(SSL_HANDSHAKE *hs, CBB *out) {
3553
- SSL *const ssl = hs->ssl;
3554
- CBB extensions;
3555
- if (!CBB_add_u16_length_prefixed(out, &extensions)) {
3556
- goto err;
3557
- }
3558
-
3559
- for (unsigned i = 0; i < kNumExtensions; i++) {
3560
- if (!(hs->extensions.received & (1u << i))) {
3561
- // Don't send extensions that were not received.
3562
- continue;
3563
- }
3564
-
3565
- if (!kExtensions[i].add_serverhello(hs, &extensions)) {
3566
- OPENSSL_PUT_ERROR(SSL, SSL_R_ERROR_ADDING_EXTENSION);
3567
- ERR_add_error_dataf("extension %u", (unsigned)kExtensions[i].value);
3568
- goto err;
3569
- }
3570
- }
3571
-
3572
- // Discard empty extensions blocks before TLS 1.3.
3573
- if (ssl_protocol_version(ssl) < TLS1_3_VERSION &&
3574
- CBB_len(&extensions) == 0) {
3575
- CBB_discard_child(out);
3576
- }
3577
-
3578
- return CBB_flush(out);
3579
-
3580
- err:
3581
- OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
3582
- return false;
3583
- }
3584
-
3585
- static bool ssl_scan_clienthello_tlsext(SSL_HANDSHAKE *hs,
3586
- const SSL_CLIENT_HELLO *client_hello,
3587
- int *out_alert) {
3588
- hs->extensions.received = 0;
3589
- CBS extensions;
3590
- CBS_init(&extensions, client_hello->extensions, client_hello->extensions_len);
3591
- while (CBS_len(&extensions) != 0) {
3592
- uint16_t type;
3593
- CBS extension;
3594
-
3595
- // Decode the next extension.
3596
- if (!CBS_get_u16(&extensions, &type) ||
3597
- !CBS_get_u16_length_prefixed(&extensions, &extension)) {
3598
- *out_alert = SSL_AD_DECODE_ERROR;
3599
- return false;
3600
- }
3601
-
3602
- unsigned ext_index;
3603
- const struct tls_extension *const ext =
3604
- tls_extension_find(&ext_index, type);
3605
- if (ext == NULL) {
3606
- continue;
3607
- }
3608
-
3609
- hs->extensions.received |= (1u << ext_index);
3610
- uint8_t alert = SSL_AD_DECODE_ERROR;
3611
- if (!ext->parse_clienthello(hs, &alert, &extension)) {
3612
- *out_alert = alert;
3613
- OPENSSL_PUT_ERROR(SSL, SSL_R_ERROR_PARSING_EXTENSION);
3614
- ERR_add_error_dataf("extension %u", (unsigned)type);
3615
- return false;
3616
- }
3617
- }
3618
-
3619
- for (size_t i = 0; i < kNumExtensions; i++) {
3620
- if (hs->extensions.received & (1u << i)) {
3621
- continue;
3622
- }
3623
-
3624
- CBS *contents = NULL, fake_contents;
3625
- static const uint8_t kFakeRenegotiateExtension[] = {0};
3626
- if (kExtensions[i].value == TLSEXT_TYPE_renegotiate &&
3627
- ssl_client_cipher_list_contains_cipher(client_hello,
3628
- SSL3_CK_SCSV & 0xffff)) {
3629
- // The renegotiation SCSV was received so pretend that we received a
3630
- // renegotiation extension.
3631
- CBS_init(&fake_contents, kFakeRenegotiateExtension,
3632
- sizeof(kFakeRenegotiateExtension));
3633
- contents = &fake_contents;
3634
- hs->extensions.received |= (1u << i);
3635
- }
3636
-
3637
- // Extension wasn't observed so call the callback with a NULL
3638
- // parameter.
3639
- uint8_t alert = SSL_AD_DECODE_ERROR;
3640
- if (!kExtensions[i].parse_clienthello(hs, &alert, contents)) {
3641
- OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_EXTENSION);
3642
- ERR_add_error_dataf("extension %u", (unsigned)kExtensions[i].value);
3643
- *out_alert = alert;
3644
- return false;
3645
- }
3646
- }
3647
-
3648
- return true;
3649
- }
3650
-
3651
- bool ssl_parse_clienthello_tlsext(SSL_HANDSHAKE *hs,
3652
- const SSL_CLIENT_HELLO *client_hello) {
3653
- SSL *const ssl = hs->ssl;
3654
- int alert = SSL_AD_DECODE_ERROR;
3655
- if (!ssl_scan_clienthello_tlsext(hs, client_hello, &alert)) {
3656
- ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
3657
- return false;
3658
- }
3659
-
3660
- if (!ssl_check_clienthello_tlsext(hs)) {
3661
- OPENSSL_PUT_ERROR(SSL, SSL_R_CLIENTHELLO_TLSEXT);
3662
- return false;
3663
- }
3664
-
3665
- return true;
3666
- }
3667
-
3668
- static bool ssl_scan_serverhello_tlsext(SSL_HANDSHAKE *hs, const CBS *cbs,
3669
- int *out_alert) {
3670
- CBS extensions = *cbs;
3671
- if (!tls1_check_duplicate_extensions(&extensions)) {
3672
- *out_alert = SSL_AD_DECODE_ERROR;
3673
- return false;
3674
- }
3675
-
3676
- uint32_t received = 0;
3677
- while (CBS_len(&extensions) != 0) {
3678
- uint16_t type;
3679
- CBS extension;
3680
-
3681
- // Decode the next extension.
3682
- if (!CBS_get_u16(&extensions, &type) ||
3683
- !CBS_get_u16_length_prefixed(&extensions, &extension)) {
3684
- *out_alert = SSL_AD_DECODE_ERROR;
3685
- return false;
3686
- }
3687
-
3688
- unsigned ext_index;
3689
- const struct tls_extension *const ext =
3690
- tls_extension_find(&ext_index, type);
3691
-
3692
- if (ext == NULL) {
3693
- OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
3694
- ERR_add_error_dataf("extension %u", (unsigned)type);
3695
- *out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
3696
- return false;
3697
- }
3698
-
3699
- static_assert(kNumExtensions <= sizeof(hs->extensions.sent) * 8,
3700
- "too many bits");
3701
-
3702
- if (!(hs->extensions.sent & (1u << ext_index))) {
3703
- // If the extension was never sent then it is illegal.
3704
- OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
3705
- ERR_add_error_dataf("extension :%u", (unsigned)type);
3706
- *out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
3707
- return false;
3708
- }
3709
-
3710
- received |= (1u << ext_index);
3711
-
3712
- uint8_t alert = SSL_AD_DECODE_ERROR;
3713
- if (!ext->parse_serverhello(hs, &alert, &extension)) {
3714
- OPENSSL_PUT_ERROR(SSL, SSL_R_ERROR_PARSING_EXTENSION);
3715
- ERR_add_error_dataf("extension %u", (unsigned)type);
3716
- *out_alert = alert;
3717
- return false;
3718
- }
3719
- }
3720
-
3721
- for (size_t i = 0; i < kNumExtensions; i++) {
3722
- if (!(received & (1u << i))) {
3723
- // Extension wasn't observed so call the callback with a NULL
3724
- // parameter.
3725
- uint8_t alert = SSL_AD_DECODE_ERROR;
3726
- if (!kExtensions[i].parse_serverhello(hs, &alert, NULL)) {
3727
- OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_EXTENSION);
3728
- ERR_add_error_dataf("extension %u", (unsigned)kExtensions[i].value);
3729
- *out_alert = alert;
3730
- return false;
3731
- }
3732
- }
3733
- }
3734
-
3735
- return true;
3736
- }
3737
-
3738
- static bool ssl_check_clienthello_tlsext(SSL_HANDSHAKE *hs) {
3739
- SSL *const ssl = hs->ssl;
3740
- int ret = SSL_TLSEXT_ERR_NOACK;
3741
- int al = SSL_AD_UNRECOGNIZED_NAME;
3742
- if (ssl->ctx->servername_callback != 0) {
3743
- ret = ssl->ctx->servername_callback(ssl, &al, ssl->ctx->servername_arg);
3744
- } else if (ssl->session_ctx->servername_callback != 0) {
3745
- ret = ssl->session_ctx->servername_callback(
3746
- ssl, &al, ssl->session_ctx->servername_arg);
3747
- }
3748
-
3749
- switch (ret) {
3750
- case SSL_TLSEXT_ERR_ALERT_FATAL:
3751
- ssl_send_alert(ssl, SSL3_AL_FATAL, al);
3752
- return false;
3753
-
3754
- case SSL_TLSEXT_ERR_NOACK:
3755
- hs->should_ack_sni = false;
3756
- return true;
3757
-
3758
- default:
3759
- return true;
3760
- }
3761
- }
3762
-
3763
- static bool ssl_check_serverhello_tlsext(SSL_HANDSHAKE *hs) {
3764
- SSL *const ssl = hs->ssl;
3765
- // ALPS and ALPN have a dependency between each other, so we defer checking
3766
- // consistency to after the callbacks run.
3767
- if (hs->new_session != nullptr && hs->new_session->has_application_settings) {
3768
- // ALPN must be negotiated.
3769
- if (ssl->s3->alpn_selected.empty()) {
3770
- OPENSSL_PUT_ERROR(SSL, SSL_R_NEGOTIATED_ALPS_WITHOUT_ALPN);
3771
- ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
3772
- return false;
3773
- }
3774
-
3775
- // The negotiated protocol must be one of the ones we advertised for ALPS.
3776
- Span<const uint8_t> settings;
3777
- if (!ssl_get_local_application_settings(hs, &settings,
3778
- ssl->s3->alpn_selected)) {
3779
- OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_ALPN_PROTOCOL);
3780
- ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
3781
- return false;
3782
- }
3783
-
3784
- if (!hs->new_session->local_application_settings.CopyFrom(settings)) {
3785
- ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
3786
- return false;
3787
- }
3788
- }
3789
-
3790
- return true;
3791
- }
3792
-
3793
- bool ssl_parse_serverhello_tlsext(SSL_HANDSHAKE *hs, const CBS *cbs) {
3794
- SSL *const ssl = hs->ssl;
3795
- int alert = SSL_AD_DECODE_ERROR;
3796
- if (!ssl_scan_serverhello_tlsext(hs, cbs, &alert)) {
3797
- ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
3798
- return false;
3799
- }
3800
-
3801
- if (!ssl_check_serverhello_tlsext(hs)) {
3802
- return false;
3803
- }
3804
-
3805
- return true;
3806
- }
3807
-
3808
- static enum ssl_ticket_aead_result_t decrypt_ticket_with_cipher_ctx(
3809
- Array<uint8_t> *out, EVP_CIPHER_CTX *cipher_ctx, HMAC_CTX *hmac_ctx,
3810
- Span<const uint8_t> ticket) {
3811
- size_t iv_len = EVP_CIPHER_CTX_iv_length(cipher_ctx);
3812
-
3813
- // Check the MAC at the end of the ticket.
3814
- uint8_t mac[EVP_MAX_MD_SIZE];
3815
- size_t mac_len = HMAC_size(hmac_ctx);
3816
- if (ticket.size() < SSL_TICKET_KEY_NAME_LEN + iv_len + 1 + mac_len) {
3817
- // The ticket must be large enough for key name, IV, data, and MAC.
3818
- return ssl_ticket_aead_ignore_ticket;
3819
- }
3820
- // Split the ticket into the ticket and the MAC.
3821
- auto ticket_mac = ticket.last(mac_len);
3822
- ticket = ticket.first(ticket.size() - mac_len);
3823
- HMAC_Update(hmac_ctx, ticket.data(), ticket.size());
3824
- HMAC_Final(hmac_ctx, mac, NULL);
3825
- assert(mac_len == ticket_mac.size());
3826
- bool mac_ok = CRYPTO_memcmp(mac, ticket_mac.data(), mac_len) == 0;
3827
- #if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
3828
- mac_ok = true;
3829
- #endif
3830
- if (!mac_ok) {
3831
- return ssl_ticket_aead_ignore_ticket;
3832
- }
3833
-
3834
- // Decrypt the session data.
3835
- auto ciphertext = ticket.subspan(SSL_TICKET_KEY_NAME_LEN + iv_len);
3836
- Array<uint8_t> plaintext;
3837
- #if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
3838
- if (!plaintext.CopyFrom(ciphertext)) {
3839
- return ssl_ticket_aead_error;
3840
- }
3841
- #else
3842
- if (ciphertext.size() >= INT_MAX) {
3843
- return ssl_ticket_aead_ignore_ticket;
3844
- }
3845
- if (!plaintext.Init(ciphertext.size())) {
3846
- return ssl_ticket_aead_error;
3847
- }
3848
- int len1, len2;
3849
- if (!EVP_DecryptUpdate(cipher_ctx, plaintext.data(), &len1, ciphertext.data(),
3850
- (int)ciphertext.size()) ||
3851
- !EVP_DecryptFinal_ex(cipher_ctx, plaintext.data() + len1, &len2)) {
3852
- ERR_clear_error();
3853
- return ssl_ticket_aead_ignore_ticket;
3854
- }
3855
- plaintext.Shrink(static_cast<size_t>(len1) + len2);
3856
- #endif
3857
-
3858
- *out = std::move(plaintext);
3859
- return ssl_ticket_aead_success;
3860
- }
3861
-
3862
- static enum ssl_ticket_aead_result_t ssl_decrypt_ticket_with_cb(
3863
- SSL_HANDSHAKE *hs, Array<uint8_t> *out, bool *out_renew_ticket,
3864
- Span<const uint8_t> ticket) {
3865
- assert(ticket.size() >= SSL_TICKET_KEY_NAME_LEN + EVP_MAX_IV_LENGTH);
3866
- ScopedEVP_CIPHER_CTX cipher_ctx;
3867
- ScopedHMAC_CTX hmac_ctx;
3868
- auto name = ticket.subspan(0, SSL_TICKET_KEY_NAME_LEN);
3869
- // The actual IV is shorter, but the length is determined by the callback's
3870
- // chosen cipher. Instead we pass in |EVP_MAX_IV_LENGTH| worth of IV to ensure
3871
- // the callback has enough.
3872
- auto iv = ticket.subspan(SSL_TICKET_KEY_NAME_LEN, EVP_MAX_IV_LENGTH);
3873
- int cb_ret = hs->ssl->session_ctx->ticket_key_cb(
3874
- hs->ssl, const_cast<uint8_t *>(name.data()),
3875
- const_cast<uint8_t *>(iv.data()), cipher_ctx.get(), hmac_ctx.get(),
3876
- 0 /* decrypt */);
3877
- if (cb_ret < 0) {
3878
- return ssl_ticket_aead_error;
3879
- } else if (cb_ret == 0) {
3880
- return ssl_ticket_aead_ignore_ticket;
3881
- } else if (cb_ret == 2) {
3882
- *out_renew_ticket = true;
3883
- } else {
3884
- assert(cb_ret == 1);
3885
- }
3886
- return decrypt_ticket_with_cipher_ctx(out, cipher_ctx.get(), hmac_ctx.get(),
3887
- ticket);
3888
- }
3889
-
3890
- static enum ssl_ticket_aead_result_t ssl_decrypt_ticket_with_ticket_keys(
3891
- SSL_HANDSHAKE *hs, Array<uint8_t> *out, Span<const uint8_t> ticket) {
3892
- assert(ticket.size() >= SSL_TICKET_KEY_NAME_LEN + EVP_MAX_IV_LENGTH);
3893
- SSL_CTX *ctx = hs->ssl->session_ctx.get();
3894
-
3895
- // Rotate the ticket key if necessary.
3896
- if (!ssl_ctx_rotate_ticket_encryption_key(ctx)) {
3897
- return ssl_ticket_aead_error;
3898
- }
3899
-
3900
- const EVP_CIPHER *cipher = EVP_aes_128_cbc();
3901
- auto name = ticket.subspan(0, SSL_TICKET_KEY_NAME_LEN);
3902
- auto iv =
3903
- ticket.subspan(SSL_TICKET_KEY_NAME_LEN, EVP_CIPHER_iv_length(cipher));
3904
-
3905
- // Pick the matching ticket key and decrypt.
3906
- ScopedEVP_CIPHER_CTX cipher_ctx;
3907
- ScopedHMAC_CTX hmac_ctx;
3908
- {
3909
- MutexReadLock lock(&ctx->lock);
3910
- const TicketKey *key;
3911
- if (ctx->ticket_key_current && name == ctx->ticket_key_current->name) {
3912
- key = ctx->ticket_key_current.get();
3913
- } else if (ctx->ticket_key_prev && name == ctx->ticket_key_prev->name) {
3914
- key = ctx->ticket_key_prev.get();
3915
- } else {
3916
- return ssl_ticket_aead_ignore_ticket;
3917
- }
3918
- if (!HMAC_Init_ex(hmac_ctx.get(), key->hmac_key, sizeof(key->hmac_key),
3919
- tlsext_tick_md(), NULL) ||
3920
- !EVP_DecryptInit_ex(cipher_ctx.get(), cipher, NULL,
3921
- key->aes_key, iv.data())) {
3922
- return ssl_ticket_aead_error;
3923
- }
3924
- }
3925
- return decrypt_ticket_with_cipher_ctx(out, cipher_ctx.get(), hmac_ctx.get(),
3926
- ticket);
3927
- }
3928
-
3929
- static enum ssl_ticket_aead_result_t ssl_decrypt_ticket_with_method(
3930
- SSL_HANDSHAKE *hs, Array<uint8_t> *out, bool *out_renew_ticket,
3931
- Span<const uint8_t> ticket) {
3932
- Array<uint8_t> plaintext;
3933
- if (!plaintext.Init(ticket.size())) {
3934
- OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
3935
- return ssl_ticket_aead_error;
3936
- }
3937
-
3938
- size_t plaintext_len;
3939
- const enum ssl_ticket_aead_result_t result =
3940
- hs->ssl->session_ctx->ticket_aead_method->open(
3941
- hs->ssl, plaintext.data(), &plaintext_len, ticket.size(),
3942
- ticket.data(), ticket.size());
3943
- if (result != ssl_ticket_aead_success) {
3944
- return result;
3945
- }
3946
-
3947
- plaintext.Shrink(plaintext_len);
3948
- *out = std::move(plaintext);
3949
- return ssl_ticket_aead_success;
3950
- }
3951
-
3952
- enum ssl_ticket_aead_result_t ssl_process_ticket(
3953
- SSL_HANDSHAKE *hs, UniquePtr<SSL_SESSION> *out_session,
3954
- bool *out_renew_ticket, Span<const uint8_t> ticket,
3955
- Span<const uint8_t> session_id) {
3956
- SSL *const ssl = hs->ssl;
3957
- *out_renew_ticket = false;
3958
- out_session->reset();
3959
-
3960
- if ((SSL_get_options(hs->ssl) & SSL_OP_NO_TICKET) ||
3961
- session_id.size() > SSL_MAX_SSL_SESSION_ID_LENGTH) {
3962
- return ssl_ticket_aead_ignore_ticket;
3963
- }
3964
-
3965
- // Tickets in TLS 1.3 are tied into pre-shared keys (PSKs), unlike in TLS 1.2
3966
- // where that concept doesn't exist. The |decrypted_psk| and |ignore_psk|
3967
- // hints only apply to PSKs. We check the version to determine which this is.
3968
- const bool is_psk = ssl_protocol_version(ssl) >= TLS1_3_VERSION;
3969
-
3970
- Array<uint8_t> plaintext;
3971
- enum ssl_ticket_aead_result_t result;
3972
- SSL_HANDSHAKE_HINTS *const hints = hs->hints.get();
3973
- if (is_psk && hints && !hs->hints_requested &&
3974
- !hints->decrypted_psk.empty()) {
3975
- result = plaintext.CopyFrom(hints->decrypted_psk) ? ssl_ticket_aead_success
3976
- : ssl_ticket_aead_error;
3977
- } else if (is_psk && hints && !hs->hints_requested && hints->ignore_psk) {
3978
- result = ssl_ticket_aead_ignore_ticket;
3979
- } else if (ssl->session_ctx->ticket_aead_method != NULL) {
3980
- result = ssl_decrypt_ticket_with_method(hs, &plaintext, out_renew_ticket,
3981
- ticket);
3982
- } else {
3983
- // Ensure there is room for the key name and the largest IV |ticket_key_cb|
3984
- // may try to consume. The real limit may be lower, but the maximum IV
3985
- // length should be well under the minimum size for the session material and
3986
- // HMAC.
3987
- if (ticket.size() < SSL_TICKET_KEY_NAME_LEN + EVP_MAX_IV_LENGTH) {
3988
- result = ssl_ticket_aead_ignore_ticket;
3989
- } else if (ssl->session_ctx->ticket_key_cb != NULL) {
3990
- result =
3991
- ssl_decrypt_ticket_with_cb(hs, &plaintext, out_renew_ticket, ticket);
3992
- } else {
3993
- result = ssl_decrypt_ticket_with_ticket_keys(hs, &plaintext, ticket);
3994
- }
3995
- }
3996
-
3997
- if (is_psk && hints && hs->hints_requested) {
3998
- if (result == ssl_ticket_aead_ignore_ticket) {
3999
- hints->ignore_psk = true;
4000
- } else if (result == ssl_ticket_aead_success &&
4001
- !hints->decrypted_psk.CopyFrom(plaintext)) {
4002
- return ssl_ticket_aead_error;
4003
- }
4004
- }
4005
-
4006
- if (result != ssl_ticket_aead_success) {
4007
- return result;
4008
- }
4009
-
4010
- // Decode the session.
4011
- UniquePtr<SSL_SESSION> session(SSL_SESSION_from_bytes(
4012
- plaintext.data(), plaintext.size(), ssl->ctx.get()));
4013
- if (!session) {
4014
- ERR_clear_error(); // Don't leave an error on the queue.
4015
- return ssl_ticket_aead_ignore_ticket;
4016
- }
4017
-
4018
- // Envoy's tests expect the session to have a session ID that matches the
4019
- // placeholder used by the client. It's unclear whether this is a good idea,
4020
- // but we maintain it for now.
4021
- SHA256(ticket.data(), ticket.size(), session->session_id);
4022
- // Other consumers may expect a non-empty session ID to indicate resumption.
4023
- session->session_id_length = SHA256_DIGEST_LENGTH;
4024
-
4025
- *out_session = std::move(session);
4026
- return ssl_ticket_aead_success;
4027
- }
4028
-
4029
- bool tls1_parse_peer_sigalgs(SSL_HANDSHAKE *hs, const CBS *in_sigalgs) {
4030
- // Extension ignored for inappropriate versions
4031
- if (ssl_protocol_version(hs->ssl) < TLS1_2_VERSION) {
4032
- return true;
4033
- }
4034
-
4035
- // In all contexts, the signature algorithms list may not be empty. (It may be
4036
- // omitted by clients in TLS 1.2, but then the entire extension is omitted.)
4037
- return CBS_len(in_sigalgs) != 0 &&
4038
- parse_u16_array(in_sigalgs, &hs->peer_sigalgs);
4039
- }
4040
-
4041
- bool tls1_get_legacy_signature_algorithm(uint16_t *out, const EVP_PKEY *pkey) {
4042
- switch (EVP_PKEY_id(pkey)) {
4043
- case EVP_PKEY_RSA:
4044
- *out = SSL_SIGN_RSA_PKCS1_MD5_SHA1;
4045
- return true;
4046
- case EVP_PKEY_EC:
4047
- *out = SSL_SIGN_ECDSA_SHA1;
4048
- return true;
4049
- default:
4050
- return false;
4051
- }
4052
- }
4053
-
4054
- bool tls1_choose_signature_algorithm(SSL_HANDSHAKE *hs, uint16_t *out) {
4055
- SSL *const ssl = hs->ssl;
4056
- CERT *cert = hs->config->cert.get();
4057
- DC *dc = cert->dc.get();
4058
-
4059
- // Before TLS 1.2, the signature algorithm isn't negotiated as part of the
4060
- // handshake.
4061
- if (ssl_protocol_version(ssl) < TLS1_2_VERSION) {
4062
- if (!tls1_get_legacy_signature_algorithm(out, hs->local_pubkey.get())) {
4063
- OPENSSL_PUT_ERROR(SSL, SSL_R_NO_COMMON_SIGNATURE_ALGORITHMS);
4064
- return false;
4065
- }
4066
- return true;
4067
- }
4068
-
4069
- Span<const uint16_t> sigalgs = kSignSignatureAlgorithms;
4070
- if (ssl_signing_with_dc(hs)) {
4071
- sigalgs = MakeConstSpan(&dc->expected_cert_verify_algorithm, 1);
4072
- } else if (!cert->sigalgs.empty()) {
4073
- sigalgs = cert->sigalgs;
4074
- }
4075
-
4076
- Span<const uint16_t> peer_sigalgs = tls1_get_peer_verify_algorithms(hs);
4077
-
4078
- for (uint16_t sigalg : sigalgs) {
4079
- // SSL_SIGN_RSA_PKCS1_MD5_SHA1 is an internal value and should never be
4080
- // negotiated.
4081
- if (sigalg == SSL_SIGN_RSA_PKCS1_MD5_SHA1 ||
4082
- !ssl_private_key_supports_signature_algorithm(hs, sigalg)) {
4083
- continue;
4084
- }
4085
-
4086
- for (uint16_t peer_sigalg : peer_sigalgs) {
4087
- if (sigalg == peer_sigalg) {
4088
- *out = sigalg;
4089
- return true;
4090
- }
4091
- }
4092
- }
4093
-
4094
- OPENSSL_PUT_ERROR(SSL, SSL_R_NO_COMMON_SIGNATURE_ALGORITHMS);
4095
- return false;
4096
- }
4097
-
4098
- Span<const uint16_t> tls1_get_peer_verify_algorithms(const SSL_HANDSHAKE *hs) {
4099
- Span<const uint16_t> peer_sigalgs = hs->peer_sigalgs;
4100
- if (peer_sigalgs.empty() && ssl_protocol_version(hs->ssl) < TLS1_3_VERSION) {
4101
- // If the client didn't specify any signature_algorithms extension then
4102
- // we can assume that it supports SHA1. See
4103
- // http://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
4104
- static const uint16_t kDefaultPeerAlgorithms[] = {SSL_SIGN_RSA_PKCS1_SHA1,
4105
- SSL_SIGN_ECDSA_SHA1};
4106
- peer_sigalgs = kDefaultPeerAlgorithms;
4107
- }
4108
- return peer_sigalgs;
4109
- }
4110
-
4111
- bool tls1_verify_channel_id(SSL_HANDSHAKE *hs, const SSLMessage &msg) {
4112
- SSL *const ssl = hs->ssl;
4113
- // A Channel ID handshake message is structured to contain multiple
4114
- // extensions, but the only one that can be present is Channel ID.
4115
- uint16_t extension_type;
4116
- CBS channel_id = msg.body, extension;
4117
- if (!CBS_get_u16(&channel_id, &extension_type) ||
4118
- !CBS_get_u16_length_prefixed(&channel_id, &extension) ||
4119
- CBS_len(&channel_id) != 0 ||
4120
- extension_type != TLSEXT_TYPE_channel_id ||
4121
- CBS_len(&extension) != TLSEXT_CHANNEL_ID_SIZE) {
4122
- OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
4123
- ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
4124
- return false;
4125
- }
4126
-
4127
- UniquePtr<EC_GROUP> p256(EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
4128
- if (!p256) {
4129
- OPENSSL_PUT_ERROR(SSL, SSL_R_NO_P256_SUPPORT);
4130
- return false;
4131
- }
4132
-
4133
- UniquePtr<ECDSA_SIG> sig(ECDSA_SIG_new());
4134
- UniquePtr<BIGNUM> x(BN_new()), y(BN_new());
4135
- if (!sig || !x || !y) {
4136
- return false;
4137
- }
4138
-
4139
- const uint8_t *p = CBS_data(&extension);
4140
- if (BN_bin2bn(p + 0, 32, x.get()) == NULL ||
4141
- BN_bin2bn(p + 32, 32, y.get()) == NULL ||
4142
- BN_bin2bn(p + 64, 32, sig->r) == NULL ||
4143
- BN_bin2bn(p + 96, 32, sig->s) == NULL) {
4144
- return false;
4145
- }
4146
-
4147
- UniquePtr<EC_KEY> key(EC_KEY_new());
4148
- UniquePtr<EC_POINT> point(EC_POINT_new(p256.get()));
4149
- if (!key || !point ||
4150
- !EC_POINT_set_affine_coordinates_GFp(p256.get(), point.get(), x.get(),
4151
- y.get(), nullptr) ||
4152
- !EC_KEY_set_group(key.get(), p256.get()) ||
4153
- !EC_KEY_set_public_key(key.get(), point.get())) {
4154
- return false;
4155
- }
4156
-
4157
- uint8_t digest[EVP_MAX_MD_SIZE];
4158
- size_t digest_len;
4159
- if (!tls1_channel_id_hash(hs, digest, &digest_len)) {
4160
- return false;
4161
- }
4162
-
4163
- bool sig_ok = ECDSA_do_verify(digest, digest_len, sig.get(), key.get());
4164
- #if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
4165
- sig_ok = true;
4166
- ERR_clear_error();
4167
- #endif
4168
- if (!sig_ok) {
4169
- OPENSSL_PUT_ERROR(SSL, SSL_R_CHANNEL_ID_SIGNATURE_INVALID);
4170
- ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
4171
- return false;
4172
- }
4173
-
4174
- OPENSSL_memcpy(ssl->s3->channel_id, p, 64);
4175
- ssl->s3->channel_id_valid = true;
4176
- return true;
4177
- }
4178
-
4179
- bool tls1_write_channel_id(SSL_HANDSHAKE *hs, CBB *cbb) {
4180
- uint8_t digest[EVP_MAX_MD_SIZE];
4181
- size_t digest_len;
4182
- if (!tls1_channel_id_hash(hs, digest, &digest_len)) {
4183
- return false;
4184
- }
4185
-
4186
- EC_KEY *ec_key = EVP_PKEY_get0_EC_KEY(hs->config->channel_id_private.get());
4187
- if (ec_key == nullptr) {
4188
- OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
4189
- return false;
4190
- }
4191
-
4192
- UniquePtr<BIGNUM> x(BN_new()), y(BN_new());
4193
- if (!x || !y ||
4194
- !EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(ec_key),
4195
- EC_KEY_get0_public_key(ec_key),
4196
- x.get(), y.get(), nullptr)) {
4197
- return false;
4198
- }
4199
-
4200
- UniquePtr<ECDSA_SIG> sig(ECDSA_do_sign(digest, digest_len, ec_key));
4201
- if (!sig) {
4202
- return false;
4203
- }
4204
-
4205
- CBB child;
4206
- if (!CBB_add_u16(cbb, TLSEXT_TYPE_channel_id) ||
4207
- !CBB_add_u16_length_prefixed(cbb, &child) ||
4208
- !BN_bn2cbb_padded(&child, 32, x.get()) ||
4209
- !BN_bn2cbb_padded(&child, 32, y.get()) ||
4210
- !BN_bn2cbb_padded(&child, 32, sig->r) ||
4211
- !BN_bn2cbb_padded(&child, 32, sig->s) ||
4212
- !CBB_flush(cbb)) {
4213
- return false;
4214
- }
4215
-
4216
- return true;
4217
- }
4218
-
4219
- bool tls1_channel_id_hash(SSL_HANDSHAKE *hs, uint8_t *out, size_t *out_len) {
4220
- SSL *const ssl = hs->ssl;
4221
- if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
4222
- Array<uint8_t> msg;
4223
- if (!tls13_get_cert_verify_signature_input(hs, &msg,
4224
- ssl_cert_verify_channel_id)) {
4225
- return false;
4226
- }
4227
- SHA256(msg.data(), msg.size(), out);
4228
- *out_len = SHA256_DIGEST_LENGTH;
4229
- return true;
4230
- }
4231
-
4232
- SHA256_CTX ctx;
4233
-
4234
- SHA256_Init(&ctx);
4235
- static const char kClientIDMagic[] = "TLS Channel ID signature";
4236
- SHA256_Update(&ctx, kClientIDMagic, sizeof(kClientIDMagic));
4237
-
4238
- if (ssl->session != NULL) {
4239
- static const char kResumptionMagic[] = "Resumption";
4240
- SHA256_Update(&ctx, kResumptionMagic, sizeof(kResumptionMagic));
4241
- if (ssl->session->original_handshake_hash_len == 0) {
4242
- OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
4243
- return false;
4244
- }
4245
- SHA256_Update(&ctx, ssl->session->original_handshake_hash,
4246
- ssl->session->original_handshake_hash_len);
4247
- }
4248
-
4249
- uint8_t hs_hash[EVP_MAX_MD_SIZE];
4250
- size_t hs_hash_len;
4251
- if (!hs->transcript.GetHash(hs_hash, &hs_hash_len)) {
4252
- return false;
4253
- }
4254
- SHA256_Update(&ctx, hs_hash, (size_t)hs_hash_len);
4255
- SHA256_Final(out, &ctx);
4256
- *out_len = SHA256_DIGEST_LENGTH;
4257
- return true;
4258
- }
4259
-
4260
- bool tls1_record_handshake_hashes_for_channel_id(SSL_HANDSHAKE *hs) {
4261
- SSL *const ssl = hs->ssl;
4262
- // This function should never be called for a resumed session because the
4263
- // handshake hashes that we wish to record are for the original, full
4264
- // handshake.
4265
- if (ssl->session != NULL) {
4266
- return false;
4267
- }
4268
-
4269
- static_assert(
4270
- sizeof(hs->new_session->original_handshake_hash) == EVP_MAX_MD_SIZE,
4271
- "original_handshake_hash is too small");
4272
-
4273
- size_t digest_len;
4274
- if (!hs->transcript.GetHash(hs->new_session->original_handshake_hash,
4275
- &digest_len)) {
4276
- return false;
4277
- }
4278
-
4279
- static_assert(EVP_MAX_MD_SIZE <= 0xff,
4280
- "EVP_MAX_MD_SIZE does not fit in uint8_t");
4281
- hs->new_session->original_handshake_hash_len = (uint8_t)digest_len;
4282
-
4283
- return true;
4284
- }
4285
-
4286
- bool ssl_is_sct_list_valid(const CBS *contents) {
4287
- // Shallow parse the SCT list for sanity. By the RFC
4288
- // (https://tools.ietf.org/html/rfc6962#section-3.3) neither the list nor any
4289
- // of the SCTs may be empty.
4290
- CBS copy = *contents;
4291
- CBS sct_list;
4292
- if (!CBS_get_u16_length_prefixed(&copy, &sct_list) ||
4293
- CBS_len(&copy) != 0 ||
4294
- CBS_len(&sct_list) == 0) {
4295
- return false;
4296
- }
4297
-
4298
- while (CBS_len(&sct_list) > 0) {
4299
- CBS sct;
4300
- if (!CBS_get_u16_length_prefixed(&sct_list, &sct) ||
4301
- CBS_len(&sct) == 0) {
4302
- return false;
4303
- }
4304
- }
4305
-
4306
- return true;
4307
- }
4308
-
4309
- BSSL_NAMESPACE_END
4310
-
4311
- using namespace bssl;
4312
-
4313
- int SSL_early_callback_ctx_extension_get(const SSL_CLIENT_HELLO *client_hello,
4314
- uint16_t extension_type,
4315
- const uint8_t **out_data,
4316
- size_t *out_len) {
4317
- CBS cbs;
4318
- if (!ssl_client_hello_get_extension(client_hello, &cbs, extension_type)) {
4319
- return 0;
4320
- }
4321
-
4322
- *out_data = CBS_data(&cbs);
4323
- *out_len = CBS_len(&cbs);
4324
- return 1;
4325
- }