grpc 1.9.1 → 1.10.0.pre1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of grpc might be problematic. Click here for more details.

Files changed (637) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +2654 -953
  3. data/etc/roots.pem +282 -683
  4. data/include/grpc/compression.h +9 -26
  5. data/include/grpc/grpc.h +10 -24
  6. data/include/grpc/grpc_security.h +7 -1
  7. data/include/grpc/impl/codegen/compression_types.h +5 -62
  8. data/include/grpc/impl/codegen/grpc_types.h +10 -6
  9. data/include/grpc/module.modulemap +1 -10
  10. data/include/grpc/support/alloc.h +3 -2
  11. data/include/grpc/support/log.h +1 -2
  12. data/{src/core/lib/gpr/thd_internal.h → include/grpc/support/thd_id.h} +23 -9
  13. data/src/boringssl/err_data.c +550 -496
  14. data/src/core/ext/census/grpc_context.cc +2 -1
  15. data/src/core/ext/filters/client_channel/backup_poller.cc +5 -4
  16. data/src/core/ext/filters/client_channel/channel_connectivity.cc +7 -7
  17. data/src/core/ext/filters/client_channel/client_channel.cc +162 -172
  18. data/src/core/ext/filters/client_channel/client_channel_factory.cc +4 -2
  19. data/src/core/ext/filters/client_channel/client_channel_plugin.cc +10 -10
  20. data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +18 -14
  21. data/src/core/ext/filters/client_channel/http_proxy.cc +3 -1
  22. data/src/core/ext/filters/client_channel/lb_policy.cc +21 -105
  23. data/src/core/ext/filters/client_channel/lb_policy.h +166 -170
  24. data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +41 -36
  25. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +1452 -1459
  26. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +1 -1
  27. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +3 -2
  28. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +7 -8
  29. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +27 -27
  30. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +279 -304
  31. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +358 -330
  32. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.cc +30 -41
  33. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +7 -14
  34. data/src/core/ext/filters/client_channel/lb_policy_factory.cc +8 -21
  35. data/src/core/ext/filters/client_channel/lb_policy_factory.h +23 -27
  36. data/src/core/ext/filters/client_channel/lb_policy_registry.cc +58 -33
  37. data/src/core/ext/filters/client_channel/lb_policy_registry.h +25 -12
  38. data/src/core/ext/filters/client_channel/parse_address.cc +10 -8
  39. data/src/core/ext/filters/client_channel/proxy_mapper_registry.cc +2 -2
  40. data/src/core/ext/filters/client_channel/resolver.cc +6 -52
  41. data/src/core/ext/filters/client_channel/resolver.h +98 -55
  42. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +266 -237
  43. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +5 -5
  44. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +31 -27
  45. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +244 -207
  46. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +161 -148
  47. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +47 -31
  48. data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +126 -126
  49. data/src/core/ext/filters/client_channel/resolver_factory.h +33 -32
  50. data/src/core/ext/filters/client_channel/resolver_registry.cc +110 -90
  51. data/src/core/ext/filters/client_channel/resolver_registry.h +49 -36
  52. data/src/core/ext/filters/client_channel/retry_throttle.cc +29 -22
  53. data/src/core/ext/filters/client_channel/subchannel.cc +173 -173
  54. data/src/core/ext/filters/client_channel/subchannel.h +38 -45
  55. data/src/core/ext/filters/client_channel/subchannel_index.cc +44 -40
  56. data/src/core/ext/filters/client_channel/uri_parser.cc +3 -3
  57. data/src/core/ext/filters/deadline/deadline_filter.cc +27 -18
  58. data/src/core/ext/filters/http/client/http_client_filter.cc +26 -23
  59. data/src/core/ext/filters/http/http_filters_plugin.cc +3 -2
  60. data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +78 -110
  61. data/src/core/ext/filters/http/server/http_server_filter.cc +29 -26
  62. data/src/core/ext/filters/load_reporting/server_load_reporting_filter.cc +9 -11
  63. data/src/core/ext/filters/load_reporting/server_load_reporting_plugin.cc +2 -1
  64. data/src/core/ext/filters/max_age/max_age_filter.cc +14 -14
  65. data/src/core/ext/filters/message_size/message_size_filter.cc +20 -18
  66. data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +4 -4
  67. data/src/core/ext/filters/workarounds/workaround_utils.cc +4 -4
  68. data/src/core/ext/transport/chttp2/alpn/alpn.cc +2 -1
  69. data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +10 -10
  70. data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +4 -4
  71. data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +11 -12
  72. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +16 -13
  73. data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +36 -9
  74. data/src/core/ext/transport/chttp2/transport/bin_decoder.h +3 -0
  75. data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +17 -14
  76. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +139 -145
  77. data/src/core/ext/transport/chttp2/transport/flow_control.cc +16 -14
  78. data/src/core/ext/transport/chttp2/transport/flow_control.h +8 -7
  79. data/src/core/ext/transport/chttp2/transport/frame_data.cc +35 -33
  80. data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +27 -25
  81. data/src/core/ext/transport/chttp2/transport/frame_ping.cc +12 -12
  82. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +16 -15
  83. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +19 -19
  84. data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +11 -11
  85. data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +23 -22
  86. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +35 -35
  87. data/src/core/ext/transport/chttp2/transport/hpack_table.cc +10 -7
  88. data/src/core/ext/transport/chttp2/transport/http2_settings.cc +2 -2
  89. data/src/core/ext/transport/chttp2/transport/incoming_metadata.cc +2 -2
  90. data/src/core/ext/transport/chttp2/transport/internal.h +1 -1
  91. data/src/core/ext/transport/chttp2/transport/parsing.cc +35 -39
  92. data/src/core/ext/transport/chttp2/transport/stream_map.cc +8 -7
  93. data/src/core/ext/transport/chttp2/transport/varint.cc +5 -5
  94. data/src/core/ext/transport/chttp2/transport/writing.cc +18 -18
  95. data/src/core/ext/transport/inproc/inproc_transport.cc +43 -23
  96. data/src/core/lib/{gpr → avl}/avl.cc +61 -57
  97. data/{include/grpc/support → src/core/lib/avl}/avl.h +25 -35
  98. data/src/core/lib/backoff/backoff.cc +6 -5
  99. data/src/core/lib/channel/channel_args.cc +23 -109
  100. data/src/core/lib/channel/channel_args.h +5 -31
  101. data/src/core/lib/channel/channel_stack.cc +11 -8
  102. data/src/core/lib/channel/channel_stack_builder.cc +10 -7
  103. data/src/core/lib/channel/connected_channel.cc +18 -17
  104. data/src/core/lib/channel/handshaker.cc +8 -8
  105. data/src/core/lib/channel/handshaker_registry.cc +3 -2
  106. data/src/core/lib/compression/algorithm_metadata.h +13 -6
  107. data/src/core/lib/compression/compression.cc +72 -183
  108. data/src/core/lib/compression/compression_internal.cc +274 -0
  109. data/src/core/lib/compression/compression_internal.h +86 -0
  110. data/src/core/lib/compression/message_compress.cc +15 -15
  111. data/src/core/lib/compression/message_compress.h +4 -3
  112. data/src/core/lib/compression/stream_compression_gzip.cc +8 -8
  113. data/src/core/lib/compression/stream_compression_identity.cc +1 -1
  114. data/src/core/lib/debug/stats.cc +10 -8
  115. data/src/core/lib/debug/stats_data.cc +2 -1
  116. data/src/core/lib/debug/trace.cc +3 -3
  117. data/src/core/lib/gpr/alloc.cc +7 -11
  118. data/src/core/lib/gpr/arena.cc +34 -12
  119. data/src/core/lib/gpr/atm.cc +2 -1
  120. data/src/core/lib/gpr/cpu_linux.cc +3 -3
  121. data/src/core/lib/gpr/cpu_posix.cc +2 -1
  122. data/src/core/lib/gpr/env.h +1 -1
  123. data/src/core/lib/gpr/env_linux.cc +1 -1
  124. data/src/core/lib/gpr/env_windows.cc +4 -4
  125. data/src/core/lib/gpr/fork.cc +16 -2
  126. data/src/core/lib/gpr/host_port.cc +5 -4
  127. data/{include/grpc/support → src/core/lib/gpr}/host_port.h +5 -13
  128. data/src/core/lib/gpr/log.cc +5 -4
  129. data/src/core/lib/gpr/log_linux.cc +1 -1
  130. data/src/core/lib/gpr/mpscq.cc +1 -0
  131. data/src/core/lib/gpr/murmur_hash.cc +4 -4
  132. data/src/core/lib/gpr/string.cc +19 -16
  133. data/src/core/lib/gpr/string_posix.cc +3 -3
  134. data/src/core/lib/gpr/sync_posix.cc +5 -9
  135. data/src/core/lib/gpr/thd.cc +3 -3
  136. data/{include/grpc/support → src/core/lib/gpr}/thd.h +20 -28
  137. data/src/core/lib/gpr/thd_posix.cc +6 -4
  138. data/src/core/lib/gpr/thd_windows.cc +3 -1
  139. data/src/core/lib/gpr/time.cc +6 -4
  140. data/src/core/lib/gpr/time_posix.cc +2 -2
  141. data/{include/grpc/support → src/core/lib/gpr}/tls.h +6 -6
  142. data/{include/grpc/support → src/core/lib/gpr}/tls_gcc.h +3 -3
  143. data/{include/grpc/support → src/core/lib/gpr}/tls_msvc.h +3 -3
  144. data/src/core/lib/gpr/tls_pthread.cc +1 -1
  145. data/{include/grpc/support → src/core/lib/gpr}/tls_pthread.h +3 -3
  146. data/{include/grpc/support → src/core/lib/gpr}/useful.h +3 -3
  147. data/src/core/lib/{gpr++ → gprpp}/abstract.h +3 -3
  148. data/src/core/lib/{gpr++ → gprpp}/atomic.h +5 -5
  149. data/src/core/lib/{gpr++ → gprpp}/atomic_with_atm.h +3 -3
  150. data/src/core/lib/{gpr++ → gprpp}/atomic_with_std.h +3 -3
  151. data/src/core/lib/{gpr++ → gprpp}/debug_location.h +3 -3
  152. data/src/core/lib/{gpr++ → gprpp}/inlined_vector.h +44 -22
  153. data/src/core/lib/{gpr++ → gprpp}/manual_constructor.h +2 -2
  154. data/src/core/lib/{gpr++ → gprpp}/memory.h +14 -5
  155. data/src/core/lib/{gpr++ → gprpp}/orphanable.h +39 -14
  156. data/src/core/lib/{gpr++ → gprpp}/ref_counted.h +42 -10
  157. data/src/core/lib/{gpr++ → gprpp}/ref_counted_ptr.h +18 -8
  158. data/src/core/lib/http/format_request.cc +3 -3
  159. data/src/core/lib/http/httpcli.cc +6 -7
  160. data/src/core/lib/http/httpcli_security_connector.cc +10 -10
  161. data/src/core/lib/http/parser.cc +16 -12
  162. data/src/core/lib/iomgr/call_combiner.cc +12 -13
  163. data/src/core/lib/iomgr/closure.h +4 -6
  164. data/src/core/lib/iomgr/combiner.cc +10 -21
  165. data/src/core/lib/iomgr/error.cc +50 -55
  166. data/src/core/lib/iomgr/ev_epoll1_linux.cc +41 -52
  167. data/src/core/lib/iomgr/ev_epollex_linux.cc +80 -28
  168. data/src/core/lib/iomgr/ev_epollsig_linux.cc +23 -30
  169. data/src/core/lib/iomgr/ev_poll_posix.cc +52 -46
  170. data/src/core/lib/iomgr/ev_posix.cc +47 -6
  171. data/src/core/lib/iomgr/exec_ctx.cc +10 -10
  172. data/src/core/lib/iomgr/exec_ctx.h +1 -1
  173. data/src/core/lib/iomgr/executor.cc +16 -13
  174. data/src/core/lib/iomgr/fork_posix.cc +1 -3
  175. data/src/core/lib/iomgr/gethostname_host_name_max.cc +1 -1
  176. data/src/core/lib/iomgr/iocp_windows.cc +1 -2
  177. data/src/core/lib/iomgr/iomgr.cc +2 -2
  178. data/src/core/lib/iomgr/iomgr_uv.cc +2 -0
  179. data/src/core/lib/iomgr/iomgr_uv.h +1 -1
  180. data/src/core/lib/iomgr/is_epollexclusive_available.cc +5 -4
  181. data/src/core/lib/iomgr/load_file.cc +3 -3
  182. data/src/core/lib/iomgr/pollset_windows.cc +1 -1
  183. data/src/core/lib/iomgr/resolve_address_posix.cc +10 -9
  184. data/src/core/lib/iomgr/resolve_address_uv.cc +2 -2
  185. data/src/core/lib/iomgr/resolve_address_windows.cc +3 -2
  186. data/src/core/lib/iomgr/resource_quota.cc +36 -34
  187. data/src/core/lib/iomgr/sockaddr_utils.cc +39 -23
  188. data/src/core/lib/iomgr/socket_factory_posix.cc +5 -5
  189. data/src/core/lib/iomgr/socket_mutator.cc +7 -7
  190. data/src/core/lib/iomgr/socket_utils_common_posix.cc +7 -4
  191. data/src/core/lib/iomgr/socket_utils_linux.cc +3 -2
  192. data/src/core/lib/iomgr/tcp_client_posix.cc +7 -6
  193. data/src/core/lib/iomgr/tcp_client_windows.cc +0 -1
  194. data/src/core/lib/iomgr/tcp_posix.cc +47 -55
  195. data/src/core/lib/iomgr/tcp_server_posix.cc +12 -10
  196. data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +7 -5
  197. data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +4 -3
  198. data/src/core/lib/iomgr/tcp_windows.cc +1 -1
  199. data/src/core/lib/iomgr/timer_generic.cc +16 -14
  200. data/src/core/lib/iomgr/timer_heap.cc +8 -7
  201. data/src/core/lib/iomgr/timer_manager.cc +4 -3
  202. data/src/core/lib/iomgr/udp_server.cc +24 -16
  203. data/src/core/lib/iomgr/unix_sockets_posix.cc +15 -10
  204. data/src/core/lib/iomgr/wakeup_fd_cv.cc +6 -5
  205. data/src/core/lib/iomgr/wakeup_fd_eventfd.cc +1 -2
  206. data/src/core/lib/json/json.cc +1 -1
  207. data/src/core/lib/json/json_reader.cc +8 -6
  208. data/src/core/lib/json/json_string.cc +19 -18
  209. data/src/core/lib/json/json_writer.cc +10 -8
  210. data/src/core/lib/profiling/basic_timers.cc +1 -1
  211. data/src/core/lib/profiling/timers.h +3 -20
  212. data/src/core/lib/security/context/security_context.cc +16 -14
  213. data/src/core/lib/security/credentials/composite/composite_credentials.cc +17 -14
  214. data/src/core/lib/security/credentials/credentials.cc +9 -8
  215. data/src/core/lib/security/credentials/credentials.h +1 -1
  216. data/src/core/lib/security/credentials/credentials_metadata.cc +2 -2
  217. data/src/core/lib/security/credentials/fake/fake_credentials.cc +12 -13
  218. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +7 -4
  219. data/src/core/lib/security/credentials/iam/iam_credentials.cc +5 -3
  220. data/src/core/lib/security/credentials/jwt/json_token.cc +4 -3
  221. data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +7 -7
  222. data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +21 -18
  223. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +23 -18
  224. data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +11 -7
  225. data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +22 -21
  226. data/src/core/lib/security/{transport → security_connector}/security_connector.cc +46 -43
  227. data/src/core/lib/security/{transport → security_connector}/security_connector.h +3 -3
  228. data/src/core/lib/security/transport/client_auth_filter.cc +32 -34
  229. data/src/core/lib/security/transport/lb_targets_info.cc +7 -5
  230. data/src/core/lib/security/transport/secure_endpoint.cc +21 -21
  231. data/src/core/lib/security/transport/security_handshaker.cc +19 -18
  232. data/src/core/lib/security/transport/security_handshaker.h +1 -1
  233. data/src/core/lib/security/transport/server_auth_filter.cc +21 -21
  234. data/src/core/lib/slice/b64.cc +19 -16
  235. data/src/core/lib/slice/percent_encoding.cc +5 -5
  236. data/src/core/lib/slice/slice.cc +35 -33
  237. data/src/core/lib/slice/slice_buffer.cc +16 -14
  238. data/src/core/lib/slice/slice_hash_table.cc +3 -2
  239. data/src/core/lib/slice/slice_intern.cc +21 -25
  240. data/src/core/lib/slice/slice_string_helpers.cc +45 -9
  241. data/src/core/lib/slice/slice_string_helpers.h +6 -0
  242. data/src/core/lib/surface/byte_buffer.cc +2 -2
  243. data/src/core/lib/surface/byte_buffer_reader.cc +6 -3
  244. data/src/core/lib/surface/call.cc +171 -260
  245. data/src/core/lib/surface/call_test_only.h +1 -13
  246. data/src/core/lib/surface/channel.cc +20 -43
  247. data/src/core/lib/surface/channel_init.cc +7 -7
  248. data/src/core/lib/surface/channel_ping.cc +2 -2
  249. data/src/core/lib/surface/completion_queue.cc +69 -75
  250. data/src/core/lib/surface/init.cc +4 -5
  251. data/src/core/lib/surface/init_secure.cc +1 -1
  252. data/src/core/lib/surface/lame_client.cc +1 -1
  253. data/src/core/lib/surface/server.cc +64 -59
  254. data/src/core/lib/surface/version.cc +2 -2
  255. data/src/core/lib/transport/bdp_estimator.cc +6 -5
  256. data/src/core/lib/transport/byte_stream.cc +23 -14
  257. data/src/core/lib/transport/byte_stream.h +1 -1
  258. data/src/core/lib/transport/connectivity_state.cc +9 -13
  259. data/src/core/lib/transport/error_utils.cc +10 -7
  260. data/src/core/lib/transport/metadata.cc +27 -26
  261. data/src/core/lib/transport/metadata.h +1 -1
  262. data/src/core/lib/transport/pid_controller.cc +2 -1
  263. data/src/core/lib/transport/service_config.cc +5 -5
  264. data/src/core/lib/transport/static_metadata.cc +225 -222
  265. data/src/core/lib/transport/static_metadata.h +77 -76
  266. data/src/core/lib/transport/timeout_encoding.cc +3 -2
  267. data/src/core/lib/transport/transport.cc +6 -5
  268. data/src/core/lib/transport/transport_op_string.cc +0 -1
  269. data/src/core/plugin_registry/grpc_plugin_registry.cc +4 -4
  270. data/src/core/tsi/alts_transport_security.cc +61 -0
  271. data/src/core/tsi/{gts_transport_security.h → alts_transport_security.h} +16 -8
  272. data/src/core/tsi/fake_transport_security.cc +59 -43
  273. data/src/core/tsi/ssl_transport_security.cc +122 -107
  274. data/src/core/tsi/transport_security.cc +3 -3
  275. data/src/core/tsi/transport_security_adapter.cc +16 -10
  276. data/src/ruby/bin/apis/pubsub_demo.rb +1 -1
  277. data/src/ruby/ext/grpc/rb_channel.c +3 -4
  278. data/src/ruby/ext/grpc/rb_compression_options.c +13 -3
  279. data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +4 -76
  280. data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +8 -120
  281. data/src/ruby/ext/grpc/rb_server.c +52 -28
  282. data/src/ruby/lib/grpc/generic/rpc_server.rb +7 -4
  283. data/src/ruby/lib/grpc/version.rb +1 -1
  284. data/src/ruby/pb/test/client.rb +1 -1
  285. data/src/ruby/pb/test/server.rb +1 -1
  286. data/src/ruby/spec/client_server_spec.rb +4 -2
  287. data/src/ruby/spec/generic/active_call_spec.rb +2 -1
  288. data/src/ruby/spec/generic/client_stub_spec.rb +32 -8
  289. data/src/ruby/spec/server_spec.rb +26 -7
  290. data/third_party/boringssl/crypto/asn1/a_bitstr.c +7 -2
  291. data/third_party/boringssl/crypto/asn1/a_d2i_fp.c +15 -0
  292. data/third_party/boringssl/crypto/asn1/a_gentm.c +1 -1
  293. data/third_party/boringssl/crypto/asn1/a_print.c +0 -28
  294. data/third_party/boringssl/crypto/asn1/a_strnid.c +3 -0
  295. data/third_party/boringssl/crypto/asn1/a_time.c +17 -9
  296. data/third_party/boringssl/crypto/asn1/a_utctm.c +1 -1
  297. data/third_party/boringssl/crypto/asn1/asn1_lib.c +5 -49
  298. data/third_party/boringssl/crypto/asn1/asn1_locl.h +1 -1
  299. data/third_party/boringssl/crypto/asn1/tasn_dec.c +9 -9
  300. data/third_party/boringssl/crypto/asn1/tasn_enc.c +0 -6
  301. data/third_party/boringssl/crypto/asn1/time_support.c +5 -5
  302. data/third_party/boringssl/crypto/base64/base64.c +65 -43
  303. data/third_party/boringssl/crypto/bio/bio.c +134 -110
  304. data/third_party/boringssl/crypto/bio/bio_mem.c +9 -9
  305. data/third_party/boringssl/crypto/bio/connect.c +17 -17
  306. data/third_party/boringssl/crypto/bio/fd.c +2 -1
  307. data/third_party/boringssl/crypto/bio/file.c +14 -14
  308. data/third_party/boringssl/crypto/bio/hexdump.c +15 -16
  309. data/third_party/boringssl/crypto/bio/internal.h +14 -14
  310. data/third_party/boringssl/crypto/bio/pair.c +45 -45
  311. data/third_party/boringssl/crypto/bio/printf.c +6 -10
  312. data/third_party/boringssl/crypto/{bn → bn_extra}/bn_asn1.c +9 -9
  313. data/third_party/boringssl/crypto/{bn → bn_extra}/convert.c +18 -223
  314. data/third_party/boringssl/crypto/buf/buf.c +20 -44
  315. data/third_party/boringssl/crypto/bytestring/ber.c +35 -35
  316. data/third_party/boringssl/crypto/bytestring/cbb.c +24 -24
  317. data/third_party/boringssl/crypto/bytestring/cbs.c +33 -37
  318. data/third_party/boringssl/crypto/bytestring/internal.h +38 -38
  319. data/third_party/boringssl/crypto/chacha/chacha.c +7 -7
  320. data/third_party/boringssl/crypto/{asn1/t_bitst.c → cipher_extra/cipher_extra.c} +49 -38
  321. data/third_party/boringssl/crypto/{cipher → cipher_extra}/derive_key.c +0 -2
  322. data/third_party/boringssl/crypto/cipher_extra/e_aesctrhmac.c +281 -0
  323. data/third_party/boringssl/crypto/cipher_extra/e_aesgcmsiv.c +867 -0
  324. data/third_party/boringssl/crypto/cipher_extra/e_chacha20poly1305.c +326 -0
  325. data/third_party/boringssl/crypto/{cipher → cipher_extra}/e_null.c +0 -1
  326. data/third_party/boringssl/crypto/{cipher → cipher_extra}/e_rc2.c +22 -10
  327. data/third_party/boringssl/crypto/{cipher → cipher_extra}/e_rc4.c +0 -0
  328. data/third_party/boringssl/crypto/{cipher → cipher_extra}/e_ssl3.c +120 -64
  329. data/third_party/boringssl/crypto/{cipher → cipher_extra}/e_tls.c +220 -141
  330. data/third_party/boringssl/crypto/{asn1/x_bignum.c → cipher_extra/internal.h} +61 -86
  331. data/third_party/boringssl/crypto/cipher_extra/tls_cbc.c +482 -0
  332. data/third_party/boringssl/crypto/cmac/cmac.c +20 -20
  333. data/third_party/boringssl/crypto/conf/conf.c +32 -20
  334. data/third_party/boringssl/crypto/conf/internal.h +3 -3
  335. data/third_party/boringssl/crypto/cpu-aarch64-linux.c +5 -5
  336. data/third_party/boringssl/crypto/cpu-arm-linux.c +44 -41
  337. data/third_party/boringssl/crypto/cpu-intel.c +68 -43
  338. data/third_party/boringssl/crypto/cpu-ppc64le.c +5 -7
  339. data/third_party/boringssl/crypto/crypto.c +54 -32
  340. data/third_party/boringssl/crypto/curve25519/curve25519.c +269 -269
  341. data/third_party/boringssl/crypto/curve25519/internal.h +28 -8
  342. data/third_party/boringssl/crypto/curve25519/spake25519.c +180 -106
  343. data/third_party/boringssl/crypto/curve25519/x25519-x86_64.c +9 -9
  344. data/third_party/boringssl/crypto/dh/check.c +33 -34
  345. data/third_party/boringssl/crypto/dh/dh.c +72 -36
  346. data/third_party/boringssl/crypto/dh/dh_asn1.c +1 -1
  347. data/third_party/boringssl/crypto/dh/params.c +1 -161
  348. data/third_party/boringssl/crypto/digest_extra/digest_extra.c +240 -0
  349. data/third_party/boringssl/crypto/dsa/dsa.c +127 -87
  350. data/third_party/boringssl/crypto/dsa/dsa_asn1.c +1 -1
  351. data/third_party/boringssl/crypto/{ec → ec_extra}/ec_asn1.c +83 -70
  352. data/third_party/boringssl/crypto/ecdh/ecdh.c +1 -1
  353. data/third_party/boringssl/crypto/{ecdsa → ecdsa_extra}/ecdsa_asn1.c +86 -31
  354. data/third_party/boringssl/crypto/engine/engine.c +6 -6
  355. data/third_party/boringssl/crypto/err/err.c +197 -106
  356. data/third_party/boringssl/crypto/err/internal.h +58 -0
  357. data/third_party/boringssl/crypto/evp/digestsign.c +86 -14
  358. data/third_party/boringssl/crypto/evp/evp.c +6 -11
  359. data/third_party/boringssl/crypto/evp/evp_asn1.c +17 -17
  360. data/third_party/boringssl/crypto/evp/evp_ctx.c +15 -11
  361. data/third_party/boringssl/crypto/evp/internal.h +66 -51
  362. data/third_party/boringssl/crypto/evp/p_dsa_asn1.c +11 -11
  363. data/third_party/boringssl/crypto/evp/p_ec.c +10 -8
  364. data/third_party/boringssl/crypto/evp/p_ec_asn1.c +11 -12
  365. data/third_party/boringssl/crypto/evp/p_ed25519.c +71 -0
  366. data/third_party/boringssl/crypto/evp/p_ed25519_asn1.c +190 -0
  367. data/third_party/boringssl/crypto/evp/p_rsa.c +50 -95
  368. data/third_party/boringssl/crypto/evp/p_rsa_asn1.c +28 -18
  369. data/third_party/boringssl/crypto/evp/pbkdf.c +49 -56
  370. data/third_party/boringssl/crypto/evp/print.c +5 -36
  371. data/third_party/boringssl/crypto/evp/scrypt.c +209 -0
  372. data/third_party/boringssl/crypto/ex_data.c +15 -45
  373. data/third_party/boringssl/crypto/fipsmodule/aes/internal.h +100 -0
  374. data/third_party/boringssl/crypto/fipsmodule/bcm.c +679 -0
  375. data/third_party/boringssl/crypto/{bn → fipsmodule/bn}/internal.h +40 -27
  376. data/third_party/boringssl/crypto/{bn → fipsmodule/bn}/rsaz_exp.h +0 -0
  377. data/third_party/boringssl/crypto/{cipher → fipsmodule/cipher}/internal.h +34 -67
  378. data/third_party/boringssl/crypto/fipsmodule/delocate.h +88 -0
  379. data/third_party/boringssl/crypto/{des → fipsmodule/des}/internal.h +18 -4
  380. data/third_party/boringssl/crypto/{digest → fipsmodule/digest}/internal.h +18 -18
  381. data/third_party/boringssl/crypto/{digest → fipsmodule/digest}/md32_common.h +58 -64
  382. data/third_party/boringssl/crypto/{ec → fipsmodule/ec}/internal.h +58 -52
  383. data/third_party/boringssl/crypto/{ec → fipsmodule/ec}/p256-x86_64-table.h +11 -11
  384. data/third_party/boringssl/crypto/{ec → fipsmodule/ec}/p256-x86_64.h +32 -32
  385. data/third_party/boringssl/crypto/{rand/internal.h → fipsmodule/is_fips.c} +10 -15
  386. data/third_party/boringssl/crypto/{modes → fipsmodule/modes}/internal.h +112 -119
  387. data/third_party/boringssl/crypto/fipsmodule/rand/internal.h +92 -0
  388. data/third_party/boringssl/crypto/{rsa → fipsmodule/rsa}/internal.h +36 -49
  389. data/third_party/boringssl/crypto/hkdf/hkdf.c +6 -6
  390. data/third_party/boringssl/crypto/internal.h +301 -233
  391. data/third_party/boringssl/crypto/lhash/lhash.c +26 -45
  392. data/third_party/boringssl/crypto/mem.c +76 -33
  393. data/third_party/boringssl/crypto/obj/obj.c +44 -28
  394. data/third_party/boringssl/crypto/obj/obj_dat.h +102 -34
  395. data/third_party/boringssl/crypto/obj/obj_xref.c +6 -6
  396. data/third_party/boringssl/crypto/pem/pem_info.c +3 -5
  397. data/third_party/boringssl/crypto/pem/pem_lib.c +1 -6
  398. data/third_party/boringssl/crypto/pem/pem_pk8.c +1 -0
  399. data/third_party/boringssl/crypto/pem/pem_pkey.c +1 -1
  400. data/third_party/boringssl/crypto/pem/pem_xaux.c +0 -2
  401. data/third_party/boringssl/crypto/pkcs7/internal.h +49 -0
  402. data/third_party/boringssl/crypto/pkcs7/pkcs7.c +166 -0
  403. data/third_party/boringssl/crypto/{x509/pkcs7.c → pkcs7/pkcs7_x509.c} +27 -147
  404. data/third_party/boringssl/crypto/pkcs8/internal.h +34 -16
  405. data/third_party/boringssl/crypto/pkcs8/p5_pbev2.c +120 -39
  406. data/third_party/boringssl/crypto/pkcs8/pkcs8.c +144 -857
  407. data/third_party/boringssl/crypto/pkcs8/pkcs8_x509.c +789 -0
  408. data/third_party/boringssl/crypto/poly1305/internal.h +4 -3
  409. data/third_party/boringssl/crypto/poly1305/poly1305.c +14 -14
  410. data/third_party/boringssl/crypto/poly1305/poly1305_arm.c +11 -11
  411. data/third_party/boringssl/crypto/poly1305/poly1305_vec.c +41 -41
  412. data/third_party/boringssl/crypto/pool/internal.h +2 -2
  413. data/third_party/boringssl/crypto/pool/pool.c +15 -15
  414. data/third_party/boringssl/crypto/{rand → rand_extra}/deterministic.c +7 -7
  415. data/third_party/boringssl/crypto/rand_extra/forkunsafe.c +46 -0
  416. data/third_party/boringssl/crypto/{rand → rand_extra}/fuchsia.c +7 -7
  417. data/third_party/boringssl/crypto/rand_extra/rand_extra.c +70 -0
  418. data/third_party/boringssl/crypto/{rand → rand_extra}/windows.c +5 -5
  419. data/third_party/boringssl/crypto/refcount_c11.c +2 -2
  420. data/third_party/boringssl/crypto/refcount_lock.c +1 -1
  421. data/third_party/boringssl/crypto/{rsa → rsa_extra}/rsa_asn1.c +12 -120
  422. data/third_party/boringssl/crypto/stack/stack.c +13 -13
  423. data/third_party/boringssl/crypto/thread_none.c +1 -1
  424. data/third_party/boringssl/crypto/thread_pthread.c +1 -1
  425. data/third_party/boringssl/crypto/thread_win.c +40 -40
  426. data/third_party/boringssl/crypto/x509/a_sign.c +5 -12
  427. data/third_party/boringssl/crypto/x509/a_verify.c +6 -18
  428. data/third_party/boringssl/crypto/x509/algorithm.c +22 -6
  429. data/third_party/boringssl/crypto/x509/asn1_gen.c +30 -7
  430. data/third_party/boringssl/crypto/x509/by_dir.c +2 -2
  431. data/third_party/boringssl/crypto/x509/by_file.c +2 -2
  432. data/third_party/boringssl/crypto/x509/rsa_pss.c +5 -5
  433. data/third_party/boringssl/crypto/x509/t_x509.c +2 -1
  434. data/third_party/boringssl/crypto/x509/x509_def.c +5 -0
  435. data/third_party/boringssl/crypto/x509/x509_lu.c +35 -4
  436. data/third_party/boringssl/crypto/x509/x509_set.c +10 -0
  437. data/third_party/boringssl/crypto/x509/x509_vfy.c +20 -17
  438. data/third_party/boringssl/crypto/x509/x_name.c +13 -16
  439. data/third_party/boringssl/crypto/x509/x_x509.c +3 -3
  440. data/third_party/boringssl/crypto/x509/x_x509a.c +0 -7
  441. data/third_party/boringssl/crypto/x509v3/ext_dat.h +8 -0
  442. data/third_party/boringssl/crypto/x509v3/pcy_int.h +2 -2
  443. data/third_party/boringssl/crypto/x509v3/pcy_lib.c +0 -9
  444. data/third_party/boringssl/crypto/x509v3/pcy_node.c +1 -1
  445. data/third_party/boringssl/crypto/x509v3/pcy_tree.c +25 -15
  446. data/third_party/boringssl/crypto/x509v3/v3_alt.c +21 -11
  447. data/third_party/boringssl/crypto/x509v3/v3_cpols.c +9 -3
  448. data/third_party/boringssl/crypto/x509v3/v3_info.c +22 -14
  449. data/third_party/boringssl/crypto/x509v3/v3_ncons.c +27 -11
  450. data/third_party/boringssl/crypto/x509v3/v3_pci.c +0 -33
  451. data/third_party/boringssl/crypto/x509v3/v3_utl.c +4 -4
  452. data/third_party/boringssl/include/openssl/aead.h +280 -191
  453. data/third_party/boringssl/include/openssl/aes.h +50 -50
  454. data/third_party/boringssl/include/openssl/arm_arch.h +12 -12
  455. data/third_party/boringssl/include/openssl/asn1.h +14 -77
  456. data/third_party/boringssl/include/openssl/asn1t.h +11 -15
  457. data/third_party/boringssl/include/openssl/base.h +78 -51
  458. data/third_party/boringssl/include/openssl/base64.h +68 -68
  459. data/third_party/boringssl/include/openssl/bio.h +472 -406
  460. data/third_party/boringssl/include/openssl/blowfish.h +1 -1
  461. data/third_party/boringssl/include/openssl/bn.h +454 -435
  462. data/third_party/boringssl/include/openssl/buf.h +27 -27
  463. data/third_party/boringssl/include/openssl/bytestring.h +282 -267
  464. data/third_party/boringssl/include/openssl/cast.h +2 -2
  465. data/third_party/boringssl/include/openssl/chacha.h +5 -5
  466. data/third_party/boringssl/include/openssl/cipher.h +209 -200
  467. data/third_party/boringssl/include/openssl/cmac.h +27 -27
  468. data/third_party/boringssl/include/openssl/conf.h +49 -46
  469. data/third_party/boringssl/include/openssl/cpu.h +60 -45
  470. data/third_party/boringssl/include/openssl/crypto.h +59 -35
  471. data/third_party/boringssl/include/openssl/curve25519.h +97 -92
  472. data/third_party/boringssl/include/openssl/des.h +25 -25
  473. data/third_party/boringssl/include/openssl/dh.h +98 -97
  474. data/third_party/boringssl/include/openssl/digest.h +143 -114
  475. data/third_party/boringssl/include/openssl/dsa.h +217 -202
  476. data/third_party/boringssl/include/openssl/ec.h +132 -131
  477. data/third_party/boringssl/include/openssl/ec_key.h +132 -128
  478. data/third_party/boringssl/include/openssl/ecdh.h +9 -9
  479. data/third_party/boringssl/include/openssl/ecdsa.h +66 -66
  480. data/third_party/boringssl/include/openssl/engine.h +38 -38
  481. data/third_party/boringssl/include/openssl/err.h +189 -219
  482. data/third_party/boringssl/include/openssl/evp.h +473 -397
  483. data/third_party/boringssl/include/openssl/ex_data.h +46 -56
  484. data/third_party/boringssl/include/openssl/hkdf.h +17 -17
  485. data/third_party/boringssl/include/openssl/hmac.h +55 -43
  486. data/third_party/boringssl/include/openssl/is_boringssl.h +16 -0
  487. data/third_party/boringssl/include/openssl/lhash.h +67 -67
  488. data/third_party/boringssl/include/openssl/lhash_macros.h +4 -4
  489. data/third_party/boringssl/include/openssl/md4.h +14 -14
  490. data/third_party/boringssl/include/openssl/md5.h +14 -14
  491. data/third_party/boringssl/include/openssl/mem.h +39 -33
  492. data/third_party/boringssl/include/openssl/nid.h +43 -0
  493. data/third_party/boringssl/include/openssl/obj.h +93 -87
  494. data/third_party/boringssl/include/openssl/opensslconf.h +8 -1
  495. data/third_party/boringssl/include/openssl/pem.h +2 -122
  496. data/third_party/boringssl/include/openssl/pkcs7.h +68 -2
  497. data/third_party/boringssl/include/openssl/pkcs8.h +81 -66
  498. data/third_party/boringssl/include/openssl/poly1305.h +11 -11
  499. data/third_party/boringssl/include/openssl/pool.h +29 -25
  500. data/third_party/boringssl/include/openssl/rand.h +48 -45
  501. data/third_party/boringssl/include/openssl/rc4.h +9 -9
  502. data/third_party/boringssl/include/openssl/ripemd.h +13 -13
  503. data/third_party/boringssl/include/openssl/rsa.h +371 -340
  504. data/third_party/boringssl/include/openssl/sha.h +71 -71
  505. data/third_party/boringssl/include/openssl/span.h +191 -0
  506. data/third_party/boringssl/include/openssl/ssl.h +2639 -2519
  507. data/third_party/boringssl/include/openssl/ssl3.h +39 -122
  508. data/third_party/boringssl/include/openssl/stack.h +355 -164
  509. data/third_party/boringssl/include/openssl/thread.h +43 -43
  510. data/third_party/boringssl/include/openssl/tls1.h +60 -63
  511. data/third_party/boringssl/include/openssl/type_check.h +10 -14
  512. data/third_party/boringssl/include/openssl/x509.h +41 -116
  513. data/third_party/boringssl/include/openssl/x509_vfy.h +17 -25
  514. data/third_party/boringssl/include/openssl/x509v3.h +27 -21
  515. data/third_party/boringssl/ssl/{bio_ssl.c → bio_ssl.cc} +9 -5
  516. data/third_party/boringssl/ssl/{custom_extensions.c → custom_extensions.cc} +19 -12
  517. data/third_party/boringssl/ssl/{d1_both.c → d1_both.cc} +224 -193
  518. data/third_party/boringssl/ssl/{d1_lib.c → d1_lib.cc} +86 -79
  519. data/third_party/boringssl/ssl/{d1_pkt.c → d1_pkt.cc} +55 -87
  520. data/third_party/boringssl/ssl/{d1_srtp.c → d1_srtp.cc} +12 -16
  521. data/third_party/boringssl/ssl/{dtls_method.c → dtls_method.cc} +33 -50
  522. data/third_party/boringssl/ssl/{dtls_record.c → dtls_record.cc} +76 -64
  523. data/third_party/boringssl/ssl/handshake.cc +547 -0
  524. data/third_party/boringssl/ssl/handshake_client.cc +1828 -0
  525. data/third_party/boringssl/ssl/handshake_server.cc +1672 -0
  526. data/third_party/boringssl/ssl/internal.h +2027 -1280
  527. data/third_party/boringssl/ssl/s3_both.cc +603 -0
  528. data/third_party/boringssl/ssl/{s3_lib.c → s3_lib.cc} +22 -10
  529. data/third_party/boringssl/ssl/{s3_pkt.c → s3_pkt.cc} +171 -75
  530. data/third_party/boringssl/ssl/ssl_aead_ctx.cc +415 -0
  531. data/third_party/boringssl/ssl/{ssl_asn1.c → ssl_asn1.cc} +257 -261
  532. data/third_party/boringssl/ssl/{ssl_buffer.c → ssl_buffer.cc} +81 -97
  533. data/third_party/boringssl/ssl/{ssl_cert.c → ssl_cert.cc} +304 -414
  534. data/third_party/boringssl/ssl/{ssl_cipher.c → ssl_cipher.cc} +427 -505
  535. data/third_party/boringssl/ssl/{ssl_file.c → ssl_file.cc} +24 -16
  536. data/third_party/boringssl/ssl/ssl_key_share.cc +245 -0
  537. data/third_party/boringssl/ssl/{ssl_lib.c → ssl_lib.cc} +665 -828
  538. data/third_party/boringssl/ssl/ssl_privkey.cc +518 -0
  539. data/third_party/boringssl/ssl/{ssl_session.c → ssl_session.cc} +596 -471
  540. data/third_party/boringssl/ssl/{ssl_stat.c → ssl_stat.cc} +5 -224
  541. data/third_party/boringssl/ssl/{ssl_transcript.c → ssl_transcript.cc} +117 -140
  542. data/third_party/boringssl/ssl/ssl_versions.cc +439 -0
  543. data/third_party/boringssl/ssl/{ssl_x509.c → ssl_x509.cc} +751 -267
  544. data/third_party/boringssl/ssl/{t1_enc.c → t1_enc.cc} +120 -161
  545. data/third_party/boringssl/ssl/{t1_lib.c → t1_lib.cc} +859 -966
  546. data/third_party/boringssl/ssl/{tls13_both.c → tls13_both.cc} +202 -284
  547. data/third_party/boringssl/ssl/tls13_client.cc +842 -0
  548. data/third_party/boringssl/ssl/{tls13_enc.c → tls13_enc.cc} +108 -90
  549. data/third_party/boringssl/ssl/tls13_server.cc +967 -0
  550. data/third_party/boringssl/ssl/{tls_method.c → tls_method.cc} +94 -73
  551. data/third_party/boringssl/ssl/tls_record.cc +675 -0
  552. metadata +117 -168
  553. data/include/grpc/support/cmdline.h +0 -88
  554. data/include/grpc/support/subprocess.h +0 -44
  555. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.h +0 -29
  556. data/src/core/ext/filters/client_channel/resolver_factory.cc +0 -40
  557. data/src/core/lib/gpr/cmdline.cc +0 -330
  558. data/src/core/lib/gpr/subprocess_posix.cc +0 -99
  559. data/src/core/lib/gpr/subprocess_windows.cc +0 -126
  560. data/src/core/lib/surface/alarm.cc +0 -137
  561. data/src/core/lib/surface/alarm_internal.h +0 -40
  562. data/src/core/tsi/gts_transport_security.cc +0 -40
  563. data/third_party/boringssl/crypto/aes/aes.c +0 -1142
  564. data/third_party/boringssl/crypto/aes/internal.h +0 -87
  565. data/third_party/boringssl/crypto/aes/key_wrap.c +0 -138
  566. data/third_party/boringssl/crypto/aes/mode_wrappers.c +0 -112
  567. data/third_party/boringssl/crypto/asn1/x_long.c +0 -200
  568. data/third_party/boringssl/crypto/bn/add.c +0 -377
  569. data/third_party/boringssl/crypto/bn/asm/x86_64-gcc.c +0 -532
  570. data/third_party/boringssl/crypto/bn/bn.c +0 -365
  571. data/third_party/boringssl/crypto/bn/cmp.c +0 -239
  572. data/third_party/boringssl/crypto/bn/ctx.c +0 -313
  573. data/third_party/boringssl/crypto/bn/div.c +0 -728
  574. data/third_party/boringssl/crypto/bn/exponentiation.c +0 -1240
  575. data/third_party/boringssl/crypto/bn/gcd.c +0 -635
  576. data/third_party/boringssl/crypto/bn/generic.c +0 -707
  577. data/third_party/boringssl/crypto/bn/kronecker.c +0 -176
  578. data/third_party/boringssl/crypto/bn/montgomery.c +0 -409
  579. data/third_party/boringssl/crypto/bn/montgomery_inv.c +0 -207
  580. data/third_party/boringssl/crypto/bn/mul.c +0 -871
  581. data/third_party/boringssl/crypto/bn/prime.c +0 -861
  582. data/third_party/boringssl/crypto/bn/random.c +0 -343
  583. data/third_party/boringssl/crypto/bn/rsaz_exp.c +0 -254
  584. data/third_party/boringssl/crypto/bn/shift.c +0 -307
  585. data/third_party/boringssl/crypto/bn/sqrt.c +0 -506
  586. data/third_party/boringssl/crypto/cipher/aead.c +0 -156
  587. data/third_party/boringssl/crypto/cipher/cipher.c +0 -657
  588. data/third_party/boringssl/crypto/cipher/e_aes.c +0 -1771
  589. data/third_party/boringssl/crypto/cipher/e_chacha20poly1305.c +0 -276
  590. data/third_party/boringssl/crypto/cipher/e_des.c +0 -205
  591. data/third_party/boringssl/crypto/cipher/tls_cbc.c +0 -482
  592. data/third_party/boringssl/crypto/des/des.c +0 -771
  593. data/third_party/boringssl/crypto/digest/digest.c +0 -251
  594. data/third_party/boringssl/crypto/digest/digests.c +0 -358
  595. data/third_party/boringssl/crypto/ec/ec.c +0 -847
  596. data/third_party/boringssl/crypto/ec/ec_key.c +0 -479
  597. data/third_party/boringssl/crypto/ec/ec_montgomery.c +0 -303
  598. data/third_party/boringssl/crypto/ec/oct.c +0 -416
  599. data/third_party/boringssl/crypto/ec/p224-64.c +0 -1143
  600. data/third_party/boringssl/crypto/ec/p256-64.c +0 -1701
  601. data/third_party/boringssl/crypto/ec/p256-x86_64.c +0 -561
  602. data/third_party/boringssl/crypto/ec/simple.c +0 -1118
  603. data/third_party/boringssl/crypto/ec/util-64.c +0 -109
  604. data/third_party/boringssl/crypto/ec/wnaf.c +0 -458
  605. data/third_party/boringssl/crypto/ecdsa/ecdsa.c +0 -479
  606. data/third_party/boringssl/crypto/hmac/hmac.c +0 -215
  607. data/third_party/boringssl/crypto/md4/md4.c +0 -236
  608. data/third_party/boringssl/crypto/md5/md5.c +0 -285
  609. data/third_party/boringssl/crypto/modes/cbc.c +0 -212
  610. data/third_party/boringssl/crypto/modes/cfb.c +0 -230
  611. data/third_party/boringssl/crypto/modes/ctr.c +0 -219
  612. data/third_party/boringssl/crypto/modes/gcm.c +0 -1071
  613. data/third_party/boringssl/crypto/modes/ofb.c +0 -95
  614. data/third_party/boringssl/crypto/modes/polyval.c +0 -94
  615. data/third_party/boringssl/crypto/pkcs8/p8_pkey.c +0 -85
  616. data/third_party/boringssl/crypto/rand/rand.c +0 -244
  617. data/third_party/boringssl/crypto/rand/urandom.c +0 -335
  618. data/third_party/boringssl/crypto/rsa/blinding.c +0 -265
  619. data/third_party/boringssl/crypto/rsa/padding.c +0 -708
  620. data/third_party/boringssl/crypto/rsa/rsa.c +0 -830
  621. data/third_party/boringssl/crypto/rsa/rsa_impl.c +0 -1100
  622. data/third_party/boringssl/crypto/sha/sha1-altivec.c +0 -346
  623. data/third_party/boringssl/crypto/sha/sha1.c +0 -355
  624. data/third_party/boringssl/crypto/sha/sha256.c +0 -329
  625. data/third_party/boringssl/crypto/sha/sha512.c +0 -609
  626. data/third_party/boringssl/crypto/x509/x509type.c +0 -126
  627. data/third_party/boringssl/include/openssl/stack_macros.h +0 -3987
  628. data/third_party/boringssl/ssl/handshake_client.c +0 -1883
  629. data/third_party/boringssl/ssl/handshake_server.c +0 -1950
  630. data/third_party/boringssl/ssl/s3_both.c +0 -895
  631. data/third_party/boringssl/ssl/ssl_aead_ctx.c +0 -335
  632. data/third_party/boringssl/ssl/ssl_ecdh.c +0 -465
  633. data/third_party/boringssl/ssl/ssl_privkey.c +0 -683
  634. data/third_party/boringssl/ssl/ssl_privkey_cc.cc +0 -76
  635. data/third_party/boringssl/ssl/tls13_client.c +0 -712
  636. data/third_party/boringssl/ssl/tls13_server.c +0 -680
  637. data/third_party/boringssl/ssl/tls_record.c +0 -556
@@ -17,108 +17,46 @@
17
17
  #include <assert.h>
18
18
  #include <string.h>
19
19
 
20
+ #include <utility>
21
+
20
22
  #include <openssl/bytestring.h>
21
23
  #include <openssl/err.h>
22
24
  #include <openssl/hkdf.h>
23
25
  #include <openssl/mem.h>
24
26
  #include <openssl/stack.h>
25
27
  #include <openssl/x509.h>
26
- #include <openssl/x509v3.h>
27
28
 
28
29
  #include "../crypto/internal.h"
29
30
  #include "internal.h"
30
31
 
31
32
 
32
- /* kMaxKeyUpdates is the number of consecutive KeyUpdates that will be
33
- * processed. Without this limit an attacker could force unbounded processing
34
- * without being able to return application data. */
35
- static const uint8_t kMaxKeyUpdates = 32;
36
-
37
- int tls13_handshake(SSL_HANDSHAKE *hs) {
38
- SSL *const ssl = hs->ssl;
39
- for (;;) {
40
- /* Resolve the operation the handshake was waiting on. */
41
- switch (hs->wait) {
42
- case ssl_hs_error:
43
- OPENSSL_PUT_ERROR(SSL, SSL_R_SSL_HANDSHAKE_FAILURE);
44
- return -1;
45
-
46
- case ssl_hs_flush:
47
- case ssl_hs_flush_and_read_message: {
48
- int ret = ssl->method->flush_flight(ssl);
49
- if (ret <= 0) {
50
- return ret;
51
- }
52
- if (hs->wait != ssl_hs_flush_and_read_message) {
53
- break;
54
- }
55
- ssl->method->expect_flight(ssl);
56
- hs->wait = ssl_hs_read_message;
57
- /* Fall-through. */
58
- }
59
-
60
- case ssl_hs_read_message: {
61
- int ret = ssl->method->ssl_get_message(ssl);
62
- if (ret <= 0) {
63
- return ret;
64
- }
65
- break;
66
- }
67
-
68
- case ssl_hs_x509_lookup:
69
- ssl->rwstate = SSL_X509_LOOKUP;
70
- hs->wait = ssl_hs_ok;
71
- return -1;
72
-
73
- case ssl_hs_channel_id_lookup:
74
- ssl->rwstate = SSL_CHANNEL_ID_LOOKUP;
75
- hs->wait = ssl_hs_ok;
76
- return -1;
77
-
78
- case ssl_hs_private_key_operation:
79
- ssl->rwstate = SSL_PRIVATE_KEY_OPERATION;
80
- hs->wait = ssl_hs_ok;
81
- return -1;
82
-
83
- case ssl_hs_ok:
84
- break;
85
- }
86
-
87
- /* Run the state machine again. */
88
- hs->wait = hs->do_tls13_handshake(hs);
89
- if (hs->wait == ssl_hs_error) {
90
- /* Don't loop around to avoid a stray |SSL_R_SSL_HANDSHAKE_FAILURE| the
91
- * first time around. */
92
- return -1;
93
- }
94
- if (hs->wait == ssl_hs_ok) {
95
- /* The handshake has completed. */
96
- return 1;
97
- }
33
+ namespace bssl {
98
34
 
99
- /* Otherwise, loop to the beginning and resolve what was blocking the
100
- * handshake. */
101
- }
102
- }
35
+ // kMaxKeyUpdates is the number of consecutive KeyUpdates that will be
36
+ // processed. Without this limit an attacker could force unbounded processing
37
+ // without being able to return application data.
38
+ static const uint8_t kMaxKeyUpdates = 32;
103
39
 
104
40
  int tls13_get_cert_verify_signature_input(
105
41
  SSL_HANDSHAKE *hs, uint8_t **out, size_t *out_len,
106
42
  enum ssl_cert_verify_context_t cert_verify_context) {
107
- CBB cbb;
108
- if (!CBB_init(&cbb, 64 + 33 + 1 + 2 * EVP_MAX_MD_SIZE)) {
109
- goto err;
43
+ ScopedCBB cbb;
44
+ if (!CBB_init(cbb.get(), 64 + 33 + 1 + 2 * EVP_MAX_MD_SIZE)) {
45
+ OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
46
+ return 0;
110
47
  }
111
48
 
112
49
  for (size_t i = 0; i < 64; i++) {
113
- if (!CBB_add_u8(&cbb, 0x20)) {
114
- goto err;
50
+ if (!CBB_add_u8(cbb.get(), 0x20)) {
51
+ OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
52
+ return 0;
115
53
  }
116
54
  }
117
55
 
118
56
  const uint8_t *context;
119
57
  size_t context_len;
120
58
  if (cert_verify_context == ssl_cert_verify_server) {
121
- /* Include the NUL byte. */
59
+ // Include the NUL byte.
122
60
  static const char kContext[] = "TLS 1.3, server CertificateVerify";
123
61
  context = (const uint8_t *)kContext;
124
62
  context_len = sizeof(kContext);
@@ -131,59 +69,50 @@ int tls13_get_cert_verify_signature_input(
131
69
  context = (const uint8_t *)kContext;
132
70
  context_len = sizeof(kContext);
133
71
  } else {
134
- goto err;
72
+ OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
73
+ return 0;
135
74
  }
136
75
 
137
- if (!CBB_add_bytes(&cbb, context, context_len)) {
138
- goto err;
76
+ if (!CBB_add_bytes(cbb.get(), context, context_len)) {
77
+ OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
78
+ return 0;
139
79
  }
140
80
 
141
81
  uint8_t context_hash[EVP_MAX_MD_SIZE];
142
82
  size_t context_hash_len;
143
- if (!SSL_TRANSCRIPT_get_hash(&hs->transcript, context_hash,
144
- &context_hash_len) ||
145
- !CBB_add_bytes(&cbb, context_hash, context_hash_len) ||
146
- !CBB_finish(&cbb, out, out_len)) {
147
- goto err;
83
+ if (!hs->transcript.GetHash(context_hash, &context_hash_len) ||
84
+ !CBB_add_bytes(cbb.get(), context_hash, context_hash_len) ||
85
+ !CBB_finish(cbb.get(), out, out_len)) {
86
+ OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
87
+ return 0;
148
88
  }
149
89
 
150
90
  return 1;
151
-
152
- err:
153
- OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
154
- CBB_cleanup(&cbb);
155
- return 0;
156
91
  }
157
92
 
158
- int tls13_process_certificate(SSL_HANDSHAKE *hs, int allow_anonymous) {
93
+ int tls13_process_certificate(SSL_HANDSHAKE *hs, const SSLMessage &msg,
94
+ int allow_anonymous) {
159
95
  SSL *const ssl = hs->ssl;
160
- CBS cbs, context, certificate_list;
161
- CBS_init(&cbs, ssl->init_msg, ssl->init_num);
162
- if (!CBS_get_u8_length_prefixed(&cbs, &context) ||
163
- CBS_len(&context) != 0) {
96
+ CBS body = msg.body, context, certificate_list;
97
+ if (!CBS_get_u8_length_prefixed(&body, &context) ||
98
+ CBS_len(&context) != 0 ||
99
+ !CBS_get_u24_length_prefixed(&body, &certificate_list) ||
100
+ CBS_len(&body) != 0) {
164
101
  ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
165
102
  OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
166
103
  return 0;
167
104
  }
168
105
 
169
- const int retain_sha256 =
170
- ssl->server && ssl->retain_only_sha256_of_client_certs;
171
- int ret = 0;
172
-
173
- EVP_PKEY *pkey = NULL;
174
- STACK_OF(CRYPTO_BUFFER) *certs = sk_CRYPTO_BUFFER_new_null();
175
- if (certs == NULL) {
106
+ UniquePtr<STACK_OF(CRYPTO_BUFFER)> certs(sk_CRYPTO_BUFFER_new_null());
107
+ if (!certs) {
176
108
  ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
177
109
  OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
178
- goto err;
179
- }
180
-
181
- if (!CBS_get_u24_length_prefixed(&cbs, &certificate_list)) {
182
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
183
- OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
184
- goto err;
110
+ return 0;
185
111
  }
186
112
 
113
+ const bool retain_sha256 =
114
+ ssl->server && ssl->retain_only_sha256_of_client_certs;
115
+ UniquePtr<EVP_PKEY> pkey;
187
116
  while (CBS_len(&certificate_list) > 0) {
188
117
  CBS certificate, extensions;
189
118
  if (!CBS_get_u24_length_prefixed(&certificate_list, &certificate) ||
@@ -191,42 +120,41 @@ int tls13_process_certificate(SSL_HANDSHAKE *hs, int allow_anonymous) {
191
120
  CBS_len(&certificate) == 0) {
192
121
  ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
193
122
  OPENSSL_PUT_ERROR(SSL, SSL_R_CERT_LENGTH_MISMATCH);
194
- goto err;
123
+ return 0;
195
124
  }
196
125
 
197
- if (sk_CRYPTO_BUFFER_num(certs) == 0) {
126
+ if (sk_CRYPTO_BUFFER_num(certs.get()) == 0) {
198
127
  pkey = ssl_cert_parse_pubkey(&certificate);
199
- if (pkey == NULL) {
128
+ if (!pkey) {
200
129
  ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
201
130
  OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
202
- goto err;
131
+ return 0;
203
132
  }
204
- /* TLS 1.3 always uses certificate keys for signing thus the correct
205
- * keyUsage is enforced. */
133
+ // TLS 1.3 always uses certificate keys for signing thus the correct
134
+ // keyUsage is enforced.
206
135
  if (!ssl_cert_check_digital_signature_key_usage(&certificate)) {
207
136
  ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
208
- goto err;
137
+ return 0;
209
138
  }
210
139
 
211
140
  if (retain_sha256) {
212
- /* Retain the hash of the leaf certificate if requested. */
141
+ // Retain the hash of the leaf certificate if requested.
213
142
  SHA256(CBS_data(&certificate), CBS_len(&certificate),
214
143
  hs->new_session->peer_sha256);
215
144
  }
216
145
  }
217
146
 
218
- CRYPTO_BUFFER *buf =
219
- CRYPTO_BUFFER_new_from_CBS(&certificate, ssl->ctx->pool);
220
- if (buf == NULL ||
221
- !sk_CRYPTO_BUFFER_push(certs, buf)) {
222
- CRYPTO_BUFFER_free(buf);
147
+ UniquePtr<CRYPTO_BUFFER> buf(
148
+ CRYPTO_BUFFER_new_from_CBS(&certificate, ssl->ctx->pool));
149
+ if (!buf ||
150
+ !PushToStack(certs.get(), std::move(buf))) {
223
151
  ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
224
152
  OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
225
- goto err;
153
+ return 0;
226
154
  }
227
155
 
228
- /* Parse out the extensions. */
229
- int have_status_request = 0, have_sct = 0;
156
+ // Parse out the extensions.
157
+ bool have_status_request = false, have_sct = false;
230
158
  CBS status_request, sct;
231
159
  const SSL_EXTENSION_TYPE ext_types[] = {
232
160
  {TLSEXT_TYPE_status_request, &have_status_request, &status_request},
@@ -238,16 +166,16 @@ int tls13_process_certificate(SSL_HANDSHAKE *hs, int allow_anonymous) {
238
166
  OPENSSL_ARRAY_SIZE(ext_types),
239
167
  0 /* reject unknown */)) {
240
168
  ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
241
- goto err;
169
+ return 0;
242
170
  }
243
171
 
244
- /* All Certificate extensions are parsed, but only the leaf extensions are
245
- * stored. */
172
+ // All Certificate extensions are parsed, but only the leaf extensions are
173
+ // stored.
246
174
  if (have_status_request) {
247
175
  if (ssl->server || !ssl->ocsp_stapling_enabled) {
248
176
  OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
249
177
  ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNSUPPORTED_EXTENSION);
250
- goto err;
178
+ return 0;
251
179
  }
252
180
 
253
181
  uint8_t status_type;
@@ -258,14 +186,17 @@ int tls13_process_certificate(SSL_HANDSHAKE *hs, int allow_anonymous) {
258
186
  CBS_len(&ocsp_response) == 0 ||
259
187
  CBS_len(&status_request) != 0) {
260
188
  ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
261
- goto err;
189
+ return 0;
262
190
  }
263
191
 
264
- if (sk_CRYPTO_BUFFER_num(certs) == 1 &&
265
- !CBS_stow(&ocsp_response, &hs->new_session->ocsp_response,
266
- &hs->new_session->ocsp_response_length)) {
267
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
268
- goto err;
192
+ if (sk_CRYPTO_BUFFER_num(certs.get()) == 1) {
193
+ CRYPTO_BUFFER_free(hs->new_session->ocsp_response);
194
+ hs->new_session->ocsp_response =
195
+ CRYPTO_BUFFER_new_from_CBS(&ocsp_response, ssl->ctx->pool);
196
+ if (hs->new_session->ocsp_response == nullptr) {
197
+ ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
198
+ return 0;
199
+ }
269
200
  }
270
201
  }
271
202
 
@@ -273,114 +204,100 @@ int tls13_process_certificate(SSL_HANDSHAKE *hs, int allow_anonymous) {
273
204
  if (ssl->server || !ssl->signed_cert_timestamps_enabled) {
274
205
  OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
275
206
  ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNSUPPORTED_EXTENSION);
276
- goto err;
207
+ return 0;
277
208
  }
278
209
 
279
210
  if (!ssl_is_sct_list_valid(&sct)) {
280
211
  OPENSSL_PUT_ERROR(SSL, SSL_R_ERROR_PARSING_EXTENSION);
281
212
  ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
282
- goto err;
213
+ return 0;
283
214
  }
284
215
 
285
- if (sk_CRYPTO_BUFFER_num(certs) == 1 &&
286
- !CBS_stow(
287
- &sct, &hs->new_session->tlsext_signed_cert_timestamp_list,
288
- &hs->new_session->tlsext_signed_cert_timestamp_list_length)) {
289
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
290
- goto err;
216
+ if (sk_CRYPTO_BUFFER_num(certs.get()) == 1) {
217
+ CRYPTO_BUFFER_free(hs->new_session->signed_cert_timestamp_list);
218
+ hs->new_session->signed_cert_timestamp_list =
219
+ CRYPTO_BUFFER_new_from_CBS(&sct, ssl->ctx->pool);
220
+ if (hs->new_session->signed_cert_timestamp_list == nullptr) {
221
+ ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
222
+ return 0;
223
+ }
291
224
  }
292
225
  }
293
226
  }
294
227
 
295
- if (CBS_len(&cbs) != 0) {
296
- OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
297
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
298
- goto err;
228
+ // Store a null certificate list rather than an empty one if the peer didn't
229
+ // send certificates.
230
+ if (sk_CRYPTO_BUFFER_num(certs.get()) == 0) {
231
+ certs.reset();
299
232
  }
300
233
 
301
- EVP_PKEY_free(hs->peer_pubkey);
302
- hs->peer_pubkey = pkey;
303
- pkey = NULL;
234
+ hs->peer_pubkey = std::move(pkey);
304
235
 
305
236
  sk_CRYPTO_BUFFER_pop_free(hs->new_session->certs, CRYPTO_BUFFER_free);
306
- hs->new_session->certs = certs;
307
- certs = NULL;
237
+ hs->new_session->certs = certs.release();
308
238
 
309
- if (!ssl->ctx->x509_method->session_cache_objects(hs->new_session)) {
239
+ if (!ssl->ctx->x509_method->session_cache_objects(hs->new_session.get())) {
310
240
  OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
311
241
  ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
312
- goto err;
242
+ return 0;
313
243
  }
314
244
 
315
245
  if (sk_CRYPTO_BUFFER_num(hs->new_session->certs) == 0) {
316
246
  if (!allow_anonymous) {
317
247
  OPENSSL_PUT_ERROR(SSL, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
318
248
  ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_CERTIFICATE_REQUIRED);
319
- goto err;
249
+ return 0;
320
250
  }
321
251
 
322
- /* OpenSSL returns X509_V_OK when no certificates are requested. This is
323
- * classed by them as a bug, but it's assumed by at least NGINX. */
252
+ // OpenSSL returns X509_V_OK when no certificates are requested. This is
253
+ // classed by them as a bug, but it's assumed by at least NGINX.
324
254
  hs->new_session->verify_result = X509_V_OK;
325
255
 
326
- /* No certificate, so nothing more to do. */
327
- ret = 1;
328
- goto err;
256
+ // No certificate, so nothing more to do.
257
+ return 1;
329
258
  }
330
259
 
331
260
  hs->new_session->peer_sha256_valid = retain_sha256;
332
-
333
- if (!ssl_verify_cert_chain(ssl, &hs->new_session->verify_result,
334
- hs->new_session->x509_chain)) {
335
- goto err;
336
- }
337
-
338
- ret = 1;
339
-
340
- err:
341
- sk_CRYPTO_BUFFER_pop_free(certs, CRYPTO_BUFFER_free);
342
- EVP_PKEY_free(pkey);
343
- return ret;
261
+ return 1;
344
262
  }
345
263
 
346
- int tls13_process_certificate_verify(SSL_HANDSHAKE *hs) {
264
+ int tls13_process_certificate_verify(SSL_HANDSHAKE *hs, const SSLMessage &msg) {
347
265
  SSL *const ssl = hs->ssl;
348
- int ret = 0;
349
- uint8_t *msg = NULL;
350
- size_t msg_len;
351
-
352
266
  if (hs->peer_pubkey == NULL) {
353
- goto err;
267
+ OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
268
+ return 0;
354
269
  }
355
270
 
356
- CBS cbs, signature;
271
+ CBS body = msg.body, signature;
357
272
  uint16_t signature_algorithm;
358
- CBS_init(&cbs, ssl->init_msg, ssl->init_num);
359
- if (!CBS_get_u16(&cbs, &signature_algorithm) ||
360
- !CBS_get_u16_length_prefixed(&cbs, &signature) ||
361
- CBS_len(&cbs) != 0) {
273
+ if (!CBS_get_u16(&body, &signature_algorithm) ||
274
+ !CBS_get_u16_length_prefixed(&body, &signature) ||
275
+ CBS_len(&body) != 0) {
362
276
  OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
363
277
  ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
364
- goto err;
278
+ return 0;
365
279
  }
366
280
 
367
- int al;
368
- if (!tls12_check_peer_sigalg(ssl, &al, signature_algorithm)) {
369
- ssl3_send_alert(ssl, SSL3_AL_FATAL, al);
370
- goto err;
281
+ uint8_t alert = SSL_AD_DECODE_ERROR;
282
+ if (!tls12_check_peer_sigalg(ssl, &alert, signature_algorithm)) {
283
+ ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
284
+ return 0;
371
285
  }
372
286
  hs->new_session->peer_signature_algorithm = signature_algorithm;
373
287
 
288
+ uint8_t *input = NULL;
289
+ size_t input_len;
374
290
  if (!tls13_get_cert_verify_signature_input(
375
- hs, &msg, &msg_len,
291
+ hs, &input, &input_len,
376
292
  ssl->server ? ssl_cert_verify_client : ssl_cert_verify_server)) {
377
293
  ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
378
- goto err;
294
+ return 0;
379
295
  }
296
+ UniquePtr<uint8_t> free_input(input);
380
297
 
381
- int sig_ok =
382
- ssl_public_key_verify(ssl, CBS_data(&signature), CBS_len(&signature),
383
- signature_algorithm, hs->peer_pubkey, msg, msg_len);
298
+ int sig_ok = ssl_public_key_verify(ssl, CBS_data(&signature),
299
+ CBS_len(&signature), signature_algorithm,
300
+ hs->peer_pubkey.get(), input, input_len);
384
301
  #if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
385
302
  sig_ok = 1;
386
303
  ERR_clear_error();
@@ -388,27 +305,31 @@ int tls13_process_certificate_verify(SSL_HANDSHAKE *hs) {
388
305
  if (!sig_ok) {
389
306
  OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SIGNATURE);
390
307
  ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
391
- goto err;
308
+ return 0;
392
309
  }
393
310
 
394
- ret = 1;
395
-
396
- err:
397
- OPENSSL_free(msg);
398
- return ret;
311
+ return 1;
399
312
  }
400
313
 
401
- int tls13_process_finished(SSL_HANDSHAKE *hs) {
314
+ int tls13_process_finished(SSL_HANDSHAKE *hs, const SSLMessage &msg,
315
+ int use_saved_value) {
402
316
  SSL *const ssl = hs->ssl;
403
- uint8_t verify_data[EVP_MAX_MD_SIZE];
317
+ uint8_t verify_data_buf[EVP_MAX_MD_SIZE];
318
+ const uint8_t *verify_data;
404
319
  size_t verify_data_len;
405
- if (!tls13_finished_mac(hs, verify_data, &verify_data_len, !ssl->server)) {
406
- return 0;
320
+ if (use_saved_value) {
321
+ assert(ssl->server);
322
+ verify_data = hs->expected_client_finished;
323
+ verify_data_len = hs->hash_len;
324
+ } else {
325
+ if (!tls13_finished_mac(hs, verify_data_buf, &verify_data_len,
326
+ !ssl->server)) {
327
+ return 0;
328
+ }
329
+ verify_data = verify_data_buf;
407
330
  }
408
331
 
409
- int finished_ok =
410
- ssl->init_num == verify_data_len &&
411
- CRYPTO_memcmp(verify_data, ssl->init_msg, verify_data_len) == 0;
332
+ int finished_ok = CBS_mem_equal(&msg.body, verify_data, verify_data_len);
412
333
  #if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
413
334
  finished_ok = 1;
414
335
  #endif
@@ -423,21 +344,18 @@ int tls13_process_finished(SSL_HANDSHAKE *hs) {
423
344
 
424
345
  int tls13_add_certificate(SSL_HANDSHAKE *hs) {
425
346
  SSL *const ssl = hs->ssl;
426
- CBB cbb, body, certificate_list;
427
- if (!ssl->method->init_message(ssl, &cbb, &body, SSL3_MT_CERTIFICATE) ||
428
- /* The request context is always empty in the handshake. */
347
+ ScopedCBB cbb;
348
+ CBB body, certificate_list;
349
+ if (!ssl->method->init_message(ssl, cbb.get(), &body, SSL3_MT_CERTIFICATE) ||
350
+ // The request context is always empty in the handshake.
429
351
  !CBB_add_u8(&body, 0) ||
430
352
  !CBB_add_u24_length_prefixed(&body, &certificate_list)) {
431
353
  OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
432
- goto err;
354
+ return 0;
433
355
  }
434
356
 
435
357
  if (!ssl_has_certificate(ssl)) {
436
- if (!ssl_add_message_cbb(ssl, &cbb)) {
437
- goto err;
438
- }
439
-
440
- return 1;
358
+ return ssl_add_message_cbb(ssl, cbb.get());
441
359
  }
442
360
 
443
361
  CERT *cert = ssl->cert;
@@ -448,7 +366,7 @@ int tls13_add_certificate(SSL_HANDSHAKE *hs) {
448
366
  CRYPTO_BUFFER_len(leaf_buf)) ||
449
367
  !CBB_add_u16_length_prefixed(&certificate_list, &extensions)) {
450
368
  OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
451
- goto err;
369
+ return 0;
452
370
  }
453
371
 
454
372
  if (hs->scts_requested && ssl->cert->signed_cert_timestamp_list != NULL) {
@@ -461,7 +379,7 @@ int tls13_add_certificate(SSL_HANDSHAKE *hs) {
461
379
  CRYPTO_BUFFER_len(ssl->cert->signed_cert_timestamp_list)) ||
462
380
  !CBB_flush(&extensions)) {
463
381
  OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
464
- goto err;
382
+ return 0;
465
383
  }
466
384
  }
467
385
 
@@ -477,7 +395,7 @@ int tls13_add_certificate(SSL_HANDSHAKE *hs) {
477
395
  CRYPTO_BUFFER_len(ssl->cert->ocsp_response)) ||
478
396
  !CBB_flush(&extensions)) {
479
397
  OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
480
- goto err;
398
+ return 0;
481
399
  }
482
400
  }
483
401
 
@@ -489,82 +407,62 @@ int tls13_add_certificate(SSL_HANDSHAKE *hs) {
489
407
  CRYPTO_BUFFER_len(cert_buf)) ||
490
408
  !CBB_add_u16(&certificate_list, 0 /* no extensions */)) {
491
409
  OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
492
- goto err;
410
+ return 0;
493
411
  }
494
412
  }
495
413
 
496
- if (!ssl_add_message_cbb(ssl, &cbb)) {
497
- goto err;
498
- }
499
-
500
- return 1;
501
-
502
- err:
503
- CBB_cleanup(&cbb);
504
- return 0;
414
+ return ssl_add_message_cbb(ssl, cbb.get());
505
415
  }
506
416
 
507
- enum ssl_private_key_result_t tls13_add_certificate_verify(SSL_HANDSHAKE *hs,
508
- int is_first_run) {
417
+ enum ssl_private_key_result_t tls13_add_certificate_verify(SSL_HANDSHAKE *hs) {
509
418
  SSL *const ssl = hs->ssl;
510
- enum ssl_private_key_result_t ret = ssl_private_key_failure;
511
- uint8_t *msg = NULL;
512
- size_t msg_len;
513
- CBB cbb, body;
514
- CBB_zero(&cbb);
515
-
516
419
  uint16_t signature_algorithm;
517
420
  if (!tls1_choose_signature_algorithm(hs, &signature_algorithm)) {
518
- goto err;
421
+ return ssl_private_key_failure;
519
422
  }
520
- if (!ssl->method->init_message(ssl, &cbb, &body,
423
+
424
+ ScopedCBB cbb;
425
+ CBB body;
426
+ if (!ssl->method->init_message(ssl, cbb.get(), &body,
521
427
  SSL3_MT_CERTIFICATE_VERIFY) ||
522
428
  !CBB_add_u16(&body, signature_algorithm)) {
523
429
  OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
524
- goto err;
430
+ return ssl_private_key_failure;
525
431
  }
526
432
 
527
- /* Sign the digest. */
433
+ // Sign the digest.
528
434
  CBB child;
529
- const size_t max_sig_len = ssl_private_key_max_signature_len(ssl);
435
+ const size_t max_sig_len = EVP_PKEY_size(hs->local_pubkey.get());
530
436
  uint8_t *sig;
531
437
  size_t sig_len;
532
438
  if (!CBB_add_u16_length_prefixed(&body, &child) ||
533
439
  !CBB_reserve(&child, &sig, max_sig_len)) {
534
440
  ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
535
- goto err;
441
+ return ssl_private_key_failure;
536
442
  }
537
443
 
538
- enum ssl_private_key_result_t sign_result;
539
- if (is_first_run) {
540
- if (!tls13_get_cert_verify_signature_input(
541
- hs, &msg, &msg_len,
542
- ssl->server ? ssl_cert_verify_server : ssl_cert_verify_client)) {
543
- ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
544
- goto err;
545
- }
546
- sign_result = ssl_private_key_sign(ssl, sig, &sig_len, max_sig_len,
547
- signature_algorithm, msg, msg_len);
548
- } else {
549
- sign_result = ssl_private_key_complete(ssl, sig, &sig_len, max_sig_len);
444
+ uint8_t *msg = NULL;
445
+ size_t msg_len;
446
+ if (!tls13_get_cert_verify_signature_input(
447
+ hs, &msg, &msg_len,
448
+ ssl->server ? ssl_cert_verify_server : ssl_cert_verify_client)) {
449
+ ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
450
+ return ssl_private_key_failure;
550
451
  }
452
+ UniquePtr<uint8_t> free_msg(msg);
551
453
 
454
+ enum ssl_private_key_result_t sign_result = ssl_private_key_sign(
455
+ hs, sig, &sig_len, max_sig_len, signature_algorithm, msg, msg_len);
552
456
  if (sign_result != ssl_private_key_success) {
553
- ret = sign_result;
554
- goto err;
457
+ return sign_result;
555
458
  }
556
459
 
557
460
  if (!CBB_did_write(&child, sig_len) ||
558
- !ssl_add_message_cbb(ssl, &cbb)) {
559
- goto err;
461
+ !ssl_add_message_cbb(ssl, cbb.get())) {
462
+ return ssl_private_key_failure;
560
463
  }
561
464
 
562
- ret = ssl_private_key_success;
563
-
564
- err:
565
- CBB_cleanup(&cbb);
566
- OPENSSL_free(msg);
567
- return ret;
465
+ return ssl_private_key_success;
568
466
  }
569
467
 
570
468
  int tls13_add_finished(SSL_HANDSHAKE *hs) {
@@ -578,23 +476,22 @@ int tls13_add_finished(SSL_HANDSHAKE *hs) {
578
476
  return 0;
579
477
  }
580
478
 
581
- CBB cbb, body;
582
- if (!ssl->method->init_message(ssl, &cbb, &body, SSL3_MT_FINISHED) ||
479
+ ScopedCBB cbb;
480
+ CBB body;
481
+ if (!ssl->method->init_message(ssl, cbb.get(), &body, SSL3_MT_FINISHED) ||
583
482
  !CBB_add_bytes(&body, verify_data, verify_data_len) ||
584
- !ssl_add_message_cbb(ssl, &cbb)) {
585
- CBB_cleanup(&cbb);
483
+ !ssl_add_message_cbb(ssl, cbb.get())) {
586
484
  return 0;
587
485
  }
588
486
 
589
487
  return 1;
590
488
  }
591
489
 
592
- static int tls13_receive_key_update(SSL *ssl) {
593
- CBS cbs;
490
+ static int tls13_receive_key_update(SSL *ssl, const SSLMessage &msg) {
491
+ CBS body = msg.body;
594
492
  uint8_t key_update_request;
595
- CBS_init(&cbs, ssl->init_msg, ssl->init_num);
596
- if (!CBS_get_u8(&cbs, &key_update_request) ||
597
- CBS_len(&cbs) != 0 ||
493
+ if (!CBS_get_u8(&body, &key_update_request) ||
494
+ CBS_len(&body) != 0 ||
598
495
  (key_update_request != SSL_KEY_UPDATE_NOT_REQUESTED &&
599
496
  key_update_request != SSL_KEY_UPDATE_REQUESTED)) {
600
497
  OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
@@ -602,13 +499,35 @@ static int tls13_receive_key_update(SSL *ssl) {
602
499
  return 0;
603
500
  }
604
501
 
605
- /* TODO(svaldez): Send KeyUpdate if |key_update_request| is
606
- * |SSL_KEY_UPDATE_REQUESTED|. */
607
- return tls13_rotate_traffic_key(ssl, evp_aead_open);
502
+ if (!tls13_rotate_traffic_key(ssl, evp_aead_open)) {
503
+ return 0;
504
+ }
505
+
506
+ // Acknowledge the KeyUpdate
507
+ if (key_update_request == SSL_KEY_UPDATE_REQUESTED &&
508
+ !ssl->s3->key_update_pending) {
509
+ ScopedCBB cbb;
510
+ CBB body_cbb;
511
+ if (!ssl->method->init_message(ssl, cbb.get(), &body_cbb,
512
+ SSL3_MT_KEY_UPDATE) ||
513
+ !CBB_add_u8(&body_cbb, SSL_KEY_UPDATE_NOT_REQUESTED) ||
514
+ !ssl_add_message_cbb(ssl, cbb.get()) ||
515
+ !tls13_rotate_traffic_key(ssl, evp_aead_seal)) {
516
+ return 0;
517
+ }
518
+
519
+ // Suppress KeyUpdate acknowledgments until this change is written to the
520
+ // wire. This prevents us from accumulating write obligations when read and
521
+ // write progress at different rates. See draft-ietf-tls-tls13-18, section
522
+ // 4.5.3.
523
+ ssl->s3->key_update_pending = true;
524
+ }
525
+
526
+ return 1;
608
527
  }
609
528
 
610
- int tls13_post_handshake(SSL *ssl) {
611
- if (ssl->s3->tmp.message_type == SSL3_MT_KEY_UPDATE) {
529
+ int tls13_post_handshake(SSL *ssl, const SSLMessage &msg) {
530
+ if (msg.type == SSL3_MT_KEY_UPDATE) {
612
531
  ssl->s3->key_update_count++;
613
532
  if (ssl->s3->key_update_count > kMaxKeyUpdates) {
614
533
  OPENSSL_PUT_ERROR(SSL, SSL_R_TOO_MANY_KEY_UPDATES);
@@ -616,19 +535,18 @@ int tls13_post_handshake(SSL *ssl) {
616
535
  return 0;
617
536
  }
618
537
 
619
- return tls13_receive_key_update(ssl);
538
+ return tls13_receive_key_update(ssl, msg);
620
539
  }
621
540
 
622
541
  ssl->s3->key_update_count = 0;
623
542
 
624
- if (ssl->s3->tmp.message_type == SSL3_MT_NEW_SESSION_TICKET &&
625
- !ssl->server) {
626
- return tls13_process_new_session_ticket(ssl);
543
+ if (msg.type == SSL3_MT_NEW_SESSION_TICKET && !ssl->server) {
544
+ return tls13_process_new_session_ticket(ssl, msg);
627
545
  }
628
546
 
629
- // TODO(svaldez): Handle post-handshake authentication.
630
-
631
547
  ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
632
548
  OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_MESSAGE);
633
549
  return 0;
634
550
  }
551
+
552
+ } // namespace bssl