wearefair-grpc 1.3.1.pre.a

Sign up to get free protection for your applications and to get access to all the features.
Files changed (1161) hide show
  1. checksums.yaml +7 -0
  2. data/.yardopts +1 -0
  3. data/Makefile +19484 -0
  4. data/etc/roots.pem +5288 -0
  5. data/include/grpc/byte_buffer.h +102 -0
  6. data/include/grpc/byte_buffer_reader.h +39 -0
  7. data/include/grpc/census.h +484 -0
  8. data/include/grpc/compression.h +85 -0
  9. data/include/grpc/grpc.h +509 -0
  10. data/include/grpc/grpc_cronet.h +51 -0
  11. data/include/grpc/grpc_posix.h +81 -0
  12. data/include/grpc/grpc_security.h +390 -0
  13. data/include/grpc/grpc_security_constants.h +114 -0
  14. data/include/grpc/impl/codegen/atm.h +100 -0
  15. data/include/grpc/impl/codegen/atm_gcc_atomic.h +97 -0
  16. data/include/grpc/impl/codegen/atm_gcc_sync.h +97 -0
  17. data/include/grpc/impl/codegen/atm_windows.h +140 -0
  18. data/include/grpc/impl/codegen/byte_buffer_reader.h +57 -0
  19. data/include/grpc/impl/codegen/compression_types.h +122 -0
  20. data/include/grpc/impl/codegen/connectivity_state.h +61 -0
  21. data/include/grpc/impl/codegen/exec_ctx_fwd.h +41 -0
  22. data/include/grpc/impl/codegen/gpr_slice.h +84 -0
  23. data/include/grpc/impl/codegen/gpr_types.h +75 -0
  24. data/include/grpc/impl/codegen/grpc_types.h +550 -0
  25. data/include/grpc/impl/codegen/port_platform.h +421 -0
  26. data/include/grpc/impl/codegen/propagation_bits.h +67 -0
  27. data/include/grpc/impl/codegen/slice.h +157 -0
  28. data/include/grpc/impl/codegen/status.h +163 -0
  29. data/include/grpc/impl/codegen/sync.h +75 -0
  30. data/include/grpc/impl/codegen/sync_generic.h +55 -0
  31. data/include/grpc/impl/codegen/sync_posix.h +47 -0
  32. data/include/grpc/impl/codegen/sync_windows.h +49 -0
  33. data/include/grpc/load_reporting.h +63 -0
  34. data/include/grpc/module.modulemap +13 -0
  35. data/include/grpc/slice.h +168 -0
  36. data/include/grpc/slice_buffer.h +94 -0
  37. data/include/grpc/status.h +39 -0
  38. data/include/grpc/support/alloc.h +82 -0
  39. data/include/grpc/support/atm.h +39 -0
  40. data/include/grpc/support/atm_gcc_atomic.h +39 -0
  41. data/include/grpc/support/atm_gcc_sync.h +39 -0
  42. data/include/grpc/support/atm_windows.h +39 -0
  43. data/include/grpc/support/avl.h +97 -0
  44. data/include/grpc/support/cmdline.h +103 -0
  45. data/include/grpc/support/cpu.h +59 -0
  46. data/include/grpc/support/histogram.h +79 -0
  47. data/include/grpc/support/host_port.h +66 -0
  48. data/include/grpc/support/log.h +118 -0
  49. data/include/grpc/support/log_windows.h +53 -0
  50. data/include/grpc/support/port_platform.h +39 -0
  51. data/include/grpc/support/string_util.h +64 -0
  52. data/include/grpc/support/subprocess.h +59 -0
  53. data/include/grpc/support/sync.h +295 -0
  54. data/include/grpc/support/sync_generic.h +39 -0
  55. data/include/grpc/support/sync_posix.h +39 -0
  56. data/include/grpc/support/sync_windows.h +39 -0
  57. data/include/grpc/support/thd.h +91 -0
  58. data/include/grpc/support/time.h +105 -0
  59. data/include/grpc/support/tls.h +77 -0
  60. data/include/grpc/support/tls_gcc.h +100 -0
  61. data/include/grpc/support/tls_msvc.h +56 -0
  62. data/include/grpc/support/tls_pthread.h +60 -0
  63. data/include/grpc/support/useful.h +80 -0
  64. data/src/boringssl/err_data.c +1270 -0
  65. data/src/core/ext/census/aggregation.h +66 -0
  66. data/src/core/ext/census/base_resources.c +71 -0
  67. data/src/core/ext/census/base_resources.h +39 -0
  68. data/src/core/ext/census/census_interface.h +76 -0
  69. data/src/core/ext/census/census_rpc_stats.h +101 -0
  70. data/src/core/ext/census/context.c +509 -0
  71. data/src/core/ext/census/gen/census.pb.c +176 -0
  72. data/src/core/ext/census/gen/census.pb.h +295 -0
  73. data/src/core/ext/census/gen/trace_context.pb.c +54 -0
  74. data/src/core/ext/census/gen/trace_context.pb.h +93 -0
  75. data/src/core/ext/census/grpc_context.c +53 -0
  76. data/src/core/ext/census/grpc_filter.c +213 -0
  77. data/src/core/ext/census/grpc_filter.h +44 -0
  78. data/src/core/ext/census/grpc_plugin.c +85 -0
  79. data/src/core/ext/census/initialize.c +66 -0
  80. data/src/core/ext/census/mlog.c +600 -0
  81. data/src/core/ext/census/mlog.h +95 -0
  82. data/src/core/ext/census/operation.c +63 -0
  83. data/src/core/ext/census/placeholders.c +64 -0
  84. data/src/core/ext/census/resource.c +312 -0
  85. data/src/core/ext/census/resource.h +63 -0
  86. data/src/core/ext/census/rpc_metric_id.h +51 -0
  87. data/src/core/ext/census/trace_context.c +86 -0
  88. data/src/core/ext/census/trace_context.h +71 -0
  89. data/src/core/ext/census/trace_label.h +61 -0
  90. data/src/core/ext/census/trace_propagation.h +63 -0
  91. data/src/core/ext/census/trace_status.h +45 -0
  92. data/src/core/ext/census/trace_string.h +50 -0
  93. data/src/core/ext/census/tracing.c +71 -0
  94. data/src/core/ext/census/tracing.h +124 -0
  95. data/src/core/ext/filters/client_channel/channel_connectivity.c +226 -0
  96. data/src/core/ext/filters/client_channel/client_channel.c +1410 -0
  97. data/src/core/ext/filters/client_channel/client_channel.h +64 -0
  98. data/src/core/ext/filters/client_channel/client_channel_factory.c +87 -0
  99. data/src/core/ext/filters/client_channel/client_channel_factory.h +92 -0
  100. data/src/core/ext/filters/client_channel/client_channel_plugin.c +106 -0
  101. data/src/core/ext/filters/client_channel/connector.c +55 -0
  102. data/src/core/ext/filters/client_channel/connector.h +88 -0
  103. data/src/core/ext/filters/client_channel/http_connect_handshaker.c +389 -0
  104. data/src/core/ext/filters/client_channel/http_connect_handshaker.h +49 -0
  105. data/src/core/ext/filters/client_channel/http_proxy.c +125 -0
  106. data/src/core/ext/filters/client_channel/http_proxy.h +39 -0
  107. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.c +1419 -0
  108. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.h +44 -0
  109. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +57 -0
  110. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.c +107 -0
  111. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.c +249 -0
  112. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +105 -0
  113. data/src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.c +88 -0
  114. data/src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.h +158 -0
  115. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.c +476 -0
  116. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.c +795 -0
  117. data/src/core/ext/filters/client_channel/lb_policy.c +167 -0
  118. data/src/core/ext/filters/client_channel/lb_policy.h +209 -0
  119. data/src/core/ext/filters/client_channel/lb_policy_factory.c +163 -0
  120. data/src/core/ext/filters/client_channel/lb_policy_factory.h +134 -0
  121. data/src/core/ext/filters/client_channel/lb_policy_registry.c +85 -0
  122. data/src/core/ext/filters/client_channel/lb_policy_registry.h +55 -0
  123. data/src/core/ext/filters/client_channel/parse_address.c +170 -0
  124. data/src/core/ext/filters/client_channel/parse_address.h +54 -0
  125. data/src/core/ext/filters/client_channel/proxy_mapper.c +63 -0
  126. data/src/core/ext/filters/client_channel/proxy_mapper.h +89 -0
  127. data/src/core/ext/filters/client_channel/proxy_mapper_registry.c +139 -0
  128. data/src/core/ext/filters/client_channel/proxy_mapper_registry.h +59 -0
  129. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.c +350 -0
  130. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +66 -0
  131. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.c +319 -0
  132. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.c +289 -0
  133. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +64 -0
  134. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.c +325 -0
  135. data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.c +234 -0
  136. data/src/core/ext/filters/client_channel/resolver.c +88 -0
  137. data/src/core/ext/filters/client_channel/resolver.h +101 -0
  138. data/src/core/ext/filters/client_channel/resolver_factory.c +56 -0
  139. data/src/core/ext/filters/client_channel/resolver_factory.h +85 -0
  140. data/src/core/ext/filters/client_channel/resolver_registry.c +174 -0
  141. data/src/core/ext/filters/client_channel/resolver_registry.h +84 -0
  142. data/src/core/ext/filters/client_channel/retry_throttle.c +210 -0
  143. data/src/core/ext/filters/client_channel/retry_throttle.h +65 -0
  144. data/src/core/ext/filters/client_channel/subchannel.c +835 -0
  145. data/src/core/ext/filters/client_channel/subchannel.h +203 -0
  146. data/src/core/ext/filters/client_channel/subchannel_index.c +262 -0
  147. data/src/core/ext/filters/client_channel/subchannel_index.h +77 -0
  148. data/src/core/ext/filters/client_channel/uri_parser.c +315 -0
  149. data/src/core/ext/filters/client_channel/uri_parser.h +65 -0
  150. data/src/core/ext/filters/load_reporting/load_reporting.c +106 -0
  151. data/src/core/ext/filters/load_reporting/load_reporting.h +73 -0
  152. data/src/core/ext/filters/load_reporting/load_reporting_filter.c +218 -0
  153. data/src/core/ext/filters/load_reporting/load_reporting_filter.h +42 -0
  154. data/src/core/ext/filters/max_age/max_age_filter.c +439 -0
  155. data/src/core/ext/filters/max_age/max_age_filter.h +39 -0
  156. data/src/core/ext/transport/chttp2/alpn/alpn.c +56 -0
  157. data/src/core/ext/transport/chttp2/alpn/alpn.h +49 -0
  158. data/src/core/ext/transport/chttp2/client/chttp2_connector.c +221 -0
  159. data/src/core/ext/transport/chttp2/client/chttp2_connector.h +41 -0
  160. data/src/core/ext/transport/chttp2/client/insecure/channel_create.c +121 -0
  161. data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.c +95 -0
  162. data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.c +239 -0
  163. data/src/core/ext/transport/chttp2/server/chttp2_server.c +304 -0
  164. data/src/core/ext/transport/chttp2/server/chttp2_server.h +47 -0
  165. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.c +59 -0
  166. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.c +90 -0
  167. data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.c +101 -0
  168. data/src/core/ext/transport/chttp2/transport/bin_decoder.c +236 -0
  169. data/src/core/ext/transport/chttp2/transport/bin_decoder.h +67 -0
  170. data/src/core/ext/transport/chttp2/transport/bin_encoder.c +241 -0
  171. data/src/core/ext/transport/chttp2/transport/bin_encoder.h +54 -0
  172. data/src/core/ext/transport/chttp2/transport/chttp2_plugin.c +43 -0
  173. data/src/core/ext/transport/chttp2/transport/chttp2_transport.c +2847 -0
  174. data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +53 -0
  175. data/src/core/ext/transport/chttp2/transport/frame.h +61 -0
  176. data/src/core/ext/transport/chttp2/transport/frame_data.c +287 -0
  177. data/src/core/ext/transport/chttp2/transport/frame_data.h +104 -0
  178. data/src/core/ext/transport/chttp2/transport/frame_goaway.c +198 -0
  179. data/src/core/ext/transport/chttp2/transport/frame_goaway.h +78 -0
  180. data/src/core/ext/transport/chttp2/transport/frame_ping.c +145 -0
  181. data/src/core/ext/transport/chttp2/transport/frame_ping.h +59 -0
  182. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.c +125 -0
  183. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +58 -0
  184. data/src/core/ext/transport/chttp2/transport/frame_settings.c +239 -0
  185. data/src/core/ext/transport/chttp2/transport/frame_settings.h +76 -0
  186. data/src/core/ext/transport/chttp2/transport/frame_window_update.c +134 -0
  187. data/src/core/ext/transport/chttp2/transport/frame_window_update.h +57 -0
  188. data/src/core/ext/transport/chttp2/transport/hpack_encoder.c +661 -0
  189. data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +107 -0
  190. data/src/core/ext/transport/chttp2/transport/hpack_parser.c +1734 -0
  191. data/src/core/ext/transport/chttp2/transport/hpack_parser.h +129 -0
  192. data/src/core/ext/transport/chttp2/transport/hpack_table.c +383 -0
  193. data/src/core/ext/transport/chttp2/transport/hpack_table.h +112 -0
  194. data/src/core/ext/transport/chttp2/transport/http2_settings.c +75 -0
  195. data/src/core/ext/transport/chttp2/transport/http2_settings.h +74 -0
  196. data/src/core/ext/transport/chttp2/transport/huffsyms.c +105 -0
  197. data/src/core/ext/transport/chttp2/transport/huffsyms.h +48 -0
  198. data/src/core/ext/transport/chttp2/transport/incoming_metadata.c +88 -0
  199. data/src/core/ext/transport/chttp2/transport/incoming_metadata.h +63 -0
  200. data/src/core/ext/transport/chttp2/transport/internal.h +852 -0
  201. data/src/core/ext/transport/chttp2/transport/parsing.c +825 -0
  202. data/src/core/ext/transport/chttp2/transport/stream_lists.c +194 -0
  203. data/src/core/ext/transport/chttp2/transport/stream_map.c +176 -0
  204. data/src/core/ext/transport/chttp2/transport/stream_map.h +83 -0
  205. data/src/core/ext/transport/chttp2/transport/varint.c +65 -0
  206. data/src/core/ext/transport/chttp2/transport/varint.h +75 -0
  207. data/src/core/ext/transport/chttp2/transport/writing.c +429 -0
  208. data/src/core/lib/channel/channel_args.c +355 -0
  209. data/src/core/lib/channel/channel_args.h +126 -0
  210. data/src/core/lib/channel/channel_stack.c +291 -0
  211. data/src/core/lib/channel/channel_stack.h +319 -0
  212. data/src/core/lib/channel/channel_stack_builder.c +284 -0
  213. data/src/core/lib/channel/channel_stack_builder.h +170 -0
  214. data/src/core/lib/channel/compress_filter.c +353 -0
  215. data/src/core/lib/channel/compress_filter.h +67 -0
  216. data/src/core/lib/channel/connected_channel.c +188 -0
  217. data/src/core/lib/channel/connected_channel.h +48 -0
  218. data/src/core/lib/channel/context.h +64 -0
  219. data/src/core/lib/channel/deadline_filter.c +348 -0
  220. data/src/core/lib/channel/deadline_filter.h +102 -0
  221. data/src/core/lib/channel/handshaker.c +281 -0
  222. data/src/core/lib/channel/handshaker.h +182 -0
  223. data/src/core/lib/channel/handshaker_factory.c +54 -0
  224. data/src/core/lib/channel/handshaker_factory.h +66 -0
  225. data/src/core/lib/channel/handshaker_registry.c +113 -0
  226. data/src/core/lib/channel/handshaker_registry.h +63 -0
  227. data/src/core/lib/channel/http_client_filter.c +601 -0
  228. data/src/core/lib/channel/http_client_filter.h +47 -0
  229. data/src/core/lib/channel/http_server_filter.c +445 -0
  230. data/src/core/lib/channel/http_server_filter.h +42 -0
  231. data/src/core/lib/channel/message_size_filter.c +270 -0
  232. data/src/core/lib/channel/message_size_filter.h +39 -0
  233. data/src/core/lib/compression/algorithm_metadata.h +53 -0
  234. data/src/core/lib/compression/compression.c +198 -0
  235. data/src/core/lib/compression/message_compress.c +204 -0
  236. data/src/core/lib/compression/message_compress.h +54 -0
  237. data/src/core/lib/debug/trace.c +140 -0
  238. data/src/core/lib/debug/trace.h +43 -0
  239. data/src/core/lib/http/format_request.c +135 -0
  240. data/src/core/lib/http/format_request.h +47 -0
  241. data/src/core/lib/http/httpcli.c +336 -0
  242. data/src/core/lib/http/httpcli.h +141 -0
  243. data/src/core/lib/http/httpcli_security_connector.c +199 -0
  244. data/src/core/lib/http/parser.c +379 -0
  245. data/src/core/lib/http/parser.h +126 -0
  246. data/src/core/lib/iomgr/closure.c +168 -0
  247. data/src/core/lib/iomgr/closure.h +153 -0
  248. data/src/core/lib/iomgr/combiner.c +460 -0
  249. data/src/core/lib/iomgr/combiner.h +83 -0
  250. data/src/core/lib/iomgr/endpoint.c +78 -0
  251. data/src/core/lib/iomgr/endpoint.h +117 -0
  252. data/src/core/lib/iomgr/endpoint_pair.h +47 -0
  253. data/src/core/lib/iomgr/endpoint_pair_posix.c +87 -0
  254. data/src/core/lib/iomgr/endpoint_pair_uv.c +53 -0
  255. data/src/core/lib/iomgr/endpoint_pair_windows.c +101 -0
  256. data/src/core/lib/iomgr/error.c +793 -0
  257. data/src/core/lib/iomgr/error.h +218 -0
  258. data/src/core/lib/iomgr/error_internal.h +75 -0
  259. data/src/core/lib/iomgr/ev_epoll_linux.c +1965 -0
  260. data/src/core/lib/iomgr/ev_epoll_linux.h +48 -0
  261. data/src/core/lib/iomgr/ev_poll_posix.c +1593 -0
  262. data/src/core/lib/iomgr/ev_poll_posix.h +42 -0
  263. data/src/core/lib/iomgr/ev_posix.c +287 -0
  264. data/src/core/lib/iomgr/ev_posix.h +189 -0
  265. data/src/core/lib/iomgr/exec_ctx.c +117 -0
  266. data/src/core/lib/iomgr/exec_ctx.h +117 -0
  267. data/src/core/lib/iomgr/executor.c +170 -0
  268. data/src/core/lib/iomgr/executor.h +51 -0
  269. data/src/core/lib/iomgr/iocp_windows.c +168 -0
  270. data/src/core/lib/iomgr/iocp_windows.h +55 -0
  271. data/src/core/lib/iomgr/iomgr.c +183 -0
  272. data/src/core/lib/iomgr/iomgr.h +47 -0
  273. data/src/core/lib/iomgr/iomgr_internal.h +58 -0
  274. data/src/core/lib/iomgr/iomgr_posix.c +56 -0
  275. data/src/core/lib/iomgr/iomgr_posix.h +39 -0
  276. data/src/core/lib/iomgr/iomgr_uv.c +49 -0
  277. data/src/core/lib/iomgr/iomgr_windows.c +76 -0
  278. data/src/core/lib/iomgr/load_file.c +92 -0
  279. data/src/core/lib/iomgr/load_file.h +56 -0
  280. data/src/core/lib/iomgr/lockfree_event.c +238 -0
  281. data/src/core/lib/iomgr/lockfree_event.h +54 -0
  282. data/src/core/lib/iomgr/network_status_tracker.c +48 -0
  283. data/src/core/lib/iomgr/network_status_tracker.h +45 -0
  284. data/src/core/lib/iomgr/polling_entity.c +104 -0
  285. data/src/core/lib/iomgr/polling_entity.h +81 -0
  286. data/src/core/lib/iomgr/pollset.h +97 -0
  287. data/src/core/lib/iomgr/pollset_set.h +62 -0
  288. data/src/core/lib/iomgr/pollset_set_uv.c +63 -0
  289. data/src/core/lib/iomgr/pollset_set_windows.c +64 -0
  290. data/src/core/lib/iomgr/pollset_set_windows.h +39 -0
  291. data/src/core/lib/iomgr/pollset_uv.c +156 -0
  292. data/src/core/lib/iomgr/pollset_uv.h +42 -0
  293. data/src/core/lib/iomgr/pollset_windows.c +232 -0
  294. data/src/core/lib/iomgr/pollset_windows.h +78 -0
  295. data/src/core/lib/iomgr/port.h +138 -0
  296. data/src/core/lib/iomgr/resolve_address.h +70 -0
  297. data/src/core/lib/iomgr/resolve_address_posix.c +207 -0
  298. data/src/core/lib/iomgr/resolve_address_uv.c +284 -0
  299. data/src/core/lib/iomgr/resolve_address_windows.c +190 -0
  300. data/src/core/lib/iomgr/resource_quota.c +877 -0
  301. data/src/core/lib/iomgr/resource_quota.h +167 -0
  302. data/src/core/lib/iomgr/sockaddr.h +55 -0
  303. data/src/core/lib/iomgr/sockaddr_posix.h +44 -0
  304. data/src/core/lib/iomgr/sockaddr_utils.c +272 -0
  305. data/src/core/lib/iomgr/sockaddr_utils.h +93 -0
  306. data/src/core/lib/iomgr/sockaddr_windows.h +43 -0
  307. data/src/core/lib/iomgr/socket_factory_posix.c +110 -0
  308. data/src/core/lib/iomgr/socket_factory_posix.h +90 -0
  309. data/src/core/lib/iomgr/socket_mutator.c +98 -0
  310. data/src/core/lib/iomgr/socket_mutator.h +80 -0
  311. data/src/core/lib/iomgr/socket_utils.h +42 -0
  312. data/src/core/lib/iomgr/socket_utils_common_posix.c +330 -0
  313. data/src/core/lib/iomgr/socket_utils_linux.c +57 -0
  314. data/src/core/lib/iomgr/socket_utils_posix.c +73 -0
  315. data/src/core/lib/iomgr/socket_utils_posix.h +147 -0
  316. data/src/core/lib/iomgr/socket_utils_uv.c +49 -0
  317. data/src/core/lib/iomgr/socket_utils_windows.c +52 -0
  318. data/src/core/lib/iomgr/socket_windows.c +167 -0
  319. data/src/core/lib/iomgr/socket_windows.h +125 -0
  320. data/src/core/lib/iomgr/tcp_client.h +55 -0
  321. data/src/core/lib/iomgr/tcp_client_posix.c +368 -0
  322. data/src/core/lib/iomgr/tcp_client_posix.h +45 -0
  323. data/src/core/lib/iomgr/tcp_client_uv.c +192 -0
  324. data/src/core/lib/iomgr/tcp_client_windows.c +260 -0
  325. data/src/core/lib/iomgr/tcp_posix.c +677 -0
  326. data/src/core/lib/iomgr/tcp_posix.h +70 -0
  327. data/src/core/lib/iomgr/tcp_server.h +116 -0
  328. data/src/core/lib/iomgr/tcp_server_posix.c +579 -0
  329. data/src/core/lib/iomgr/tcp_server_utils_posix.h +135 -0
  330. data/src/core/lib/iomgr/tcp_server_utils_posix_common.c +221 -0
  331. data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.c +196 -0
  332. data/src/core/lib/iomgr/tcp_server_utils_posix_noifaddrs.c +49 -0
  333. data/src/core/lib/iomgr/tcp_server_uv.c +393 -0
  334. data/src/core/lib/iomgr/tcp_server_windows.c +558 -0
  335. data/src/core/lib/iomgr/tcp_uv.c +374 -0
  336. data/src/core/lib/iomgr/tcp_uv.h +59 -0
  337. data/src/core/lib/iomgr/tcp_windows.c +462 -0
  338. data/src/core/lib/iomgr/tcp_windows.h +59 -0
  339. data/src/core/lib/iomgr/time_averaged_stats.c +77 -0
  340. data/src/core/lib/iomgr/time_averaged_stats.h +88 -0
  341. data/src/core/lib/iomgr/timer.h +111 -0
  342. data/src/core/lib/iomgr/timer_generic.c +567 -0
  343. data/src/core/lib/iomgr/timer_generic.h +49 -0
  344. data/src/core/lib/iomgr/timer_heap.c +152 -0
  345. data/src/core/lib/iomgr/timer_heap.h +57 -0
  346. data/src/core/lib/iomgr/timer_uv.c +103 -0
  347. data/src/core/lib/iomgr/timer_uv.h +47 -0
  348. data/src/core/lib/iomgr/udp_server.c +529 -0
  349. data/src/core/lib/iomgr/udp_server.h +89 -0
  350. data/src/core/lib/iomgr/unix_sockets_posix.c +108 -0
  351. data/src/core/lib/iomgr/unix_sockets_posix.h +56 -0
  352. data/src/core/lib/iomgr/unix_sockets_posix_noop.c +62 -0
  353. data/src/core/lib/iomgr/wakeup_fd_cv.c +118 -0
  354. data/src/core/lib/iomgr/wakeup_fd_cv.h +80 -0
  355. data/src/core/lib/iomgr/wakeup_fd_eventfd.c +97 -0
  356. data/src/core/lib/iomgr/wakeup_fd_nospecial.c +51 -0
  357. data/src/core/lib/iomgr/wakeup_fd_pipe.c +112 -0
  358. data/src/core/lib/iomgr/wakeup_fd_pipe.h +41 -0
  359. data/src/core/lib/iomgr/wakeup_fd_posix.c +101 -0
  360. data/src/core/lib/iomgr/wakeup_fd_posix.h +109 -0
  361. data/src/core/lib/iomgr/workqueue.h +87 -0
  362. data/src/core/lib/iomgr/workqueue_uv.c +65 -0
  363. data/src/core/lib/iomgr/workqueue_uv.h +37 -0
  364. data/src/core/lib/iomgr/workqueue_windows.c +63 -0
  365. data/src/core/lib/iomgr/workqueue_windows.h +37 -0
  366. data/src/core/lib/json/json.c +63 -0
  367. data/src/core/lib/json/json.h +88 -0
  368. data/src/core/lib/json/json_common.h +49 -0
  369. data/src/core/lib/json/json_reader.c +675 -0
  370. data/src/core/lib/json/json_reader.h +160 -0
  371. data/src/core/lib/json/json_string.c +379 -0
  372. data/src/core/lib/json/json_writer.c +258 -0
  373. data/src/core/lib/json/json_writer.h +97 -0
  374. data/src/core/lib/profiling/basic_timers.c +298 -0
  375. data/src/core/lib/profiling/stap_timers.c +65 -0
  376. data/src/core/lib/profiling/timers.h +121 -0
  377. data/src/core/lib/security/context/security_context.c +350 -0
  378. data/src/core/lib/security/context/security_context.h +134 -0
  379. data/src/core/lib/security/credentials/composite/composite_credentials.c +274 -0
  380. data/src/core/lib/security/credentials/composite/composite_credentials.h +72 -0
  381. data/src/core/lib/security/credentials/credentials.c +308 -0
  382. data/src/core/lib/security/credentials/credentials.h +268 -0
  383. data/src/core/lib/security/credentials/credentials_metadata.c +103 -0
  384. data/src/core/lib/security/credentials/fake/fake_credentials.c +141 -0
  385. data/src/core/lib/security/credentials/fake/fake_credentials.h +71 -0
  386. data/src/core/lib/security/credentials/google_default/credentials_generic.c +54 -0
  387. data/src/core/lib/security/credentials/google_default/google_default_credentials.c +337 -0
  388. data/src/core/lib/security/credentials/google_default/google_default_credentials.h +60 -0
  389. data/src/core/lib/security/credentials/iam/iam_credentials.c +85 -0
  390. data/src/core/lib/security/credentials/iam/iam_credentials.h +44 -0
  391. data/src/core/lib/security/credentials/jwt/json_token.c +321 -0
  392. data/src/core/lib/security/credentials/jwt/json_token.h +88 -0
  393. data/src/core/lib/security/credentials/jwt/jwt_credentials.c +195 -0
  394. data/src/core/lib/security/credentials/jwt/jwt_credentials.h +63 -0
  395. data/src/core/lib/security/credentials/jwt/jwt_verifier.c +910 -0
  396. data/src/core/lib/security/credentials/jwt/jwt_verifier.h +140 -0
  397. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.c +468 -0
  398. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +109 -0
  399. data/src/core/lib/security/credentials/plugin/plugin_credentials.c +153 -0
  400. data/src/core/lib/security/credentials/plugin/plugin_credentials.h +45 -0
  401. data/src/core/lib/security/credentials/ssl/ssl_credentials.c +242 -0
  402. data/src/core/lib/security/credentials/ssl/ssl_credentials.h +48 -0
  403. data/src/core/lib/security/transport/auth_filters.h +42 -0
  404. data/src/core/lib/security/transport/client_auth_filter.c +384 -0
  405. data/src/core/lib/security/transport/lb_targets_info.c +70 -0
  406. data/src/core/lib/security/transport/lb_targets_info.h +47 -0
  407. data/src/core/lib/security/transport/secure_endpoint.c +427 -0
  408. data/src/core/lib/security/transport/secure_endpoint.h +49 -0
  409. data/src/core/lib/security/transport/security_connector.c +909 -0
  410. data/src/core/lib/security/transport/security_connector.h +252 -0
  411. data/src/core/lib/security/transport/security_handshaker.c +507 -0
  412. data/src/core/lib/security/transport/security_handshaker.h +49 -0
  413. data/src/core/lib/security/transport/server_auth_filter.c +277 -0
  414. data/src/core/lib/security/transport/tsi_error.c +42 -0
  415. data/src/core/lib/security/transport/tsi_error.h +42 -0
  416. data/src/core/lib/security/util/json_util.c +61 -0
  417. data/src/core/lib/security/util/json_util.h +55 -0
  418. data/src/core/lib/slice/b64.c +251 -0
  419. data/src/core/lib/slice/b64.h +65 -0
  420. data/src/core/lib/slice/percent_encoding.c +182 -0
  421. data/src/core/lib/slice/percent_encoding.h +78 -0
  422. data/src/core/lib/slice/slice.c +466 -0
  423. data/src/core/lib/slice/slice_buffer.c +355 -0
  424. data/src/core/lib/slice/slice_hash_table.c +125 -0
  425. data/src/core/lib/slice/slice_hash_table.h +77 -0
  426. data/src/core/lib/slice/slice_intern.c +346 -0
  427. data/src/core/lib/slice/slice_internal.h +64 -0
  428. data/src/core/lib/slice/slice_string_helpers.c +95 -0
  429. data/src/core/lib/slice/slice_string_helpers.h +63 -0
  430. data/src/core/lib/support/alloc.c +117 -0
  431. data/src/core/lib/support/arena.c +98 -0
  432. data/src/core/lib/support/arena.h +54 -0
  433. data/src/core/lib/support/atm.c +47 -0
  434. data/src/core/lib/support/avl.c +299 -0
  435. data/src/core/lib/support/backoff.c +87 -0
  436. data/src/core/lib/support/backoff.h +71 -0
  437. data/src/core/lib/support/block_annotate.h +48 -0
  438. data/src/core/lib/support/cmdline.c +345 -0
  439. data/src/core/lib/support/cpu_iphone.c +49 -0
  440. data/src/core/lib/support/cpu_linux.c +83 -0
  441. data/src/core/lib/support/cpu_posix.c +72 -0
  442. data/src/core/lib/support/cpu_windows.c +47 -0
  443. data/src/core/lib/support/env.h +58 -0
  444. data/src/core/lib/support/env_linux.c +89 -0
  445. data/src/core/lib/support/env_posix.c +57 -0
  446. data/src/core/lib/support/env_windows.c +79 -0
  447. data/src/core/lib/support/histogram.c +243 -0
  448. data/src/core/lib/support/host_port.c +110 -0
  449. data/src/core/lib/support/log.c +103 -0
  450. data/src/core/lib/support/log_android.c +87 -0
  451. data/src/core/lib/support/log_linux.c +105 -0
  452. data/src/core/lib/support/log_posix.c +106 -0
  453. data/src/core/lib/support/log_windows.c +112 -0
  454. data/src/core/lib/support/mpscq.c +83 -0
  455. data/src/core/lib/support/mpscq.h +65 -0
  456. data/src/core/lib/support/murmur_hash.c +94 -0
  457. data/src/core/lib/support/murmur_hash.h +44 -0
  458. data/src/core/lib/support/spinlock.h +52 -0
  459. data/src/core/lib/support/stack_lockfree.c +185 -0
  460. data/src/core/lib/support/stack_lockfree.h +53 -0
  461. data/src/core/lib/support/string.c +315 -0
  462. data/src/core/lib/support/string.h +128 -0
  463. data/src/core/lib/support/string_posix.c +86 -0
  464. data/src/core/lib/support/string_util_windows.c +94 -0
  465. data/src/core/lib/support/string_windows.c +83 -0
  466. data/src/core/lib/support/string_windows.h +47 -0
  467. data/src/core/lib/support/subprocess_posix.c +114 -0
  468. data/src/core/lib/support/subprocess_windows.c +141 -0
  469. data/src/core/lib/support/sync.c +137 -0
  470. data/src/core/lib/support/sync_posix.c +113 -0
  471. data/src/core/lib/support/sync_windows.c +133 -0
  472. data/src/core/lib/support/thd.c +64 -0
  473. data/src/core/lib/support/thd_internal.h +39 -0
  474. data/src/core/lib/support/thd_posix.c +95 -0
  475. data/src/core/lib/support/thd_windows.c +117 -0
  476. data/src/core/lib/support/time.c +262 -0
  477. data/src/core/lib/support/time_posix.c +176 -0
  478. data/src/core/lib/support/time_precise.c +89 -0
  479. data/src/core/lib/support/time_precise.h +42 -0
  480. data/src/core/lib/support/time_windows.c +116 -0
  481. data/src/core/lib/support/tls_pthread.c +45 -0
  482. data/src/core/lib/support/tmpfile.h +53 -0
  483. data/src/core/lib/support/tmpfile_msys.c +73 -0
  484. data/src/core/lib/support/tmpfile_posix.c +85 -0
  485. data/src/core/lib/support/tmpfile_windows.c +84 -0
  486. data/src/core/lib/support/wrap_memcpy.c +55 -0
  487. data/src/core/lib/surface/alarm.c +87 -0
  488. data/src/core/lib/surface/api_trace.c +36 -0
  489. data/src/core/lib/surface/api_trace.h +65 -0
  490. data/src/core/lib/surface/byte_buffer.c +103 -0
  491. data/src/core/lib/surface/byte_buffer_reader.c +140 -0
  492. data/src/core/lib/surface/call.c +1835 -0
  493. data/src/core/lib/surface/call.h +135 -0
  494. data/src/core/lib/surface/call_details.c +56 -0
  495. data/src/core/lib/surface/call_log_batch.c +131 -0
  496. data/src/core/lib/surface/call_test_only.h +64 -0
  497. data/src/core/lib/surface/channel.c +434 -0
  498. data/src/core/lib/surface/channel.h +99 -0
  499. data/src/core/lib/surface/channel_init.c +140 -0
  500. data/src/core/lib/surface/channel_init.h +96 -0
  501. data/src/core/lib/surface/channel_ping.c +80 -0
  502. data/src/core/lib/surface/channel_stack_type.c +54 -0
  503. data/src/core/lib/surface/channel_stack_type.h +58 -0
  504. data/src/core/lib/surface/completion_queue.c +692 -0
  505. data/src/core/lib/surface/completion_queue.h +102 -0
  506. data/src/core/lib/surface/completion_queue_factory.c +77 -0
  507. data/src/core/lib/surface/completion_queue_factory.h +51 -0
  508. data/src/core/lib/surface/event_string.c +81 -0
  509. data/src/core/lib/surface/event_string.h +42 -0
  510. data/src/core/lib/surface/init.c +261 -0
  511. data/src/core/lib/surface/init.h +42 -0
  512. data/src/core/lib/surface/init_secure.c +94 -0
  513. data/src/core/lib/surface/lame_client.c +188 -0
  514. data/src/core/lib/surface/lame_client.h +41 -0
  515. data/src/core/lib/surface/metadata_array.c +49 -0
  516. data/src/core/lib/surface/server.c +1529 -0
  517. data/src/core/lib/surface/server.h +71 -0
  518. data/src/core/lib/surface/validate_metadata.c +108 -0
  519. data/src/core/lib/surface/validate_metadata.h +43 -0
  520. data/src/core/lib/surface/version.c +41 -0
  521. data/src/core/lib/transport/bdp_estimator.c +104 -0
  522. data/src/core/lib/transport/bdp_estimator.h +76 -0
  523. data/src/core/lib/transport/byte_stream.c +81 -0
  524. data/src/core/lib/transport/byte_stream.h +85 -0
  525. data/src/core/lib/transport/connectivity_state.c +219 -0
  526. data/src/core/lib/transport/connectivity_state.h +101 -0
  527. data/src/core/lib/transport/error_utils.c +124 -0
  528. data/src/core/lib/transport/error_utils.h +56 -0
  529. data/src/core/lib/transport/http2_errors.h +56 -0
  530. data/src/core/lib/transport/metadata.c +529 -0
  531. data/src/core/lib/transport/metadata.h +186 -0
  532. data/src/core/lib/transport/metadata_batch.c +328 -0
  533. data/src/core/lib/transport/metadata_batch.h +166 -0
  534. data/src/core/lib/transport/pid_controller.c +78 -0
  535. data/src/core/lib/transport/pid_controller.h +77 -0
  536. data/src/core/lib/transport/service_config.c +266 -0
  537. data/src/core/lib/transport/service_config.h +77 -0
  538. data/src/core/lib/transport/static_metadata.c +801 -0
  539. data/src/core/lib/transport/static_metadata.h +557 -0
  540. data/src/core/lib/transport/status_conversion.c +113 -0
  541. data/src/core/lib/transport/status_conversion.h +49 -0
  542. data/src/core/lib/transport/timeout_encoding.c +190 -0
  543. data/src/core/lib/transport/timeout_encoding.h +49 -0
  544. data/src/core/lib/transport/transport.c +282 -0
  545. data/src/core/lib/transport/transport.h +354 -0
  546. data/src/core/lib/transport/transport_impl.h +90 -0
  547. data/src/core/lib/transport/transport_op_string.c +217 -0
  548. data/src/core/plugin_registry/grpc_plugin_registry.c +82 -0
  549. data/src/core/tsi/fake_transport_security.c +527 -0
  550. data/src/core/tsi/fake_transport_security.h +61 -0
  551. data/src/core/tsi/ssl_transport_security.c +1533 -0
  552. data/src/core/tsi/ssl_transport_security.h +214 -0
  553. data/src/core/tsi/ssl_types.h +55 -0
  554. data/src/core/tsi/transport_security.c +266 -0
  555. data/src/core/tsi/transport_security.h +111 -0
  556. data/src/core/tsi/transport_security_interface.h +353 -0
  557. data/src/ruby/bin/apis/google/protobuf/empty.rb +44 -0
  558. data/src/ruby/bin/apis/pubsub_demo.rb +256 -0
  559. data/src/ruby/bin/apis/tech/pubsub/proto/pubsub.rb +174 -0
  560. data/src/ruby/bin/apis/tech/pubsub/proto/pubsub_services.rb +103 -0
  561. data/src/ruby/bin/math_client.rb +147 -0
  562. data/src/ruby/bin/math_pb.rb +32 -0
  563. data/src/ruby/bin/math_server.rb +206 -0
  564. data/src/ruby/bin/math_services_pb.rb +66 -0
  565. data/src/ruby/bin/noproto_client.rb +108 -0
  566. data/src/ruby/bin/noproto_server.rb +112 -0
  567. data/src/ruby/ext/grpc/extconf.rb +131 -0
  568. data/src/ruby/ext/grpc/rb_byte_buffer.c +77 -0
  569. data/src/ruby/ext/grpc/rb_byte_buffer.h +50 -0
  570. data/src/ruby/ext/grpc/rb_call.c +1009 -0
  571. data/src/ruby/ext/grpc/rb_call.h +66 -0
  572. data/src/ruby/ext/grpc/rb_call_credentials.c +295 -0
  573. data/src/ruby/ext/grpc/rb_call_credentials.h +46 -0
  574. data/src/ruby/ext/grpc/rb_channel.c +662 -0
  575. data/src/ruby/ext/grpc/rb_channel.h +49 -0
  576. data/src/ruby/ext/grpc/rb_channel_args.c +168 -0
  577. data/src/ruby/ext/grpc/rb_channel_args.h +53 -0
  578. data/src/ruby/ext/grpc/rb_channel_credentials.c +268 -0
  579. data/src/ruby/ext/grpc/rb_channel_credentials.h +47 -0
  580. data/src/ruby/ext/grpc/rb_completion_queue.c +117 -0
  581. data/src/ruby/ext/grpc/rb_completion_queue.h +51 -0
  582. data/src/ruby/ext/grpc/rb_compression_options.c +472 -0
  583. data/src/ruby/ext/grpc/rb_compression_options.h +44 -0
  584. data/src/ruby/ext/grpc/rb_event_thread.c +158 -0
  585. data/src/ruby/ext/grpc/rb_event_thread.h +37 -0
  586. data/src/ruby/ext/grpc/rb_grpc.c +343 -0
  587. data/src/ruby/ext/grpc/rb_grpc.h +87 -0
  588. data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +634 -0
  589. data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +955 -0
  590. data/src/ruby/ext/grpc/rb_loader.c +72 -0
  591. data/src/ruby/ext/grpc/rb_loader.h +40 -0
  592. data/src/ruby/ext/grpc/rb_server.c +359 -0
  593. data/src/ruby/ext/grpc/rb_server.h +47 -0
  594. data/src/ruby/ext/grpc/rb_server_credentials.c +258 -0
  595. data/src/ruby/ext/grpc/rb_server_credentials.h +47 -0
  596. data/src/ruby/lib/grpc/core/time_consts.rb +71 -0
  597. data/src/ruby/lib/grpc/errors.rb +215 -0
  598. data/src/ruby/lib/grpc/generic/active_call.rb +547 -0
  599. data/src/ruby/lib/grpc/generic/bidi_call.rb +229 -0
  600. data/src/ruby/lib/grpc/generic/client_stub.rb +463 -0
  601. data/src/ruby/lib/grpc/generic/rpc_desc.rb +173 -0
  602. data/src/ruby/lib/grpc/generic/rpc_server.rb +476 -0
  603. data/src/ruby/lib/grpc/generic/service.rb +225 -0
  604. data/src/ruby/lib/grpc/grpc.rb +39 -0
  605. data/src/ruby/lib/grpc/grpc_c.bundle +0 -0
  606. data/src/ruby/lib/grpc/logconfig.rb +59 -0
  607. data/src/ruby/lib/grpc/notifier.rb +60 -0
  608. data/src/ruby/lib/grpc/version.rb +33 -0
  609. data/src/ruby/lib/grpc.rb +49 -0
  610. data/src/ruby/pb/README.md +42 -0
  611. data/src/ruby/pb/generate_proto_ruby.sh +58 -0
  612. data/src/ruby/pb/grpc/health/checker.rb +77 -0
  613. data/src/ruby/pb/grpc/health/v1/health_pb.rb +28 -0
  614. data/src/ruby/pb/grpc/health/v1/health_services_pb.rb +56 -0
  615. data/src/ruby/pb/grpc/testing/duplicate/echo_duplicate_services_pb.rb +58 -0
  616. data/src/ruby/pb/grpc/testing/metrics_pb.rb +28 -0
  617. data/src/ruby/pb/grpc/testing/metrics_services_pb.rb +64 -0
  618. data/src/ruby/pb/src/proto/grpc/testing/empty_pb.rb +15 -0
  619. data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +82 -0
  620. data/src/ruby/pb/src/proto/grpc/testing/test_pb.rb +14 -0
  621. data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +117 -0
  622. data/src/ruby/pb/test/client.rb +779 -0
  623. data/src/ruby/pb/test/server.rb +267 -0
  624. data/src/ruby/spec/call_credentials_spec.rb +57 -0
  625. data/src/ruby/spec/call_spec.rb +162 -0
  626. data/src/ruby/spec/channel_connection_spec.rb +141 -0
  627. data/src/ruby/spec/channel_credentials_spec.rb +97 -0
  628. data/src/ruby/spec/channel_spec.rb +205 -0
  629. data/src/ruby/spec/client_server_spec.rb +491 -0
  630. data/src/ruby/spec/compression_options_spec.rb +164 -0
  631. data/src/ruby/spec/error_sanity_spec.rb +64 -0
  632. data/src/ruby/spec/generic/active_call_spec.rb +632 -0
  633. data/src/ruby/spec/generic/client_stub_spec.rb +556 -0
  634. data/src/ruby/spec/generic/rpc_desc_spec.rb +351 -0
  635. data/src/ruby/spec/generic/rpc_server_pool_spec.rb +142 -0
  636. data/src/ruby/spec/generic/rpc_server_spec.rb +524 -0
  637. data/src/ruby/spec/generic/service_spec.rb +276 -0
  638. data/src/ruby/spec/pb/duplicate/codegen_spec.rb +71 -0
  639. data/src/ruby/spec/pb/health/checker_spec.rb +222 -0
  640. data/src/ruby/spec/server_credentials_spec.rb +94 -0
  641. data/src/ruby/spec/server_spec.rb +205 -0
  642. data/src/ruby/spec/spec_helper.rb +71 -0
  643. data/src/ruby/spec/testdata/README +1 -0
  644. data/src/ruby/spec/testdata/ca.pem +15 -0
  645. data/src/ruby/spec/testdata/server1.key +16 -0
  646. data/src/ruby/spec/testdata/server1.pem +16 -0
  647. data/src/ruby/spec/time_consts_spec.rb +89 -0
  648. data/third_party/boringssl/crypto/aes/aes.c +1142 -0
  649. data/third_party/boringssl/crypto/aes/internal.h +87 -0
  650. data/third_party/boringssl/crypto/aes/mode_wrappers.c +112 -0
  651. data/third_party/boringssl/crypto/asn1/a_bitstr.c +263 -0
  652. data/third_party/boringssl/crypto/asn1/a_bool.c +110 -0
  653. data/third_party/boringssl/crypto/asn1/a_d2i_fp.c +282 -0
  654. data/third_party/boringssl/crypto/asn1/a_dup.c +111 -0
  655. data/third_party/boringssl/crypto/asn1/a_enum.c +181 -0
  656. data/third_party/boringssl/crypto/asn1/a_gentm.c +256 -0
  657. data/third_party/boringssl/crypto/asn1/a_i2d_fp.c +147 -0
  658. data/third_party/boringssl/crypto/asn1/a_int.c +460 -0
  659. data/third_party/boringssl/crypto/asn1/a_mbstr.c +409 -0
  660. data/third_party/boringssl/crypto/asn1/a_object.c +400 -0
  661. data/third_party/boringssl/crypto/asn1/a_octet.c +77 -0
  662. data/third_party/boringssl/crypto/asn1/a_print.c +121 -0
  663. data/third_party/boringssl/crypto/asn1/a_strnid.c +309 -0
  664. data/third_party/boringssl/crypto/asn1/a_time.c +206 -0
  665. data/third_party/boringssl/crypto/asn1/a_type.c +151 -0
  666. data/third_party/boringssl/crypto/asn1/a_utctm.c +304 -0
  667. data/third_party/boringssl/crypto/asn1/a_utf8.c +234 -0
  668. data/third_party/boringssl/crypto/asn1/asn1_lib.c +483 -0
  669. data/third_party/boringssl/crypto/asn1/asn1_locl.h +63 -0
  670. data/third_party/boringssl/crypto/asn1/asn1_par.c +80 -0
  671. data/third_party/boringssl/crypto/asn1/asn_pack.c +105 -0
  672. data/third_party/boringssl/crypto/asn1/f_enum.c +93 -0
  673. data/third_party/boringssl/crypto/asn1/f_int.c +97 -0
  674. data/third_party/boringssl/crypto/asn1/f_string.c +91 -0
  675. data/third_party/boringssl/crypto/asn1/t_bitst.c +103 -0
  676. data/third_party/boringssl/crypto/asn1/tasn_dec.c +1221 -0
  677. data/third_party/boringssl/crypto/asn1/tasn_enc.c +665 -0
  678. data/third_party/boringssl/crypto/asn1/tasn_fre.c +246 -0
  679. data/third_party/boringssl/crypto/asn1/tasn_new.c +381 -0
  680. data/third_party/boringssl/crypto/asn1/tasn_typ.c +131 -0
  681. data/third_party/boringssl/crypto/asn1/tasn_utl.c +266 -0
  682. data/third_party/boringssl/crypto/asn1/x_bignum.c +153 -0
  683. data/third_party/boringssl/crypto/asn1/x_long.c +197 -0
  684. data/third_party/boringssl/crypto/base64/base64.c +442 -0
  685. data/third_party/boringssl/crypto/bio/bio.c +598 -0
  686. data/third_party/boringssl/crypto/bio/bio_mem.c +328 -0
  687. data/third_party/boringssl/crypto/bio/buffer.c +496 -0
  688. data/third_party/boringssl/crypto/bio/connect.c +553 -0
  689. data/third_party/boringssl/crypto/bio/fd.c +277 -0
  690. data/third_party/boringssl/crypto/bio/file.c +313 -0
  691. data/third_party/boringssl/crypto/bio/hexdump.c +191 -0
  692. data/third_party/boringssl/crypto/bio/internal.h +111 -0
  693. data/third_party/boringssl/crypto/bio/pair.c +803 -0
  694. data/third_party/boringssl/crypto/bio/printf.c +119 -0
  695. data/third_party/boringssl/crypto/bio/socket.c +203 -0
  696. data/third_party/boringssl/crypto/bio/socket_helper.c +113 -0
  697. data/third_party/boringssl/crypto/bn/add.c +377 -0
  698. data/third_party/boringssl/crypto/bn/asm/x86_64-gcc.c +531 -0
  699. data/third_party/boringssl/crypto/bn/bn.c +379 -0
  700. data/third_party/boringssl/crypto/bn/bn_asn1.c +80 -0
  701. data/third_party/boringssl/crypto/bn/cmp.c +225 -0
  702. data/third_party/boringssl/crypto/bn/convert.c +599 -0
  703. data/third_party/boringssl/crypto/bn/ctx.c +311 -0
  704. data/third_party/boringssl/crypto/bn/div.c +671 -0
  705. data/third_party/boringssl/crypto/bn/exponentiation.c +1258 -0
  706. data/third_party/boringssl/crypto/bn/gcd.c +628 -0
  707. data/third_party/boringssl/crypto/bn/generic.c +703 -0
  708. data/third_party/boringssl/crypto/bn/internal.h +245 -0
  709. data/third_party/boringssl/crypto/bn/kronecker.c +175 -0
  710. data/third_party/boringssl/crypto/bn/montgomery.c +410 -0
  711. data/third_party/boringssl/crypto/bn/montgomery_inv.c +160 -0
  712. data/third_party/boringssl/crypto/bn/mul.c +869 -0
  713. data/third_party/boringssl/crypto/bn/prime.c +861 -0
  714. data/third_party/boringssl/crypto/bn/random.c +340 -0
  715. data/third_party/boringssl/crypto/bn/rsaz_exp.c +319 -0
  716. data/third_party/boringssl/crypto/bn/rsaz_exp.h +56 -0
  717. data/third_party/boringssl/crypto/bn/shift.c +299 -0
  718. data/third_party/boringssl/crypto/bn/sqrt.c +504 -0
  719. data/third_party/boringssl/crypto/buf/buf.c +239 -0
  720. data/third_party/boringssl/crypto/bytestring/asn1_compat.c +51 -0
  721. data/third_party/boringssl/crypto/bytestring/ber.c +263 -0
  722. data/third_party/boringssl/crypto/bytestring/cbb.c +473 -0
  723. data/third_party/boringssl/crypto/bytestring/cbs.c +439 -0
  724. data/third_party/boringssl/crypto/bytestring/internal.h +75 -0
  725. data/third_party/boringssl/crypto/chacha/chacha.c +167 -0
  726. data/third_party/boringssl/crypto/cipher/aead.c +156 -0
  727. data/third_party/boringssl/crypto/cipher/cipher.c +652 -0
  728. data/third_party/boringssl/crypto/cipher/derive_key.c +154 -0
  729. data/third_party/boringssl/crypto/cipher/e_aes.c +1717 -0
  730. data/third_party/boringssl/crypto/cipher/e_chacha20poly1305.c +300 -0
  731. data/third_party/boringssl/crypto/cipher/e_des.c +205 -0
  732. data/third_party/boringssl/crypto/cipher/e_null.c +85 -0
  733. data/third_party/boringssl/crypto/cipher/e_rc2.c +443 -0
  734. data/third_party/boringssl/crypto/cipher/e_rc4.c +87 -0
  735. data/third_party/boringssl/crypto/cipher/e_ssl3.c +403 -0
  736. data/third_party/boringssl/crypto/cipher/e_tls.c +602 -0
  737. data/third_party/boringssl/crypto/cipher/internal.h +162 -0
  738. data/third_party/boringssl/crypto/cipher/tls_cbc.c +553 -0
  739. data/third_party/boringssl/crypto/cmac/cmac.c +239 -0
  740. data/third_party/boringssl/crypto/conf/conf.c +788 -0
  741. data/third_party/boringssl/crypto/conf/conf_def.h +127 -0
  742. data/third_party/boringssl/crypto/conf/internal.h +31 -0
  743. data/third_party/boringssl/crypto/cpu-aarch64-linux.c +61 -0
  744. data/third_party/boringssl/crypto/cpu-arm-linux.c +360 -0
  745. data/third_party/boringssl/crypto/cpu-arm.c +38 -0
  746. data/third_party/boringssl/crypto/cpu-intel.c +263 -0
  747. data/third_party/boringssl/crypto/cpu-ppc64le.c +40 -0
  748. data/third_party/boringssl/crypto/crypto.c +164 -0
  749. data/third_party/boringssl/crypto/curve25519/curve25519.c +4944 -0
  750. data/third_party/boringssl/crypto/curve25519/internal.h +109 -0
  751. data/third_party/boringssl/crypto/curve25519/spake25519.c +464 -0
  752. data/third_party/boringssl/crypto/curve25519/x25519-x86_64.c +246 -0
  753. data/third_party/boringssl/crypto/des/des.c +771 -0
  754. data/third_party/boringssl/crypto/des/internal.h +212 -0
  755. data/third_party/boringssl/crypto/dh/check.c +218 -0
  756. data/third_party/boringssl/crypto/dh/dh.c +487 -0
  757. data/third_party/boringssl/crypto/dh/dh_asn1.c +160 -0
  758. data/third_party/boringssl/crypto/dh/params.c +253 -0
  759. data/third_party/boringssl/crypto/digest/digest.c +248 -0
  760. data/third_party/boringssl/crypto/digest/digests.c +321 -0
  761. data/third_party/boringssl/crypto/digest/internal.h +112 -0
  762. data/third_party/boringssl/crypto/digest/md32_common.h +262 -0
  763. data/third_party/boringssl/crypto/dsa/dsa.c +964 -0
  764. data/third_party/boringssl/crypto/dsa/dsa_asn1.c +339 -0
  765. data/third_party/boringssl/crypto/ec/ec.c +847 -0
  766. data/third_party/boringssl/crypto/ec/ec_asn1.c +549 -0
  767. data/third_party/boringssl/crypto/ec/ec_key.c +479 -0
  768. data/third_party/boringssl/crypto/ec/ec_montgomery.c +308 -0
  769. data/third_party/boringssl/crypto/ec/internal.h +276 -0
  770. data/third_party/boringssl/crypto/ec/oct.c +428 -0
  771. data/third_party/boringssl/crypto/ec/p224-64.c +1187 -0
  772. data/third_party/boringssl/crypto/ec/p256-64.c +1741 -0
  773. data/third_party/boringssl/crypto/ec/p256-x86_64-table.h +9543 -0
  774. data/third_party/boringssl/crypto/ec/p256-x86_64.c +574 -0
  775. data/third_party/boringssl/crypto/ec/simple.c +1117 -0
  776. data/third_party/boringssl/crypto/ec/util-64.c +109 -0
  777. data/third_party/boringssl/crypto/ec/wnaf.c +449 -0
  778. data/third_party/boringssl/crypto/ecdh/ecdh.c +159 -0
  779. data/third_party/boringssl/crypto/ecdsa/ecdsa.c +478 -0
  780. data/third_party/boringssl/crypto/ecdsa/ecdsa_asn1.c +227 -0
  781. data/third_party/boringssl/crypto/engine/engine.c +96 -0
  782. data/third_party/boringssl/crypto/err/err.c +756 -0
  783. data/third_party/boringssl/crypto/evp/digestsign.c +159 -0
  784. data/third_party/boringssl/crypto/evp/evp.c +367 -0
  785. data/third_party/boringssl/crypto/evp/evp_asn1.c +337 -0
  786. data/third_party/boringssl/crypto/evp/evp_ctx.c +448 -0
  787. data/third_party/boringssl/crypto/evp/internal.h +237 -0
  788. data/third_party/boringssl/crypto/evp/p_dsa_asn1.c +268 -0
  789. data/third_party/boringssl/crypto/evp/p_ec.c +236 -0
  790. data/third_party/boringssl/crypto/evp/p_ec_asn1.c +257 -0
  791. data/third_party/boringssl/crypto/evp/p_rsa.c +673 -0
  792. data/third_party/boringssl/crypto/evp/p_rsa_asn1.c +200 -0
  793. data/third_party/boringssl/crypto/evp/pbkdf.c +151 -0
  794. data/third_party/boringssl/crypto/evp/print.c +520 -0
  795. data/third_party/boringssl/crypto/evp/sign.c +151 -0
  796. data/third_party/boringssl/crypto/ex_data.c +292 -0
  797. data/third_party/boringssl/crypto/hkdf/hkdf.c +110 -0
  798. data/third_party/boringssl/crypto/hmac/hmac.c +213 -0
  799. data/third_party/boringssl/crypto/internal.h +527 -0
  800. data/third_party/boringssl/crypto/lhash/lhash.c +342 -0
  801. data/third_party/boringssl/crypto/md4/md4.c +234 -0
  802. data/third_party/boringssl/crypto/md5/md5.c +275 -0
  803. data/third_party/boringssl/crypto/mem.c +200 -0
  804. data/third_party/boringssl/crypto/modes/cbc.c +216 -0
  805. data/third_party/boringssl/crypto/modes/cfb.c +230 -0
  806. data/third_party/boringssl/crypto/modes/ctr.c +219 -0
  807. data/third_party/boringssl/crypto/modes/gcm.c +1288 -0
  808. data/third_party/boringssl/crypto/modes/internal.h +358 -0
  809. data/third_party/boringssl/crypto/modes/ofb.c +95 -0
  810. data/third_party/boringssl/crypto/newhope/error_correction.c +131 -0
  811. data/third_party/boringssl/crypto/newhope/internal.h +71 -0
  812. data/third_party/boringssl/crypto/newhope/newhope.c +174 -0
  813. data/third_party/boringssl/crypto/newhope/ntt.c +148 -0
  814. data/third_party/boringssl/crypto/newhope/poly.c +183 -0
  815. data/third_party/boringssl/crypto/newhope/precomp.c +306 -0
  816. data/third_party/boringssl/crypto/newhope/reduce.c +42 -0
  817. data/third_party/boringssl/crypto/obj/obj.c +640 -0
  818. data/third_party/boringssl/crypto/obj/obj_dat.h +5254 -0
  819. data/third_party/boringssl/crypto/obj/obj_xref.c +124 -0
  820. data/third_party/boringssl/crypto/obj/obj_xref.h +96 -0
  821. data/third_party/boringssl/crypto/pem/pem_all.c +262 -0
  822. data/third_party/boringssl/crypto/pem/pem_info.c +381 -0
  823. data/third_party/boringssl/crypto/pem/pem_lib.c +778 -0
  824. data/third_party/boringssl/crypto/pem/pem_oth.c +88 -0
  825. data/third_party/boringssl/crypto/pem/pem_pk8.c +257 -0
  826. data/third_party/boringssl/crypto/pem/pem_pkey.c +227 -0
  827. data/third_party/boringssl/crypto/pem/pem_x509.c +65 -0
  828. data/third_party/boringssl/crypto/pem/pem_xaux.c +67 -0
  829. data/third_party/boringssl/crypto/pkcs8/internal.h +83 -0
  830. data/third_party/boringssl/crypto/pkcs8/p5_pbe.c +151 -0
  831. data/third_party/boringssl/crypto/pkcs8/p5_pbev2.c +441 -0
  832. data/third_party/boringssl/crypto/pkcs8/p8_pkey.c +85 -0
  833. data/third_party/boringssl/crypto/pkcs8/pkcs8.c +1219 -0
  834. data/third_party/boringssl/crypto/poly1305/internal.h +40 -0
  835. data/third_party/boringssl/crypto/poly1305/poly1305.c +324 -0
  836. data/third_party/boringssl/crypto/poly1305/poly1305_arm.c +304 -0
  837. data/third_party/boringssl/crypto/poly1305/poly1305_vec.c +890 -0
  838. data/third_party/boringssl/crypto/rand/deterministic.c +47 -0
  839. data/third_party/boringssl/crypto/rand/internal.h +32 -0
  840. data/third_party/boringssl/crypto/rand/rand.c +244 -0
  841. data/third_party/boringssl/crypto/rand/urandom.c +221 -0
  842. data/third_party/boringssl/crypto/rand/windows.c +53 -0
  843. data/third_party/boringssl/crypto/rc4/rc4.c +98 -0
  844. data/third_party/boringssl/crypto/refcount_c11.c +67 -0
  845. data/third_party/boringssl/crypto/refcount_lock.c +53 -0
  846. data/third_party/boringssl/crypto/rsa/blinding.c +264 -0
  847. data/third_party/boringssl/crypto/rsa/internal.h +148 -0
  848. data/third_party/boringssl/crypto/rsa/padding.c +708 -0
  849. data/third_party/boringssl/crypto/rsa/rsa.c +830 -0
  850. data/third_party/boringssl/crypto/rsa/rsa_asn1.c +446 -0
  851. data/third_party/boringssl/crypto/rsa/rsa_impl.c +1139 -0
  852. data/third_party/boringssl/crypto/sha/sha1.c +337 -0
  853. data/third_party/boringssl/crypto/sha/sha256.c +327 -0
  854. data/third_party/boringssl/crypto/sha/sha512.c +607 -0
  855. data/third_party/boringssl/crypto/stack/stack.c +377 -0
  856. data/third_party/boringssl/crypto/thread.c +110 -0
  857. data/third_party/boringssl/crypto/thread_none.c +59 -0
  858. data/third_party/boringssl/crypto/thread_pthread.c +176 -0
  859. data/third_party/boringssl/crypto/thread_win.c +237 -0
  860. data/third_party/boringssl/crypto/time_support.c +206 -0
  861. data/third_party/boringssl/crypto/x509/a_digest.c +96 -0
  862. data/third_party/boringssl/crypto/x509/a_sign.c +135 -0
  863. data/third_party/boringssl/crypto/x509/a_strex.c +633 -0
  864. data/third_party/boringssl/crypto/x509/a_verify.c +127 -0
  865. data/third_party/boringssl/crypto/x509/algorithm.c +137 -0
  866. data/third_party/boringssl/crypto/x509/asn1_gen.c +818 -0
  867. data/third_party/boringssl/crypto/x509/by_dir.c +453 -0
  868. data/third_party/boringssl/crypto/x509/by_file.c +275 -0
  869. data/third_party/boringssl/crypto/x509/charmap.h +15 -0
  870. data/third_party/boringssl/crypto/x509/i2d_pr.c +83 -0
  871. data/third_party/boringssl/crypto/x509/internal.h +66 -0
  872. data/third_party/boringssl/crypto/x509/pkcs7.c +353 -0
  873. data/third_party/boringssl/crypto/x509/rsa_pss.c +385 -0
  874. data/third_party/boringssl/crypto/x509/t_crl.c +128 -0
  875. data/third_party/boringssl/crypto/x509/t_req.c +246 -0
  876. data/third_party/boringssl/crypto/x509/t_x509.c +506 -0
  877. data/third_party/boringssl/crypto/x509/t_x509a.c +111 -0
  878. data/third_party/boringssl/crypto/x509/vpm_int.h +70 -0
  879. data/third_party/boringssl/crypto/x509/x509.c +157 -0
  880. data/third_party/boringssl/crypto/x509/x509_att.c +381 -0
  881. data/third_party/boringssl/crypto/x509/x509_cmp.c +474 -0
  882. data/third_party/boringssl/crypto/x509/x509_d2.c +106 -0
  883. data/third_party/boringssl/crypto/x509/x509_def.c +98 -0
  884. data/third_party/boringssl/crypto/x509/x509_ext.c +206 -0
  885. data/third_party/boringssl/crypto/x509/x509_lu.c +690 -0
  886. data/third_party/boringssl/crypto/x509/x509_obj.c +197 -0
  887. data/third_party/boringssl/crypto/x509/x509_r2x.c +117 -0
  888. data/third_party/boringssl/crypto/x509/x509_req.c +322 -0
  889. data/third_party/boringssl/crypto/x509/x509_set.c +154 -0
  890. data/third_party/boringssl/crypto/x509/x509_trs.c +326 -0
  891. data/third_party/boringssl/crypto/x509/x509_txt.c +211 -0
  892. data/third_party/boringssl/crypto/x509/x509_v3.c +278 -0
  893. data/third_party/boringssl/crypto/x509/x509_vfy.c +2436 -0
  894. data/third_party/boringssl/crypto/x509/x509_vpm.c +647 -0
  895. data/third_party/boringssl/crypto/x509/x509cset.c +170 -0
  896. data/third_party/boringssl/crypto/x509/x509name.c +386 -0
  897. data/third_party/boringssl/crypto/x509/x509rset.c +81 -0
  898. data/third_party/boringssl/crypto/x509/x509spki.c +137 -0
  899. data/third_party/boringssl/crypto/x509/x509type.c +126 -0
  900. data/third_party/boringssl/crypto/x509/x_algor.c +151 -0
  901. data/third_party/boringssl/crypto/x509/x_all.c +501 -0
  902. data/third_party/boringssl/crypto/x509/x_attrib.c +111 -0
  903. data/third_party/boringssl/crypto/x509/x_crl.c +539 -0
  904. data/third_party/boringssl/crypto/x509/x_exten.c +75 -0
  905. data/third_party/boringssl/crypto/x509/x_info.c +98 -0
  906. data/third_party/boringssl/crypto/x509/x_name.c +534 -0
  907. data/third_party/boringssl/crypto/x509/x_pkey.c +103 -0
  908. data/third_party/boringssl/crypto/x509/x_pubkey.c +368 -0
  909. data/third_party/boringssl/crypto/x509/x_req.c +109 -0
  910. data/third_party/boringssl/crypto/x509/x_sig.c +69 -0
  911. data/third_party/boringssl/crypto/x509/x_spki.c +80 -0
  912. data/third_party/boringssl/crypto/x509/x_val.c +69 -0
  913. data/third_party/boringssl/crypto/x509/x_x509.c +289 -0
  914. data/third_party/boringssl/crypto/x509/x_x509a.c +205 -0
  915. data/third_party/boringssl/crypto/x509v3/ext_dat.h +135 -0
  916. data/third_party/boringssl/crypto/x509v3/pcy_cache.c +284 -0
  917. data/third_party/boringssl/crypto/x509v3/pcy_data.c +130 -0
  918. data/third_party/boringssl/crypto/x509v3/pcy_int.h +217 -0
  919. data/third_party/boringssl/crypto/x509v3/pcy_lib.c +164 -0
  920. data/third_party/boringssl/crypto/x509v3/pcy_map.c +130 -0
  921. data/third_party/boringssl/crypto/x509v3/pcy_node.c +188 -0
  922. data/third_party/boringssl/crypto/x509v3/pcy_tree.c +829 -0
  923. data/third_party/boringssl/crypto/x509v3/v3_akey.c +204 -0
  924. data/third_party/boringssl/crypto/x509v3/v3_akeya.c +72 -0
  925. data/third_party/boringssl/crypto/x509v3/v3_alt.c +614 -0
  926. data/third_party/boringssl/crypto/x509v3/v3_bcons.c +133 -0
  927. data/third_party/boringssl/crypto/x509v3/v3_bitst.c +141 -0
  928. data/third_party/boringssl/crypto/x509v3/v3_conf.c +462 -0
  929. data/third_party/boringssl/crypto/x509v3/v3_cpols.c +496 -0
  930. data/third_party/boringssl/crypto/x509v3/v3_crld.c +561 -0
  931. data/third_party/boringssl/crypto/x509v3/v3_enum.c +100 -0
  932. data/third_party/boringssl/crypto/x509v3/v3_extku.c +148 -0
  933. data/third_party/boringssl/crypto/x509v3/v3_genn.c +250 -0
  934. data/third_party/boringssl/crypto/x509v3/v3_ia5.c +119 -0
  935. data/third_party/boringssl/crypto/x509v3/v3_info.c +212 -0
  936. data/third_party/boringssl/crypto/x509v3/v3_int.c +91 -0
  937. data/third_party/boringssl/crypto/x509v3/v3_lib.c +362 -0
  938. data/third_party/boringssl/crypto/x509v3/v3_ncons.c +482 -0
  939. data/third_party/boringssl/crypto/x509v3/v3_pci.c +317 -0
  940. data/third_party/boringssl/crypto/x509v3/v3_pcia.c +57 -0
  941. data/third_party/boringssl/crypto/x509v3/v3_pcons.c +139 -0
  942. data/third_party/boringssl/crypto/x509v3/v3_pku.c +110 -0
  943. data/third_party/boringssl/crypto/x509v3/v3_pmaps.c +154 -0
  944. data/third_party/boringssl/crypto/x509v3/v3_prn.c +229 -0
  945. data/third_party/boringssl/crypto/x509v3/v3_purp.c +874 -0
  946. data/third_party/boringssl/crypto/x509v3/v3_skey.c +152 -0
  947. data/third_party/boringssl/crypto/x509v3/v3_sxnet.c +274 -0
  948. data/third_party/boringssl/crypto/x509v3/v3_utl.c +1327 -0
  949. data/third_party/boringssl/include/openssl/aead.h +345 -0
  950. data/third_party/boringssl/include/openssl/aes.h +158 -0
  951. data/third_party/boringssl/include/openssl/arm_arch.h +121 -0
  952. data/third_party/boringssl/include/openssl/asn1.h +1038 -0
  953. data/third_party/boringssl/include/openssl/asn1_mac.h +18 -0
  954. data/third_party/boringssl/include/openssl/asn1t.h +896 -0
  955. data/third_party/boringssl/include/openssl/base.h +412 -0
  956. data/third_party/boringssl/include/openssl/base64.h +187 -0
  957. data/third_party/boringssl/include/openssl/bio.h +926 -0
  958. data/third_party/boringssl/include/openssl/blowfish.h +93 -0
  959. data/third_party/boringssl/include/openssl/bn.h +955 -0
  960. data/third_party/boringssl/include/openssl/buf.h +133 -0
  961. data/third_party/boringssl/include/openssl/buffer.h +18 -0
  962. data/third_party/boringssl/include/openssl/bytestring.h +437 -0
  963. data/third_party/boringssl/include/openssl/cast.h +96 -0
  964. data/third_party/boringssl/include/openssl/chacha.h +37 -0
  965. data/third_party/boringssl/include/openssl/cipher.h +588 -0
  966. data/third_party/boringssl/include/openssl/cmac.h +87 -0
  967. data/third_party/boringssl/include/openssl/conf.h +181 -0
  968. data/third_party/boringssl/include/openssl/cpu.h +181 -0
  969. data/third_party/boringssl/include/openssl/crypto.h +94 -0
  970. data/third_party/boringssl/include/openssl/curve25519.h +183 -0
  971. data/third_party/boringssl/include/openssl/des.h +177 -0
  972. data/third_party/boringssl/include/openssl/dh.h +297 -0
  973. data/third_party/boringssl/include/openssl/digest.h +285 -0
  974. data/third_party/boringssl/include/openssl/dsa.h +436 -0
  975. data/third_party/boringssl/include/openssl/dtls1.h +16 -0
  976. data/third_party/boringssl/include/openssl/ec.h +406 -0
  977. data/third_party/boringssl/include/openssl/ec_key.h +337 -0
  978. data/third_party/boringssl/include/openssl/ecdh.h +102 -0
  979. data/third_party/boringssl/include/openssl/ecdsa.h +217 -0
  980. data/third_party/boringssl/include/openssl/engine.h +109 -0
  981. data/third_party/boringssl/include/openssl/err.h +488 -0
  982. data/third_party/boringssl/include/openssl/evp.h +797 -0
  983. data/third_party/boringssl/include/openssl/ex_data.h +213 -0
  984. data/third_party/boringssl/include/openssl/hkdf.h +64 -0
  985. data/third_party/boringssl/include/openssl/hmac.h +174 -0
  986. data/third_party/boringssl/include/openssl/lhash.h +192 -0
  987. data/third_party/boringssl/include/openssl/lhash_macros.h +132 -0
  988. data/third_party/boringssl/include/openssl/md4.h +106 -0
  989. data/third_party/boringssl/include/openssl/md5.h +107 -0
  990. data/third_party/boringssl/include/openssl/mem.h +150 -0
  991. data/third_party/boringssl/include/openssl/newhope.h +158 -0
  992. data/third_party/boringssl/include/openssl/nid.h +4166 -0
  993. data/third_party/boringssl/include/openssl/obj.h +226 -0
  994. data/third_party/boringssl/include/openssl/obj_mac.h +18 -0
  995. data/third_party/boringssl/include/openssl/objects.h +18 -0
  996. data/third_party/boringssl/include/openssl/opensslconf.h +60 -0
  997. data/third_party/boringssl/include/openssl/opensslv.h +18 -0
  998. data/third_party/boringssl/include/openssl/ossl_typ.h +18 -0
  999. data/third_party/boringssl/include/openssl/pem.h +517 -0
  1000. data/third_party/boringssl/include/openssl/pkcs12.h +18 -0
  1001. data/third_party/boringssl/include/openssl/pkcs7.h +16 -0
  1002. data/third_party/boringssl/include/openssl/pkcs8.h +236 -0
  1003. data/third_party/boringssl/include/openssl/poly1305.h +51 -0
  1004. data/third_party/boringssl/include/openssl/rand.h +122 -0
  1005. data/third_party/boringssl/include/openssl/rc4.h +96 -0
  1006. data/third_party/boringssl/include/openssl/ripemd.h +107 -0
  1007. data/third_party/boringssl/include/openssl/rsa.h +699 -0
  1008. data/third_party/boringssl/include/openssl/safestack.h +16 -0
  1009. data/third_party/boringssl/include/openssl/sha.h +260 -0
  1010. data/third_party/boringssl/include/openssl/srtp.h +18 -0
  1011. data/third_party/boringssl/include/openssl/ssl.h +4826 -0
  1012. data/third_party/boringssl/include/openssl/ssl3.h +434 -0
  1013. data/third_party/boringssl/include/openssl/stack.h +293 -0
  1014. data/third_party/boringssl/include/openssl/stack_macros.h +3902 -0
  1015. data/third_party/boringssl/include/openssl/thread.h +191 -0
  1016. data/third_party/boringssl/include/openssl/time_support.h +91 -0
  1017. data/third_party/boringssl/include/openssl/tls1.h +657 -0
  1018. data/third_party/boringssl/include/openssl/type_check.h +91 -0
  1019. data/third_party/boringssl/include/openssl/x509.h +1299 -0
  1020. data/third_party/boringssl/include/openssl/x509_vfy.h +618 -0
  1021. data/third_party/boringssl/include/openssl/x509v3.h +819 -0
  1022. data/third_party/boringssl/ssl/custom_extensions.c +255 -0
  1023. data/third_party/boringssl/ssl/d1_both.c +845 -0
  1024. data/third_party/boringssl/ssl/d1_lib.c +270 -0
  1025. data/third_party/boringssl/ssl/d1_pkt.c +419 -0
  1026. data/third_party/boringssl/ssl/d1_srtp.c +236 -0
  1027. data/third_party/boringssl/ssl/dtls_method.c +203 -0
  1028. data/third_party/boringssl/ssl/dtls_record.c +309 -0
  1029. data/third_party/boringssl/ssl/handshake_client.c +2002 -0
  1030. data/third_party/boringssl/ssl/handshake_server.c +1932 -0
  1031. data/third_party/boringssl/ssl/internal.h +1551 -0
  1032. data/third_party/boringssl/ssl/s3_both.c +745 -0
  1033. data/third_party/boringssl/ssl/s3_enc.c +412 -0
  1034. data/third_party/boringssl/ssl/s3_lib.c +336 -0
  1035. data/third_party/boringssl/ssl/s3_pkt.c +497 -0
  1036. data/third_party/boringssl/ssl/ssl_aead_ctx.c +329 -0
  1037. data/third_party/boringssl/ssl/ssl_asn1.c +748 -0
  1038. data/third_party/boringssl/ssl/ssl_buffer.c +311 -0
  1039. data/third_party/boringssl/ssl/ssl_cert.c +814 -0
  1040. data/third_party/boringssl/ssl/ssl_cipher.c +2062 -0
  1041. data/third_party/boringssl/ssl/ssl_ecdh.c +610 -0
  1042. data/third_party/boringssl/ssl/ssl_file.c +586 -0
  1043. data/third_party/boringssl/ssl/ssl_lib.c +3063 -0
  1044. data/third_party/boringssl/ssl/ssl_rsa.c +793 -0
  1045. data/third_party/boringssl/ssl/ssl_session.c +985 -0
  1046. data/third_party/boringssl/ssl/ssl_stat.c +509 -0
  1047. data/third_party/boringssl/ssl/t1_enc.c +547 -0
  1048. data/third_party/boringssl/ssl/t1_lib.c +3279 -0
  1049. data/third_party/boringssl/ssl/tls13_both.c +440 -0
  1050. data/third_party/boringssl/ssl/tls13_client.c +682 -0
  1051. data/third_party/boringssl/ssl/tls13_enc.c +391 -0
  1052. data/third_party/boringssl/ssl/tls13_server.c +672 -0
  1053. data/third_party/boringssl/ssl/tls_method.c +245 -0
  1054. data/third_party/boringssl/ssl/tls_record.c +461 -0
  1055. data/third_party/cares/ares_build.h +264 -0
  1056. data/third_party/cares/cares/ares.h +636 -0
  1057. data/third_party/cares/cares/ares__close_sockets.c +61 -0
  1058. data/third_party/cares/cares/ares__get_hostent.c +261 -0
  1059. data/third_party/cares/cares/ares__read_line.c +73 -0
  1060. data/third_party/cares/cares/ares__timeval.c +111 -0
  1061. data/third_party/cares/cares/ares_cancel.c +63 -0
  1062. data/third_party/cares/cares/ares_create_query.c +202 -0
  1063. data/third_party/cares/cares/ares_data.c +221 -0
  1064. data/third_party/cares/cares/ares_data.h +72 -0
  1065. data/third_party/cares/cares/ares_destroy.c +108 -0
  1066. data/third_party/cares/cares/ares_dns.h +103 -0
  1067. data/third_party/cares/cares/ares_expand_name.c +205 -0
  1068. data/third_party/cares/cares/ares_expand_string.c +70 -0
  1069. data/third_party/cares/cares/ares_fds.c +59 -0
  1070. data/third_party/cares/cares/ares_free_hostent.c +41 -0
  1071. data/third_party/cares/cares/ares_free_string.c +25 -0
  1072. data/third_party/cares/cares/ares_getenv.c +30 -0
  1073. data/third_party/cares/cares/ares_getenv.h +26 -0
  1074. data/third_party/cares/cares/ares_gethostbyaddr.c +294 -0
  1075. data/third_party/cares/cares/ares_gethostbyname.c +518 -0
  1076. data/third_party/cares/cares/ares_getnameinfo.c +422 -0
  1077. data/third_party/cares/cares/ares_getopt.c +122 -0
  1078. data/third_party/cares/cares/ares_getopt.h +53 -0
  1079. data/third_party/cares/cares/ares_getsock.c +66 -0
  1080. data/third_party/cares/cares/ares_inet_net_pton.h +25 -0
  1081. data/third_party/cares/cares/ares_init.c +2146 -0
  1082. data/third_party/cares/cares/ares_iphlpapi.h +221 -0
  1083. data/third_party/cares/cares/ares_ipv6.h +78 -0
  1084. data/third_party/cares/cares/ares_library_init.c +167 -0
  1085. data/third_party/cares/cares/ares_library_init.h +42 -0
  1086. data/third_party/cares/cares/ares_llist.c +63 -0
  1087. data/third_party/cares/cares/ares_llist.h +39 -0
  1088. data/third_party/cares/cares/ares_mkquery.c +24 -0
  1089. data/third_party/cares/cares/ares_nowarn.c +260 -0
  1090. data/third_party/cares/cares/ares_nowarn.h +61 -0
  1091. data/third_party/cares/cares/ares_options.c +402 -0
  1092. data/third_party/cares/cares/ares_parse_a_reply.c +264 -0
  1093. data/third_party/cares/cares/ares_parse_aaaa_reply.c +264 -0
  1094. data/third_party/cares/cares/ares_parse_mx_reply.c +170 -0
  1095. data/third_party/cares/cares/ares_parse_naptr_reply.c +188 -0
  1096. data/third_party/cares/cares/ares_parse_ns_reply.c +183 -0
  1097. data/third_party/cares/cares/ares_parse_ptr_reply.c +219 -0
  1098. data/third_party/cares/cares/ares_parse_soa_reply.c +133 -0
  1099. data/third_party/cares/cares/ares_parse_srv_reply.c +179 -0
  1100. data/third_party/cares/cares/ares_parse_txt_reply.c +220 -0
  1101. data/third_party/cares/cares/ares_platform.c +11035 -0
  1102. data/third_party/cares/cares/ares_platform.h +43 -0
  1103. data/third_party/cares/cares/ares_private.h +363 -0
  1104. data/third_party/cares/cares/ares_process.c +1359 -0
  1105. data/third_party/cares/cares/ares_query.c +186 -0
  1106. data/third_party/cares/cares/ares_rules.h +125 -0
  1107. data/third_party/cares/cares/ares_search.c +316 -0
  1108. data/third_party/cares/cares/ares_send.c +131 -0
  1109. data/third_party/cares/cares/ares_setup.h +217 -0
  1110. data/third_party/cares/cares/ares_strcasecmp.c +66 -0
  1111. data/third_party/cares/cares/ares_strcasecmp.h +30 -0
  1112. data/third_party/cares/cares/ares_strdup.c +49 -0
  1113. data/third_party/cares/cares/ares_strdup.h +24 -0
  1114. data/third_party/cares/cares/ares_strerror.c +56 -0
  1115. data/third_party/cares/cares/ares_timeout.c +88 -0
  1116. data/third_party/cares/cares/ares_version.c +11 -0
  1117. data/third_party/cares/cares/ares_version.h +24 -0
  1118. data/third_party/cares/cares/ares_writev.c +79 -0
  1119. data/third_party/cares/cares/bitncmp.c +59 -0
  1120. data/third_party/cares/cares/bitncmp.h +26 -0
  1121. data/third_party/cares/cares/config-win32.h +377 -0
  1122. data/third_party/cares/cares/inet_net_pton.c +450 -0
  1123. data/third_party/cares/cares/inet_ntop.c +208 -0
  1124. data/third_party/cares/cares/setup_once.h +554 -0
  1125. data/third_party/cares/cares/windows_port.c +22 -0
  1126. data/third_party/cares/config_darwin/ares_config.h +523 -0
  1127. data/third_party/cares/config_linux/ares_config.h +524 -0
  1128. data/third_party/nanopb/pb.h +579 -0
  1129. data/third_party/nanopb/pb_common.c +97 -0
  1130. data/third_party/nanopb/pb_common.h +42 -0
  1131. data/third_party/nanopb/pb_decode.c +1347 -0
  1132. data/third_party/nanopb/pb_decode.h +149 -0
  1133. data/third_party/nanopb/pb_encode.c +696 -0
  1134. data/third_party/nanopb/pb_encode.h +154 -0
  1135. data/third_party/zlib/adler32.c +179 -0
  1136. data/third_party/zlib/compress.c +80 -0
  1137. data/third_party/zlib/crc32.c +425 -0
  1138. data/third_party/zlib/crc32.h +441 -0
  1139. data/third_party/zlib/deflate.c +1967 -0
  1140. data/third_party/zlib/deflate.h +346 -0
  1141. data/third_party/zlib/gzclose.c +25 -0
  1142. data/third_party/zlib/gzguts.h +209 -0
  1143. data/third_party/zlib/gzlib.c +634 -0
  1144. data/third_party/zlib/gzread.c +594 -0
  1145. data/third_party/zlib/gzwrite.c +577 -0
  1146. data/third_party/zlib/infback.c +640 -0
  1147. data/third_party/zlib/inffast.c +340 -0
  1148. data/third_party/zlib/inffast.h +11 -0
  1149. data/third_party/zlib/inffixed.h +94 -0
  1150. data/third_party/zlib/inflate.c +1512 -0
  1151. data/third_party/zlib/inflate.h +122 -0
  1152. data/third_party/zlib/inftrees.c +306 -0
  1153. data/third_party/zlib/inftrees.h +62 -0
  1154. data/third_party/zlib/trees.c +1226 -0
  1155. data/third_party/zlib/trees.h +128 -0
  1156. data/third_party/zlib/uncompr.c +59 -0
  1157. data/third_party/zlib/zconf.h +511 -0
  1158. data/third_party/zlib/zlib.h +1768 -0
  1159. data/third_party/zlib/zutil.c +324 -0
  1160. data/third_party/zlib/zutil.h +253 -0
  1161. metadata +1397 -0
data/src/core/tsi/fake_transport_security.h ADDED
@@ -0,0 +1,61 @@
1
+ /*
2
+ *
3
+ * Copyright 2015, Google Inc.
4
+ * All rights reserved.
5
+ *
6
+ * Redistribution and use in source and binary forms, with or without
7
+ * modification, are permitted provided that the following conditions are
8
+ * met:
9
+ *
10
+ * * Redistributions of source code must retain the above copyright
11
+ * notice, this list of conditions and the following disclaimer.
12
+ * * Redistributions in binary form must reproduce the above
13
+ * copyright notice, this list of conditions and the following disclaimer
14
+ * in the documentation and/or other materials provided with the
15
+ * distribution.
16
+ * * Neither the name of Google Inc. nor the names of its
17
+ * contributors may be used to endorse or promote products derived from
18
+ * this software without specific prior written permission.
19
+ *
20
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
23
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
24
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
25
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
26
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
30
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31
+ *
32
+ */
33
+
34
+ #ifndef GRPC_CORE_TSI_FAKE_TRANSPORT_SECURITY_H
35
+ #define GRPC_CORE_TSI_FAKE_TRANSPORT_SECURITY_H
36
+
37
+ #include "src/core/tsi/transport_security_interface.h"
38
+
39
+ #ifdef __cplusplus
40
+ extern "C" {
41
+ #endif
42
+
43
+ /* Value for the TSI_CERTIFICATE_TYPE_PEER_PROPERTY property for FAKE certs. */
44
+ #define TSI_FAKE_CERTIFICATE_TYPE "FAKE"
45
+
46
+ /* Creates a fake handshaker that will create a fake frame protector.
47
+
48
+ No cryptography is performed in these objects. They just simulate handshake
49
+ messages going back and forth for the handshaker and do some framing on
50
+ cleartext data for the protector. */
51
+ tsi_handshaker *tsi_create_fake_handshaker(int is_client);
52
+
53
+ /* Creates a protector directly without going through the handshake phase. */
54
+ tsi_frame_protector *tsi_create_fake_protector(
55
+ size_t *max_protected_frame_size);
56
+
57
+ #ifdef __cplusplus
58
+ }
59
+ #endif
60
+
61
+ #endif /* GRPC_CORE_TSI_FAKE_TRANSPORT_SECURITY_H */
data/src/core/tsi/ssl_transport_security.c ADDED
@@ -0,0 +1,1533 @@
1
+ /*
2
+ *
3
+ * Copyright 2015, Google Inc.
4
+ * All rights reserved.
5
+ *
6
+ * Redistribution and use in source and binary forms, with or without
7
+ * modification, are permitted provided that the following conditions are
8
+ * met:
9
+ *
10
+ * * Redistributions of source code must retain the above copyright
11
+ * notice, this list of conditions and the following disclaimer.
12
+ * * Redistributions in binary form must reproduce the above
13
+ * copyright notice, this list of conditions and the following disclaimer
14
+ * in the documentation and/or other materials provided with the
15
+ * distribution.
16
+ * * Neither the name of Google Inc. nor the names of its
17
+ * contributors may be used to endorse or promote products derived from
18
+ * this software without specific prior written permission.
19
+ *
20
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
23
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
24
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
25
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
26
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
30
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31
+ *
32
+ */
33
+
34
+ #include "src/core/tsi/ssl_transport_security.h"
35
+
36
+ #include <grpc/support/port_platform.h>
37
+
38
+ #include <limits.h>
39
+ #include <string.h>
40
+
41
+ /* TODO(jboeuf): refactor inet_ntop into a portability header. */
42
+ /* Note: for whomever reads this and tries to refactor this, this
43
+ can't be in grpc, it has to be in gpr. */
44
+ #ifdef GPR_WINDOWS
45
+ #include <ws2tcpip.h>
46
+ #else
47
+ #include <arpa/inet.h>
48
+ #endif
49
+
50
+ #include <grpc/support/alloc.h>
51
+ #include <grpc/support/log.h>
52
+ #include <grpc/support/sync.h>
53
+ #include <grpc/support/thd.h>
54
+ #include <grpc/support/useful.h>
55
+
56
+ #include <openssl/bio.h>
57
+ #include <openssl/crypto.h> /* For OPENSSL_free */
58
+ #include <openssl/err.h>
59
+ #include <openssl/ssl.h>
60
+ #include <openssl/x509.h>
61
+ #include <openssl/x509v3.h>
62
+
63
+ #include "src/core/tsi/ssl_types.h"
64
+ #include "src/core/tsi/transport_security.h"
65
+
66
+ /* --- Constants. ---*/
67
+
68
+ #define TSI_SSL_MAX_PROTECTED_FRAME_SIZE_UPPER_BOUND 16384
69
+ #define TSI_SSL_MAX_PROTECTED_FRAME_SIZE_LOWER_BOUND 1024
70
+
71
+ /* Putting a macro like this and littering the source file with #if is really
72
+ bad practice.
73
+ TODO(jboeuf): refactor all the #if / #endif in a separate module. */
74
+ #ifndef TSI_OPENSSL_ALPN_SUPPORT
75
+ #define TSI_OPENSSL_ALPN_SUPPORT 1
76
+ #endif
77
+
78
+ /* TODO(jboeuf): I have not found a way to get this number dynamically from the
79
+ SSL structure. This is what we would ultimately want though... */
80
+ #define TSI_SSL_MAX_PROTECTION_OVERHEAD 100
81
+
82
+ /* --- Structure definitions. ---*/
83
+
84
+ struct tsi_ssl_client_handshaker_factory {
85
+ SSL_CTX *ssl_context;
86
+ unsigned char *alpn_protocol_list;
87
+ size_t alpn_protocol_list_length;
88
+ };
89
+
90
+ struct tsi_ssl_server_handshaker_factory {
91
+ /* Several contexts to support SNI.
92
+ The tsi_peer array contains the subject names of the server certificates
93
+ associated with the contexts at the same index. */
94
+ SSL_CTX **ssl_contexts;
95
+ tsi_peer *ssl_context_x509_subject_names;
96
+ size_t ssl_context_count;
97
+ unsigned char *alpn_protocol_list;
98
+ size_t alpn_protocol_list_length;
99
+ };
100
+
101
+ typedef struct {
102
+ tsi_handshaker base;
103
+ SSL *ssl;
104
+ BIO *into_ssl;
105
+ BIO *from_ssl;
106
+ tsi_result result;
107
+ } tsi_ssl_handshaker;
108
+
109
+ typedef struct {
110
+ tsi_frame_protector base;
111
+ SSL *ssl;
112
+ BIO *into_ssl;
113
+ BIO *from_ssl;
114
+ unsigned char *buffer;
115
+ size_t buffer_size;
116
+ size_t buffer_offset;
117
+ } tsi_ssl_frame_protector;
118
+
119
+ /* --- Library Initialization. ---*/
120
+
121
+ static gpr_once init_openssl_once = GPR_ONCE_INIT;
122
+ static gpr_mu *openssl_mutexes = NULL;
123
+
124
+ static void openssl_locking_cb(int mode, int type, const char *file, int line) {
125
+ if (mode & CRYPTO_LOCK) {
126
+ gpr_mu_lock(&openssl_mutexes[type]);
127
+ } else {
128
+ gpr_mu_unlock(&openssl_mutexes[type]);
129
+ }
130
+ }
131
+
132
+ static unsigned long openssl_thread_id_cb(void) {
133
+ return (unsigned long)gpr_thd_currentid();
134
+ }
135
+
136
+ static void init_openssl(void) {
137
+ int i;
138
+ int num_locks;
139
+ SSL_library_init();
140
+ SSL_load_error_strings();
141
+ OpenSSL_add_all_algorithms();
142
+ num_locks = CRYPTO_num_locks();
143
+ GPR_ASSERT(num_locks > 0);
144
+ openssl_mutexes = gpr_malloc((size_t)num_locks * sizeof(gpr_mu));
145
+ for (i = 0; i < CRYPTO_num_locks(); i++) {
146
+ gpr_mu_init(&openssl_mutexes[i]);
147
+ }
148
+ CRYPTO_set_locking_callback(openssl_locking_cb);
149
+ CRYPTO_set_id_callback(openssl_thread_id_cb);
150
+ }
151
+
152
+ /* --- Ssl utils. ---*/
153
+
154
+ static const char *ssl_error_string(int error) {
155
+ switch (error) {
156
+ case SSL_ERROR_NONE:
157
+ return "SSL_ERROR_NONE";
158
+ case SSL_ERROR_ZERO_RETURN:
159
+ return "SSL_ERROR_ZERO_RETURN";
160
+ case SSL_ERROR_WANT_READ:
161
+ return "SSL_ERROR_WANT_READ";
162
+ case SSL_ERROR_WANT_WRITE:
163
+ return "SSL_ERROR_WANT_WRITE";
164
+ case SSL_ERROR_WANT_CONNECT:
165
+ return "SSL_ERROR_WANT_CONNECT";
166
+ case SSL_ERROR_WANT_ACCEPT:
167
+ return "SSL_ERROR_WANT_ACCEPT";
168
+ case SSL_ERROR_WANT_X509_LOOKUP:
169
+ return "SSL_ERROR_WANT_X509_LOOKUP";
170
+ case SSL_ERROR_SYSCALL:
171
+ return "SSL_ERROR_SYSCALL";
172
+ case SSL_ERROR_SSL:
173
+ return "SSL_ERROR_SSL";
174
+ default:
175
+ return "Unknown error";
176
+ }
177
+ }
178
+
179
+ /* TODO(jboeuf): Remove when we are past the debugging phase with this code. */
180
+ static void ssl_log_where_info(const SSL *ssl, int where, int flag,
181
+ const char *msg) {
182
+ if ((where & flag) && tsi_tracing_enabled) {
183
+ gpr_log(GPR_INFO, "%20.20s - %30.30s - %5.10s", msg,
184
+ SSL_state_string_long(ssl), SSL_state_string(ssl));
185
+ }
186
+ }
187
+
188
+ /* Used for debugging. TODO(jboeuf): Remove when code is mature enough. */
189
+ static void ssl_info_callback(const SSL *ssl, int where, int ret) {
190
+ if (ret == 0) {
191
+ gpr_log(GPR_ERROR, "ssl_info_callback: error occured.\n");
192
+ return;
193
+ }
194
+
195
+ ssl_log_where_info(ssl, where, SSL_CB_LOOP, "LOOP");
196
+ ssl_log_where_info(ssl, where, SSL_CB_HANDSHAKE_START, "HANDSHAKE START");
197
+ ssl_log_where_info(ssl, where, SSL_CB_HANDSHAKE_DONE, "HANDSHAKE DONE");
198
+ }
199
+
200
+ /* Returns 1 if name looks like an IP address, 0 otherwise.
201
+ This is a very rough heuristic, and only handles IPv6 in hexadecimal form. */
202
+ static int looks_like_ip_address(const char *name) {
203
+ size_t i;
204
+ size_t dot_count = 0;
205
+ size_t num_size = 0;
206
+ for (i = 0; i < strlen(name); i++) {
207
+ if (name[i] == ':') {
208
+ /* IPv6 Address in hexadecimal form, : is not allowed in DNS names. */
209
+ return 1;
210
+ }
211
+ if (name[i] >= '0' && name[i] <= '9') {
212
+ if (num_size > 3) return 0;
213
+ num_size++;
214
+ } else if (name[i] == '.') {
215
+ if (dot_count > 3 || num_size == 0) return 0;
216
+ dot_count++;
217
+ num_size = 0;
218
+ } else {
219
+ return 0;
220
+ }
221
+ }
222
+ if (dot_count < 3 || num_size == 0) return 0;
223
+ return 1;
224
+ }
225
+
226
+ /* Gets the subject CN from an X509 cert. */
227
+ static tsi_result ssl_get_x509_common_name(X509 *cert, unsigned char **utf8,
228
+ size_t *utf8_size) {
229
+ int common_name_index = -1;
230
+ X509_NAME_ENTRY *common_name_entry = NULL;
231
+ ASN1_STRING *common_name_asn1 = NULL;
232
+ X509_NAME *subject_name = X509_get_subject_name(cert);
233
+ int utf8_returned_size = 0;
234
+ if (subject_name == NULL) {
235
+ gpr_log(GPR_ERROR, "Could not get subject name from certificate.");
236
+ return TSI_NOT_FOUND;
237
+ }
238
+ common_name_index =
239
+ X509_NAME_get_index_by_NID(subject_name, NID_commonName, -1);
240
+ if (common_name_index == -1) {
241
+ gpr_log(GPR_ERROR,
242
+ "Could not get common name of subject from certificate.");
243
+ return TSI_NOT_FOUND;
244
+ }
245
+ common_name_entry = X509_NAME_get_entry(subject_name, common_name_index);
246
+ if (common_name_entry == NULL) {
247
+ gpr_log(GPR_ERROR, "Could not get common name entry from certificate.");
248
+ return TSI_INTERNAL_ERROR;
249
+ }
250
+ common_name_asn1 = X509_NAME_ENTRY_get_data(common_name_entry);
251
+ if (common_name_asn1 == NULL) {
252
+ gpr_log(GPR_ERROR,
253
+ "Could not get common name entry asn1 from certificate.");
254
+ return TSI_INTERNAL_ERROR;
255
+ }
256
+ utf8_returned_size = ASN1_STRING_to_UTF8(utf8, common_name_asn1);
257
+ if (utf8_returned_size < 0) {
258
+ gpr_log(GPR_ERROR, "Could not extract utf8 from asn1 string.");
259
+ return TSI_OUT_OF_RESOURCES;
260
+ }
261
+ *utf8_size = (size_t)utf8_returned_size;
262
+ return TSI_OK;
263
+ }
264
+
265
+ /* Gets the subject CN of an X509 cert as a tsi_peer_property. */
266
+ static tsi_result peer_property_from_x509_common_name(
267
+ X509 *cert, tsi_peer_property *property) {
268
+ unsigned char *common_name;
269
+ size_t common_name_size;
270
+ tsi_result result =
271
+ ssl_get_x509_common_name(cert, &common_name, &common_name_size);
272
+ if (result != TSI_OK) {
273
+ if (result == TSI_NOT_FOUND) {
274
+ common_name = NULL;
275
+ common_name_size = 0;
276
+ } else {
277
+ return result;
278
+ }
279
+ }
280
+ result = tsi_construct_string_peer_property(
281
+ TSI_X509_SUBJECT_COMMON_NAME_PEER_PROPERTY,
282
+ common_name == NULL ? "" : (const char *)common_name, common_name_size,
283
+ property);
284
+ OPENSSL_free(common_name);
285
+ return result;
286
+ }
287
+
288
+ /* Gets the X509 cert in PEM format as a tsi_peer_property. */
289
+ static tsi_result add_pem_certificate(X509 *cert, tsi_peer_property *property) {
290
+ BIO *bio = BIO_new(BIO_s_mem());
291
+ if (!PEM_write_bio_X509(bio, cert)) {
292
+ BIO_free(bio);
293
+ return TSI_INTERNAL_ERROR;
294
+ }
295
+ char *contents;
296
+ long len = BIO_get_mem_data(bio, &contents);
297
+ if (len <= 0) {
298
+ BIO_free(bio);
299
+ return TSI_INTERNAL_ERROR;
300
+ }
301
+ tsi_result result = tsi_construct_string_peer_property(
302
+ TSI_X509_PEM_CERT_PROPERTY, (const char *)contents, (size_t)len,
303
+ property);
304
+ BIO_free(bio);
305
+ return result;
306
+ }
307
+
308
+ /* Gets the subject SANs from an X509 cert as a tsi_peer_property. */
309
+ static tsi_result add_subject_alt_names_properties_to_peer(
310
+ tsi_peer *peer, GENERAL_NAMES *subject_alt_names,
311
+ size_t subject_alt_name_count) {
312
+ size_t i;
313
+ tsi_result result = TSI_OK;
314
+
315
+ /* Reset for DNS entries filtering. */
316
+ peer->property_count -= subject_alt_name_count;
317
+
318
+ for (i = 0; i < subject_alt_name_count; i++) {
319
+ GENERAL_NAME *subject_alt_name =
320
+ sk_GENERAL_NAME_value(subject_alt_names, TSI_SIZE_AS_SIZE(i));
321
+ /* Filter out the non-dns entries names. */
322
+ if (subject_alt_name->type == GEN_DNS) {
323
+ unsigned char *name = NULL;
324
+ int name_size;
325
+ name_size = ASN1_STRING_to_UTF8(&name, subject_alt_name->d.dNSName);
326
+ if (name_size < 0) {
327
+ gpr_log(GPR_ERROR, "Could not get utf8 from asn1 string.");
328
+ result = TSI_INTERNAL_ERROR;
329
+ break;
330
+ }
331
+ result = tsi_construct_string_peer_property(
332
+ TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY, (const char *)name,
333
+ (size_t)name_size, &peer->properties[peer->property_count++]);
334
+ OPENSSL_free(name);
335
+ } else if (subject_alt_name->type == GEN_IPADD) {
336
+ char ntop_buf[INET6_ADDRSTRLEN];
337
+ int af;
338
+
339
+ if (subject_alt_name->d.iPAddress->length == 4) {
340
+ af = AF_INET;
341
+ } else if (subject_alt_name->d.iPAddress->length == 16) {
342
+ af = AF_INET6;
343
+ } else {
344
+ gpr_log(GPR_ERROR, "SAN IP Address contained invalid IP");
345
+ result = TSI_INTERNAL_ERROR;
346
+ break;
347
+ }
348
+ const char *name = inet_ntop(af, subject_alt_name->d.iPAddress->data,
349
+ ntop_buf, INET6_ADDRSTRLEN);
350
+ if (name == NULL) {
351
+ gpr_log(GPR_ERROR, "Could not get IP string from asn1 octet.");
352
+ result = TSI_INTERNAL_ERROR;
353
+ break;
354
+ }
355
+
356
+ result = tsi_construct_string_peer_property_from_cstring(
357
+ TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY, name,
358
+ &peer->properties[peer->property_count++]);
359
+ }
360
+ if (result != TSI_OK) break;
361
+ }
362
+ return result;
363
+ }
364
+
365
+ /* Gets information about the peer's X509 cert as a tsi_peer object. */
366
+ static tsi_result peer_from_x509(X509 *cert, int include_certificate_type,
367
+ tsi_peer *peer) {
368
+ /* TODO(jboeuf): Maybe add more properties. */
369
+ GENERAL_NAMES *subject_alt_names =
370
+ X509_get_ext_d2i(cert, NID_subject_alt_name, 0, 0);
371
+ int subject_alt_name_count = (subject_alt_names != NULL)
372
+ ? (int)sk_GENERAL_NAME_num(subject_alt_names)
373
+ : 0;
374
+ size_t property_count;
375
+ tsi_result result;
376
+ GPR_ASSERT(subject_alt_name_count >= 0);
377
+ property_count = (include_certificate_type ? (size_t)1 : 0) +
378
+ 2 /* common name, certificate */ +
379
+ (size_t)subject_alt_name_count;
380
+ result = tsi_construct_peer(property_count, peer);
381
+ if (result != TSI_OK) return result;
382
+ do {
383
+ if (include_certificate_type) {
384
+ result = tsi_construct_string_peer_property_from_cstring(
385
+ TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_X509_CERTIFICATE_TYPE,
386
+ &peer->properties[0]);
387
+ if (result != TSI_OK) break;
388
+ }
389
+ result = peer_property_from_x509_common_name(
390
+ cert, &peer->properties[include_certificate_type ? 1 : 0]);
391
+ if (result != TSI_OK) break;
392
+
393
+ result = add_pem_certificate(
394
+ cert, &peer->properties[include_certificate_type ? 2 : 1]);
395
+ if (result != TSI_OK) break;
396
+
397
+ if (subject_alt_name_count != 0) {
398
+ result = add_subject_alt_names_properties_to_peer(
399
+ peer, subject_alt_names, (size_t)subject_alt_name_count);
400
+ if (result != TSI_OK) break;
401
+ }
402
+ } while (0);
403
+
404
+ if (subject_alt_names != NULL) {
405
+ sk_GENERAL_NAME_pop_free(subject_alt_names, GENERAL_NAME_free);
406
+ }
407
+ if (result != TSI_OK) tsi_peer_destruct(peer);
408
+ return result;
409
+ }
410
+
411
+ /* Logs the SSL error stack. */
412
+ static void log_ssl_error_stack(void) {
413
+ unsigned long err;
414
+ while ((err = ERR_get_error()) != 0) {
415
+ char details[256];
416
+ ERR_error_string_n((uint32_t)err, details, sizeof(details));
417
+ gpr_log(GPR_ERROR, "%s", details);
418
+ }
419
+ }
420
+
421
+ /* Performs an SSL_read and handle errors. */
422
+ static tsi_result do_ssl_read(SSL *ssl, unsigned char *unprotected_bytes,
423
+ size_t *unprotected_bytes_size) {
424
+ int read_from_ssl;
425
+ GPR_ASSERT(*unprotected_bytes_size <= INT_MAX);
426
+ read_from_ssl =
427
+ SSL_read(ssl, unprotected_bytes, (int)*unprotected_bytes_size);
428
+ if (read_from_ssl == 0) {
429
+ gpr_log(GPR_ERROR, "SSL_read returned 0 unexpectedly.");
430
+ return TSI_INTERNAL_ERROR;
431
+ }
432
+ if (read_from_ssl < 0) {
433
+ read_from_ssl = SSL_get_error(ssl, read_from_ssl);
434
+ switch (read_from_ssl) {
435
+ case SSL_ERROR_WANT_READ:
436
+ /* We need more data to finish the frame. */
437
+ *unprotected_bytes_size = 0;
438
+ return TSI_OK;
439
+ case SSL_ERROR_WANT_WRITE:
440
+ gpr_log(
441
+ GPR_ERROR,
442
+ "Peer tried to renegotiate SSL connection. This is unsupported.");
443
+ return TSI_UNIMPLEMENTED;
444
+ case SSL_ERROR_SSL:
445
+ gpr_log(GPR_ERROR, "Corruption detected.");
446
+ log_ssl_error_stack();
447
+ return TSI_DATA_CORRUPTED;
448
+ default:
449
+ gpr_log(GPR_ERROR, "SSL_read failed with error %s.",
450
+ ssl_error_string(read_from_ssl));
451
+ return TSI_PROTOCOL_FAILURE;
452
+ }
453
+ }
454
+ *unprotected_bytes_size = (size_t)read_from_ssl;
455
+ return TSI_OK;
456
+ }
457
+
458
+ /* Performs an SSL_write and handle errors. */
459
+ static tsi_result do_ssl_write(SSL *ssl, unsigned char *unprotected_bytes,
460
+ size_t unprotected_bytes_size) {
461
+ int ssl_write_result;
462
+ GPR_ASSERT(unprotected_bytes_size <= INT_MAX);
463
+ ssl_write_result =
464
+ SSL_write(ssl, unprotected_bytes, (int)unprotected_bytes_size);
465
+ if (ssl_write_result < 0) {
466
+ ssl_write_result = SSL_get_error(ssl, ssl_write_result);
467
+ if (ssl_write_result == SSL_ERROR_WANT_READ) {
468
+ gpr_log(GPR_ERROR,
469
+ "Peer tried to renegotiate SSL connection. This is unsupported.");
470
+ return TSI_UNIMPLEMENTED;
471
+ } else {
472
+ gpr_log(GPR_ERROR, "SSL_write failed with error %s.",
473
+ ssl_error_string(ssl_write_result));
474
+ return TSI_INTERNAL_ERROR;
475
+ }
476
+ }
477
+ return TSI_OK;
478
+ }
479
+
480
+ /* Loads an in-memory PEM certificate chain into the SSL context. */
481
+ static tsi_result ssl_ctx_use_certificate_chain(
482
+ SSL_CTX *context, const unsigned char *pem_cert_chain,
483
+ size_t pem_cert_chain_size) {
484
+ tsi_result result = TSI_OK;
485
+ X509 *certificate = NULL;
486
+ BIO *pem;
487
+ GPR_ASSERT(pem_cert_chain_size <= INT_MAX);
488
+ pem = BIO_new_mem_buf((void *)pem_cert_chain, (int)pem_cert_chain_size);
489
+ if (pem == NULL) return TSI_OUT_OF_RESOURCES;
490
+
491
+ do {
492
+ certificate = PEM_read_bio_X509_AUX(pem, NULL, NULL, "");
493
+ if (certificate == NULL) {
494
+ result = TSI_INVALID_ARGUMENT;
495
+ break;
496
+ }
497
+ if (!SSL_CTX_use_certificate(context, certificate)) {
498
+ result = TSI_INVALID_ARGUMENT;
499
+ break;
500
+ }
501
+ while (1) {
502
+ X509 *certificate_authority = PEM_read_bio_X509(pem, NULL, NULL, "");
503
+ if (certificate_authority == NULL) {
504
+ ERR_clear_error();
505
+ break; /* Done reading. */
506
+ }
507
+ if (!SSL_CTX_add_extra_chain_cert(context, certificate_authority)) {
508
+ X509_free(certificate_authority);
509
+ result = TSI_INVALID_ARGUMENT;
510
+ break;
511
+ }
512
+ /* We don't need to free certificate_authority as its ownership has been
513
+ transfered to the context. That is not the case for certificate though.
514
+ */
515
+ }
516
+ } while (0);
517
+
518
+ if (certificate != NULL) X509_free(certificate);
519
+ BIO_free(pem);
520
+ return result;
521
+ }
522
+
523
+ /* Loads an in-memory PEM private key into the SSL context. */
524
+ static tsi_result ssl_ctx_use_private_key(SSL_CTX *context,
525
+ const unsigned char *pem_key,
526
+ size_t pem_key_size) {
527
+ tsi_result result = TSI_OK;
528
+ EVP_PKEY *private_key = NULL;
529
+ BIO *pem;
530
+ GPR_ASSERT(pem_key_size <= INT_MAX);
531
+ pem = BIO_new_mem_buf((void *)pem_key, (int)pem_key_size);
532
+ if (pem == NULL) return TSI_OUT_OF_RESOURCES;
533
+ do {
534
+ private_key = PEM_read_bio_PrivateKey(pem, NULL, NULL, "");
535
+ if (private_key == NULL) {
536
+ result = TSI_INVALID_ARGUMENT;
537
+ break;
538
+ }
539
+ if (!SSL_CTX_use_PrivateKey(context, private_key)) {
540
+ result = TSI_INVALID_ARGUMENT;
541
+ break;
542
+ }
543
+ } while (0);
544
+ if (private_key != NULL) EVP_PKEY_free(private_key);
545
+ BIO_free(pem);
546
+ return result;
547
+ }
548
+
549
+ /* Loads in-memory PEM verification certs into the SSL context and optionally
550
+ returns the verification cert names (root_names can be NULL). */
551
+ static tsi_result ssl_ctx_load_verification_certs(
552
+ SSL_CTX *context, const unsigned char *pem_roots, size_t pem_roots_size,
553
+ STACK_OF(X509_NAME) * *root_names) {
554
+ tsi_result result = TSI_OK;
555
+ size_t num_roots = 0;
556
+ X509 *root = NULL;
557
+ X509_NAME *root_name = NULL;
558
+ BIO *pem;
559
+ X509_STORE *root_store;
560
+ GPR_ASSERT(pem_roots_size <= INT_MAX);
561
+ pem = BIO_new_mem_buf((void *)pem_roots, (int)pem_roots_size);
562
+ root_store = SSL_CTX_get_cert_store(context);
563
+ if (root_store == NULL) return TSI_INVALID_ARGUMENT;
564
+ if (pem == NULL) return TSI_OUT_OF_RESOURCES;
565
+ if (root_names != NULL) {
566
+ *root_names = sk_X509_NAME_new_null();
567
+ if (*root_names == NULL) return TSI_OUT_OF_RESOURCES;
568
+ }
569
+
570
+ while (1) {
571
+ root = PEM_read_bio_X509_AUX(pem, NULL, NULL, "");
572
+ if (root == NULL) {
573
+ ERR_clear_error();
574
+ break; /* We're at the end of stream. */
575
+ }
576
+ if (root_names != NULL) {
577
+ root_name = X509_get_subject_name(root);
578
+ if (root_name == NULL) {
579
+ gpr_log(GPR_ERROR, "Could not get name from root certificate.");
580
+ result = TSI_INVALID_ARGUMENT;
581
+ break;
582
+ }
583
+ root_name = X509_NAME_dup(root_name);
584
+ if (root_name == NULL) {
585
+ result = TSI_OUT_OF_RESOURCES;
586
+ break;
587
+ }
588
+ sk_X509_NAME_push(*root_names, root_name);
589
+ root_name = NULL;
590
+ }
591
+ if (!X509_STORE_add_cert(root_store, root)) {
592
+ gpr_log(GPR_ERROR, "Could not add root certificate to ssl context.");
593
+ result = TSI_INTERNAL_ERROR;
594
+ break;
595
+ }
596
+ X509_free(root);
597
+ num_roots++;
598
+ }
599
+
600
+ if (num_roots == 0) {
601
+ gpr_log(GPR_ERROR, "Could not load any root certificate.");
602
+ result = TSI_INVALID_ARGUMENT;
603
+ }
604
+
605
+ if (result != TSI_OK) {
606
+ if (root != NULL) X509_free(root);
607
+ if (root_names != NULL) {
608
+ sk_X509_NAME_pop_free(*root_names, X509_NAME_free);
609
+ *root_names = NULL;
610
+ if (root_name != NULL) X509_NAME_free(root_name);
611
+ }
612
+ }
613
+ BIO_free(pem);
614
+ return result;
615
+ }
616
+
617
+ /* Populates the SSL context with a private key and a cert chain, and sets the
618
+ cipher list and the ephemeral ECDH key. */
619
+ static tsi_result populate_ssl_context(
620
+ SSL_CTX *context, const unsigned char *pem_private_key,
621
+ size_t pem_private_key_size, const unsigned char *pem_certificate_chain,
622
+ size_t pem_certificate_chain_size, const char *cipher_list) {
623
+ tsi_result result = TSI_OK;
624
+ if (pem_certificate_chain != NULL) {
625
+ result = ssl_ctx_use_certificate_chain(context, pem_certificate_chain,
626
+ pem_certificate_chain_size);
627
+ if (result != TSI_OK) {
628
+ gpr_log(GPR_ERROR, "Invalid cert chain file.");
629
+ return result;
630
+ }
631
+ }
632
+ if (pem_private_key != NULL) {
633
+ result =
634
+ ssl_ctx_use_private_key(context, pem_private_key, pem_private_key_size);
635
+ if (result != TSI_OK || !SSL_CTX_check_private_key(context)) {
636
+ gpr_log(GPR_ERROR, "Invalid private key.");
637
+ return result != TSI_OK ? result : TSI_INVALID_ARGUMENT;
638
+ }
639
+ }
640
+ if ((cipher_list != NULL) && !SSL_CTX_set_cipher_list(context, cipher_list)) {
641
+ gpr_log(GPR_ERROR, "Invalid cipher list: %s.", cipher_list);
642
+ return TSI_INVALID_ARGUMENT;
643
+ }
644
+ {
645
+ EC_KEY *ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
646
+ if (!SSL_CTX_set_tmp_ecdh(context, ecdh)) {
647
+ gpr_log(GPR_ERROR, "Could not set ephemeral ECDH key.");
648
+ EC_KEY_free(ecdh);
649
+ return TSI_INTERNAL_ERROR;
650
+ }
651
+ SSL_CTX_set_options(context, SSL_OP_SINGLE_ECDH_USE);
652
+ EC_KEY_free(ecdh);
653
+ }
654
+ return TSI_OK;
655
+ }
656
+
657
+ /* Extracts the CN and the SANs from an X509 cert as a peer object. */
658
+ static tsi_result extract_x509_subject_names_from_pem_cert(
659
+ const unsigned char *pem_cert, size_t pem_cert_size, tsi_peer *peer) {
660
+ tsi_result result = TSI_OK;
661
+ X509 *cert = NULL;
662
+ BIO *pem;
663
+ GPR_ASSERT(pem_cert_size <= INT_MAX);
664
+ pem = BIO_new_mem_buf((void *)pem_cert, (int)pem_cert_size);
665
+ if (pem == NULL) return TSI_OUT_OF_RESOURCES;
666
+
667
+ cert = PEM_read_bio_X509(pem, NULL, NULL, "");
668
+ if (cert == NULL) {
669
+ gpr_log(GPR_ERROR, "Invalid certificate");
670
+ result = TSI_INVALID_ARGUMENT;
671
+ } else {
672
+ result = peer_from_x509(cert, 0, peer);
673
+ }
674
+ if (cert != NULL) X509_free(cert);
675
+ BIO_free(pem);
676
+ return result;
677
+ }
678
+
679
+ /* Builds the alpn protocol name list according to rfc 7301. */
680
+ static tsi_result build_alpn_protocol_name_list(
681
+ const unsigned char **alpn_protocols,
682
+ const unsigned char *alpn_protocols_lengths, uint16_t num_alpn_protocols,
683
+ unsigned char **protocol_name_list, size_t *protocol_name_list_length) {
684
+ uint16_t i;
685
+ unsigned char *current;
686
+ *protocol_name_list = NULL;
687
+ *protocol_name_list_length = 0;
688
+ if (num_alpn_protocols == 0) return TSI_INVALID_ARGUMENT;
689
+ for (i = 0; i < num_alpn_protocols; i++) {
690
+ if (alpn_protocols_lengths[i] == 0) {
691
+ gpr_log(GPR_ERROR, "Invalid 0-length protocol name.");
692
+ return TSI_INVALID_ARGUMENT;
693
+ }
694
+ *protocol_name_list_length += (size_t)alpn_protocols_lengths[i] + 1;
695
+ }
696
+ *protocol_name_list = gpr_malloc(*protocol_name_list_length);
697
+ if (*protocol_name_list == NULL) return TSI_OUT_OF_RESOURCES;
698
+ current = *protocol_name_list;
699
+ for (i = 0; i < num_alpn_protocols; i++) {
700
+ *(current++) = alpn_protocols_lengths[i];
701
+ memcpy(current, alpn_protocols[i], alpn_protocols_lengths[i]);
702
+ current += alpn_protocols_lengths[i];
703
+ }
704
+ /* Safety check. */
705
+ if ((current < *protocol_name_list) ||
706
+ ((uintptr_t)(current - *protocol_name_list) !=
707
+ *protocol_name_list_length)) {
708
+ return TSI_INTERNAL_ERROR;
709
+ }
710
+ return TSI_OK;
711
+ }
712
+
713
+ // The verification callback is used for clients that don't really care about
714
+ // the server's certificate, but we need to pull it anyway, in case a higher
715
+ // layer wants to look at it. In this case the verification may fail, but
716
+ // we don't really care.
717
+ static int NullVerifyCallback(int preverify_ok, X509_STORE_CTX *ctx) {
718
+ return 1;
719
+ }
720
+
721
+ /* --- tsi_frame_protector methods implementation. ---*/
722
+
723
+ static tsi_result ssl_protector_protect(tsi_frame_protector *self,
724
+ const unsigned char *unprotected_bytes,
725
+ size_t *unprotected_bytes_size,
726
+ unsigned char *protected_output_frames,
727
+ size_t *protected_output_frames_size) {
728
+ tsi_ssl_frame_protector *impl = (tsi_ssl_frame_protector *)self;
729
+ int read_from_ssl;
730
+ size_t available;
731
+ tsi_result result = TSI_OK;
732
+
733
+ /* First see if we have some pending data in the SSL BIO. */
734
+ int pending_in_ssl = (int)BIO_pending(impl->from_ssl);
735
+ if (pending_in_ssl > 0) {
736
+ *unprotected_bytes_size = 0;
737
+ GPR_ASSERT(*protected_output_frames_size <= INT_MAX);
738
+ read_from_ssl = BIO_read(impl->from_ssl, protected_output_frames,
739
+ (int)*protected_output_frames_size);
740
+ if (read_from_ssl < 0) {
741
+ gpr_log(GPR_ERROR,
742
+ "Could not read from BIO even though some data is pending");
743
+ return TSI_INTERNAL_ERROR;
744
+ }
745
+ *protected_output_frames_size = (size_t)read_from_ssl;
746
+ return TSI_OK;
747
+ }
748
+
749
+ /* Now see if we can send a complete frame. */
750
+ available = impl->buffer_size - impl->buffer_offset;
751
+ if (available > *unprotected_bytes_size) {
752
+ /* If we cannot, just copy the data in our internal buffer. */
753
+ memcpy(impl->buffer + impl->buffer_offset, unprotected_bytes,
754
+ *unprotected_bytes_size);
755
+ impl->buffer_offset += *unprotected_bytes_size;
756
+ *protected_output_frames_size = 0;
757
+ return TSI_OK;
758
+ }
759
+
760
+ /* If we can, prepare the buffer, send it to SSL_write and read. */
761
+ memcpy(impl->buffer + impl->buffer_offset, unprotected_bytes, available);
762
+ result = do_ssl_write(impl->ssl, impl->buffer, impl->buffer_size);
763
+ if (result != TSI_OK) return result;
764
+
765
+ GPR_ASSERT(*protected_output_frames_size <= INT_MAX);
766
+ read_from_ssl = BIO_read(impl->from_ssl, protected_output_frames,
767
+ (int)*protected_output_frames_size);
768
+ if (read_from_ssl < 0) {
769
+ gpr_log(GPR_ERROR, "Could not read from BIO after SSL_write.");
770
+ return TSI_INTERNAL_ERROR;
771
+ }
772
+ *protected_output_frames_size = (size_t)read_from_ssl;
773
+ *unprotected_bytes_size = available;
774
+ impl->buffer_offset = 0;
775
+ return TSI_OK;
776
+ }
777
+
778
+ static tsi_result ssl_protector_protect_flush(
779
+ tsi_frame_protector *self, unsigned char *protected_output_frames,
780
+ size_t *protected_output_frames_size, size_t *still_pending_size) {
781
+ tsi_result result = TSI_OK;
782
+ tsi_ssl_frame_protector *impl = (tsi_ssl_frame_protector *)self;
783
+ int read_from_ssl = 0;
784
+ int pending;
785
+
786
+ if (impl->buffer_offset != 0) {
787
+ result = do_ssl_write(impl->ssl, impl->buffer, impl->buffer_offset);
788
+ if (result != TSI_OK) return result;
789
+ impl->buffer_offset = 0;
790
+ }
791
+
792
+ pending = (int)BIO_pending(impl->from_ssl);
793
+ GPR_ASSERT(pending >= 0);
794
+ *still_pending_size = (size_t)pending;
795
+ if (*still_pending_size == 0) return TSI_OK;
796
+
797
+ GPR_ASSERT(*protected_output_frames_size <= INT_MAX);
798
+ read_from_ssl = BIO_read(impl->from_ssl, protected_output_frames,
799
+ (int)*protected_output_frames_size);
800
+ if (read_from_ssl <= 0) {
801
+ gpr_log(GPR_ERROR, "Could not read from BIO after SSL_write.");
802
+ return TSI_INTERNAL_ERROR;
803
+ }
804
+ *protected_output_frames_size = (size_t)read_from_ssl;
805
+ pending = (int)BIO_pending(impl->from_ssl);
806
+ GPR_ASSERT(pending >= 0);
807
+ *still_pending_size = (size_t)pending;
808
+ return TSI_OK;
809
+ }
810
+
811
+ static tsi_result ssl_protector_unprotect(
812
+ tsi_frame_protector *self, const unsigned char *protected_frames_bytes,
813
+ size_t *protected_frames_bytes_size, unsigned char *unprotected_bytes,
814
+ size_t *unprotected_bytes_size) {
815
+ tsi_result result = TSI_OK;
816
+ int written_into_ssl = 0;
817
+ size_t output_bytes_size = *unprotected_bytes_size;
818
+ size_t output_bytes_offset = 0;
819
+ tsi_ssl_frame_protector *impl = (tsi_ssl_frame_protector *)self;
820
+
821
+ /* First, try to read remaining data from ssl. */
822
+ result = do_ssl_read(impl->ssl, unprotected_bytes, unprotected_bytes_size);
823
+ if (result != TSI_OK) return result;
824
+ if (*unprotected_bytes_size == output_bytes_size) {
825
+ /* We have read everything we could and cannot process any more input. */
826
+ *protected_frames_bytes_size = 0;
827
+ return TSI_OK;
828
+ }
829
+ output_bytes_offset = *unprotected_bytes_size;
830
+ unprotected_bytes += output_bytes_offset;
831
+ *unprotected_bytes_size = output_bytes_size - output_bytes_offset;
832
+
833
+ /* Then, try to write some data to ssl. */
834
+ GPR_ASSERT(*protected_frames_bytes_size <= INT_MAX);
835
+ written_into_ssl = BIO_write(impl->into_ssl, protected_frames_bytes,
836
+ (int)*protected_frames_bytes_size);
837
+ if (written_into_ssl < 0) {
838
+ gpr_log(GPR_ERROR, "Sending protected frame to ssl failed with %d",
839
+ written_into_ssl);
840
+ return TSI_INTERNAL_ERROR;
841
+ }
842
+ *protected_frames_bytes_size = (size_t)written_into_ssl;
843
+
844
+ /* Now try to read some data again. */
845
+ result = do_ssl_read(impl->ssl, unprotected_bytes, unprotected_bytes_size);
846
+ if (result == TSI_OK) {
847
+ /* Don't forget to output the total number of bytes read. */
848
+ *unprotected_bytes_size += output_bytes_offset;
849
+ }
850
+ return result;
851
+ }
852
+
853
+ static void ssl_protector_destroy(tsi_frame_protector *self) {
854
+ tsi_ssl_frame_protector *impl = (tsi_ssl_frame_protector *)self;
855
+ if (impl->buffer != NULL) gpr_free(impl->buffer);
856
+ if (impl->ssl != NULL) SSL_free(impl->ssl);
857
+ gpr_free(self);
858
+ }
859
+
860
+ static const tsi_frame_protector_vtable frame_protector_vtable = {
861
+ ssl_protector_protect, ssl_protector_protect_flush, ssl_protector_unprotect,
862
+ ssl_protector_destroy,
863
+ };
864
+
865
+ /* --- tsi_handshaker methods implementation. ---*/
866
+
867
+ static tsi_result ssl_handshaker_get_bytes_to_send_to_peer(tsi_handshaker *self,
868
+ unsigned char *bytes,
869
+ size_t *bytes_size) {
870
+ tsi_ssl_handshaker *impl = (tsi_ssl_handshaker *)self;
871
+ int bytes_read_from_ssl = 0;
872
+ if (bytes == NULL || bytes_size == NULL || *bytes_size == 0 ||
873
+ *bytes_size > INT_MAX) {
874
+ return TSI_INVALID_ARGUMENT;
875
+ }
876
+ GPR_ASSERT(*bytes_size <= INT_MAX);
877
+ bytes_read_from_ssl = BIO_read(impl->from_ssl, bytes, (int)*bytes_size);
878
+ if (bytes_read_from_ssl < 0) {
879
+ *bytes_size = 0;
880
+ if (!BIO_should_retry(impl->from_ssl)) {
881
+ impl->result = TSI_INTERNAL_ERROR;
882
+ return impl->result;
883
+ } else {
884
+ return TSI_OK;
885
+ }
886
+ }
887
+ *bytes_size = (size_t)bytes_read_from_ssl;
888
+ return BIO_pending(impl->from_ssl) == 0 ? TSI_OK : TSI_INCOMPLETE_DATA;
889
+ }
890
+
891
+ static tsi_result ssl_handshaker_get_result(tsi_handshaker *self) {
892
+ tsi_ssl_handshaker *impl = (tsi_ssl_handshaker *)self;
893
+ if ((impl->result == TSI_HANDSHAKE_IN_PROGRESS) &&
894
+ SSL_is_init_finished(impl->ssl)) {
895
+ impl->result = TSI_OK;
896
+ }
897
+ return impl->result;
898
+ }
899
+
900
+ static tsi_result ssl_handshaker_process_bytes_from_peer(
901
+ tsi_handshaker *self, const unsigned char *bytes, size_t *bytes_size) {
902
+ tsi_ssl_handshaker *impl = (tsi_ssl_handshaker *)self;
903
+ int bytes_written_into_ssl_size = 0;
904
+ if (bytes == NULL || bytes_size == 0 || *bytes_size > INT_MAX) {
905
+ return TSI_INVALID_ARGUMENT;
906
+ }
907
+ GPR_ASSERT(*bytes_size <= INT_MAX);
908
+ bytes_written_into_ssl_size =
909
+ BIO_write(impl->into_ssl, bytes, (int)*bytes_size);
910
+ if (bytes_written_into_ssl_size < 0) {
911
+ gpr_log(GPR_ERROR, "Could not write to memory BIO.");
912
+ impl->result = TSI_INTERNAL_ERROR;
913
+ return impl->result;
914
+ }
915
+ *bytes_size = (size_t)bytes_written_into_ssl_size;
916
+
917
+ if (!tsi_handshaker_is_in_progress(self)) {
918
+ impl->result = TSI_OK;
919
+ return impl->result;
920
+ } else {
921
+ /* Get ready to get some bytes from SSL. */
922
+ int ssl_result = SSL_do_handshake(impl->ssl);
923
+ ssl_result = SSL_get_error(impl->ssl, ssl_result);
924
+ switch (ssl_result) {
925
+ case SSL_ERROR_WANT_READ:
926
+ if (BIO_pending(impl->from_ssl) == 0) {
927
+ /* We need more data. */
928
+ return TSI_INCOMPLETE_DATA;
929
+ } else {
930
+ return TSI_OK;
931
+ }
932
+ case SSL_ERROR_NONE:
933
+ return TSI_OK;
934
+ default: {
935
+ char err_str[256];
936
+ ERR_error_string_n(ERR_get_error(), err_str, sizeof(err_str));
937
+ gpr_log(GPR_ERROR, "Handshake failed with fatal error %s: %s.",
938
+ ssl_error_string(ssl_result), err_str);
939
+ impl->result = TSI_PROTOCOL_FAILURE;
940
+ return impl->result;
941
+ }
942
+ }
943
+ }
944
+ }
945
+
946
+ static tsi_result ssl_handshaker_extract_peer(tsi_handshaker *self,
947
+ tsi_peer *peer) {
948
+ tsi_result result = TSI_OK;
949
+ const unsigned char *alpn_selected = NULL;
950
+ unsigned int alpn_selected_len;
951
+ tsi_ssl_handshaker *impl = (tsi_ssl_handshaker *)self;
952
+ X509 *peer_cert = SSL_get_peer_certificate(impl->ssl);
953
+ if (peer_cert != NULL) {
954
+ result = peer_from_x509(peer_cert, 1, peer);
955
+ X509_free(peer_cert);
956
+ if (result != TSI_OK) return result;
957
+ }
958
+ #if TSI_OPENSSL_ALPN_SUPPORT
959
+ SSL_get0_alpn_selected(impl->ssl, &alpn_selected, &alpn_selected_len);
960
+ #endif /* TSI_OPENSSL_ALPN_SUPPORT */
961
+ if (alpn_selected == NULL) {
962
+ /* Try npn. */
963
+ SSL_get0_next_proto_negotiated(impl->ssl, &alpn_selected,
964
+ &alpn_selected_len);
965
+ }
966
+ if (alpn_selected != NULL) {
967
+ size_t i;
968
+ tsi_peer_property *new_properties =
969
+ gpr_zalloc(sizeof(*new_properties) * (peer->property_count + 1));
970
+ for (i = 0; i < peer->property_count; i++) {
971
+ new_properties[i] = peer->properties[i];
972
+ }
973
+ result = tsi_construct_string_peer_property(
974
+ TSI_SSL_ALPN_SELECTED_PROTOCOL, (const char *)alpn_selected,
975
+ alpn_selected_len, &new_properties[peer->property_count]);
976
+ if (result != TSI_OK) {
977
+ gpr_free(new_properties);
978
+ return result;
979
+ }
980
+ if (peer->properties != NULL) gpr_free(peer->properties);
981
+ peer->property_count++;
982
+ peer->properties = new_properties;
983
+ }
984
+ return result;
985
+ }
986
+
987
+ static tsi_result ssl_handshaker_create_frame_protector(
988
+ tsi_handshaker *self, size_t *max_output_protected_frame_size,
989
+ tsi_frame_protector **protector) {
990
+ size_t actual_max_output_protected_frame_size =
991
+ TSI_SSL_MAX_PROTECTED_FRAME_SIZE_UPPER_BOUND;
992
+ tsi_ssl_handshaker *impl = (tsi_ssl_handshaker *)self;
993
+ tsi_ssl_frame_protector *protector_impl = gpr_zalloc(sizeof(*protector_impl));
994
+
995
+ if (max_output_protected_frame_size != NULL) {
996
+ if (*max_output_protected_frame_size >
997
+ TSI_SSL_MAX_PROTECTED_FRAME_SIZE_UPPER_BOUND) {
998
+ *max_output_protected_frame_size =
999
+ TSI_SSL_MAX_PROTECTED_FRAME_SIZE_UPPER_BOUND;
1000
+ } else if (*max_output_protected_frame_size <
1001
+ TSI_SSL_MAX_PROTECTED_FRAME_SIZE_LOWER_BOUND) {
1002
+ *max_output_protected_frame_size =
1003
+ TSI_SSL_MAX_PROTECTED_FRAME_SIZE_LOWER_BOUND;
1004
+ }
1005
+ actual_max_output_protected_frame_size = *max_output_protected_frame_size;
1006
+ }
1007
+ protector_impl->buffer_size =
1008
+ actual_max_output_protected_frame_size - TSI_SSL_MAX_PROTECTION_OVERHEAD;
1009
+ protector_impl->buffer = gpr_malloc(protector_impl->buffer_size);
1010
+ if (protector_impl->buffer == NULL) {
1011
+ gpr_log(GPR_ERROR,
1012
+ "Could not allocated buffer for tsi_ssl_frame_protector.");
1013
+ gpr_free(protector_impl);
1014
+ return TSI_INTERNAL_ERROR;
1015
+ }
1016
+
1017
+ /* Transfer ownership of ssl to the frame protector. It is OK as the caller
1018
+ * cannot call anything else but destroy on the handshaker after this call. */
1019
+ protector_impl->ssl = impl->ssl;
1020
+ impl->ssl = NULL;
1021
+ protector_impl->into_ssl = impl->into_ssl;
1022
+ protector_impl->from_ssl = impl->from_ssl;
1023
+
1024
+ protector_impl->base.vtable = &frame_protector_vtable;
1025
+ *protector = &protector_impl->base;
1026
+ return TSI_OK;
1027
+ }
1028
+
1029
+ static void ssl_handshaker_destroy(tsi_handshaker *self) {
1030
+ tsi_ssl_handshaker *impl = (tsi_ssl_handshaker *)self;
1031
+ SSL_free(impl->ssl); /* The BIO objects are owned by ssl */
1032
+ gpr_free(impl);
1033
+ }
1034
+
1035
+ static const tsi_handshaker_vtable handshaker_vtable = {
1036
+ ssl_handshaker_get_bytes_to_send_to_peer,
1037
+ ssl_handshaker_process_bytes_from_peer,
1038
+ ssl_handshaker_get_result,
1039
+ ssl_handshaker_extract_peer,
1040
+ ssl_handshaker_create_frame_protector,
1041
+ ssl_handshaker_destroy,
1042
+ };
1043
+
1044
+ /* --- tsi_ssl_handshaker_factory common methods. --- */
1045
+
1046
+ static tsi_result create_tsi_ssl_handshaker(SSL_CTX *ctx, int is_client,
1047
+ const char *server_name_indication,
1048
+ tsi_handshaker **handshaker) {
1049
+ SSL *ssl = SSL_new(ctx);
1050
+ BIO *into_ssl = NULL;
1051
+ BIO *from_ssl = NULL;
1052
+ tsi_ssl_handshaker *impl = NULL;
1053
+ *handshaker = NULL;
1054
+ if (ctx == NULL) {
1055
+ gpr_log(GPR_ERROR, "SSL Context is null. Should never happen.");
1056
+ return TSI_INTERNAL_ERROR;
1057
+ }
1058
+ if (ssl == NULL) {
1059
+ return TSI_OUT_OF_RESOURCES;
1060
+ }
1061
+ SSL_set_info_callback(ssl, ssl_info_callback);
1062
+
1063
+ into_ssl = BIO_new(BIO_s_mem());
1064
+ from_ssl = BIO_new(BIO_s_mem());
1065
+ if (into_ssl == NULL || from_ssl == NULL) {
1066
+ gpr_log(GPR_ERROR, "BIO_new failed.");
1067
+ SSL_free(ssl);
1068
+ if (into_ssl != NULL) BIO_free(into_ssl);
1069
+ if (from_ssl != NULL) BIO_free(into_ssl);
1070
+ return TSI_OUT_OF_RESOURCES;
1071
+ }
1072
+ SSL_set_bio(ssl, into_ssl, from_ssl);
1073
+ if (is_client) {
1074
+ int ssl_result;
1075
+ SSL_set_connect_state(ssl);
1076
+ if (server_name_indication != NULL) {
1077
+ if (!SSL_set_tlsext_host_name(ssl, server_name_indication)) {
1078
+ gpr_log(GPR_ERROR, "Invalid server name indication %s.",
1079
+ server_name_indication);
1080
+ SSL_free(ssl);
1081
+ return TSI_INTERNAL_ERROR;
1082
+ }
1083
+ }
1084
+ ssl_result = SSL_do_handshake(ssl);
1085
+ ssl_result = SSL_get_error(ssl, ssl_result);
1086
+ if (ssl_result != SSL_ERROR_WANT_READ) {
1087
+ gpr_log(GPR_ERROR,
1088
+ "Unexpected error received from first SSL_do_handshake call: %s",
1089
+ ssl_error_string(ssl_result));
1090
+ SSL_free(ssl);
1091
+ return TSI_INTERNAL_ERROR;
1092
+ }
1093
+ } else {
1094
+ SSL_set_accept_state(ssl);
1095
+ }
1096
+
1097
+ impl = gpr_zalloc(sizeof(*impl));
1098
+ impl->ssl = ssl;
1099
+ impl->into_ssl = into_ssl;
1100
+ impl->from_ssl = from_ssl;
1101
+ impl->result = TSI_HANDSHAKE_IN_PROGRESS;
1102
+ impl->base.vtable = &handshaker_vtable;
1103
+ *handshaker = &impl->base;
1104
+ return TSI_OK;
1105
+ }
1106
+
1107
+ static int select_protocol_list(const unsigned char **out,
1108
+ unsigned char *outlen,
1109
+ const unsigned char *client_list,
1110
+ size_t client_list_len,
1111
+ const unsigned char *server_list,
1112
+ size_t server_list_len) {
1113
+ const unsigned char *client_current = client_list;
1114
+ while ((unsigned int)(client_current - client_list) < client_list_len) {
1115
+ unsigned char client_current_len = *(client_current++);
1116
+ const unsigned char *server_current = server_list;
1117
+ while ((server_current >= server_list) &&
1118
+ (uintptr_t)(server_current - server_list) < server_list_len) {
1119
+ unsigned char server_current_len = *(server_current++);
1120
+ if ((client_current_len == server_current_len) &&
1121
+ !memcmp(client_current, server_current, server_current_len)) {
1122
+ *out = server_current;
1123
+ *outlen = server_current_len;
1124
+ return SSL_TLSEXT_ERR_OK;
1125
+ }
1126
+ server_current += server_current_len;
1127
+ }
1128
+ client_current += client_current_len;
1129
+ }
1130
+ return SSL_TLSEXT_ERR_NOACK;
1131
+ }
1132
+
1133
+ /* --- tsi_ssl_client_handshaker_factory methods implementation. --- */
1134
+
1135
+ tsi_result tsi_ssl_client_handshaker_factory_create_handshaker(
1136
+ tsi_ssl_client_handshaker_factory *self, const char *server_name_indication,
1137
+ tsi_handshaker **handshaker) {
1138
+ return create_tsi_ssl_handshaker(self->ssl_context, 1, server_name_indication,
1139
+ handshaker);
1140
+ }
1141
+
1142
+ void tsi_ssl_client_handshaker_factory_destroy(
1143
+ tsi_ssl_client_handshaker_factory *self) {
1144
+ if (self->ssl_context != NULL) SSL_CTX_free(self->ssl_context);
1145
+ if (self->alpn_protocol_list != NULL) gpr_free(self->alpn_protocol_list);
1146
+ gpr_free(self);
1147
+ }
1148
+
1149
+ static int client_handshaker_factory_npn_callback(SSL *ssl, unsigned char **out,
1150
+ unsigned char *outlen,
1151
+ const unsigned char *in,
1152
+ unsigned int inlen,
1153
+ void *arg) {
1154
+ tsi_ssl_client_handshaker_factory *factory =
1155
+ (tsi_ssl_client_handshaker_factory *)arg;
1156
+ return select_protocol_list((const unsigned char **)out, outlen,
1157
+ factory->alpn_protocol_list,
1158
+ factory->alpn_protocol_list_length, in, inlen);
1159
+ }
1160
+
1161
+ /* --- tsi_ssl_server_handshaker_factory methods implementation. --- */
1162
+
1163
+ tsi_result tsi_ssl_server_handshaker_factory_create_handshaker(
1164
+ tsi_ssl_server_handshaker_factory *self, tsi_handshaker **handshaker) {
1165
+ if (self->ssl_context_count == 0) return TSI_INVALID_ARGUMENT;
1166
+ /* Create the handshaker with the first context. We will switch if needed
1167
+ because of SNI in ssl_server_handshaker_factory_servername_callback. */
1168
+ return create_tsi_ssl_handshaker(self->ssl_contexts[0], 0, NULL, handshaker);
1169
+ }
1170
+
1171
+ void tsi_ssl_server_handshaker_factory_destroy(
1172
+ tsi_ssl_server_handshaker_factory *self) {
1173
+ size_t i;
1174
+ for (i = 0; i < self->ssl_context_count; i++) {
1175
+ if (self->ssl_contexts[i] != NULL) {
1176
+ SSL_CTX_free(self->ssl_contexts[i]);
1177
+ tsi_peer_destruct(&self->ssl_context_x509_subject_names[i]);
1178
+ }
1179
+ }
1180
+ if (self->ssl_contexts != NULL) gpr_free(self->ssl_contexts);
1181
+ if (self->ssl_context_x509_subject_names != NULL) {
1182
+ gpr_free(self->ssl_context_x509_subject_names);
1183
+ }
1184
+ if (self->alpn_protocol_list != NULL) gpr_free(self->alpn_protocol_list);
1185
+ gpr_free(self);
1186
+ }
1187
+
1188
+ static int does_entry_match_name(const char *entry, size_t entry_length,
1189
+ const char *name) {
1190
+ const char *dot;
1191
+ const char *name_subdomain = NULL;
1192
+ size_t name_length = strlen(name);
1193
+ size_t name_subdomain_length;
1194
+ if (entry_length == 0) return 0;
1195
+
1196
+ /* Take care of '.' terminations. */
1197
+ if (name[name_length - 1] == '.') {
1198
+ name_length--;
1199
+ }
1200
+ if (entry[entry_length - 1] == '.') {
1201
+ entry_length--;
1202
+ if (entry_length == 0) return 0;
1203
+ }
1204
+
1205
+ if ((name_length == entry_length) &&
1206
+ strncmp(name, entry, entry_length) == 0) {
1207
+ return 1; /* Perfect match. */
1208
+ }
1209
+ if (entry[0] != '*') return 0;
1210
+
1211
+ /* Wildchar subdomain matching. */
1212
+ if (entry_length < 3 || entry[1] != '.') { /* At least *.x */
1213
+ gpr_log(GPR_ERROR, "Invalid wildchar entry.");
1214
+ return 0;
1215
+ }
1216
+ name_subdomain = strchr(name, '.');
1217
+ if (name_subdomain == NULL) return 0;
1218
+ name_subdomain_length = strlen(name_subdomain);
1219
+ if (name_subdomain_length < 2) return 0;
1220
+ name_subdomain++; /* Starts after the dot. */
1221
+ name_subdomain_length--;
1222
+ entry += 2; /* Remove *. */
1223
+ entry_length -= 2;
1224
+ dot = strchr(name_subdomain, '.');
1225
+ if ((dot == NULL) || (dot == &name_subdomain[name_subdomain_length - 1])) {
1226
+ gpr_log(GPR_ERROR, "Invalid toplevel subdomain: %s", name_subdomain);
1227
+ return 0;
1228
+ }
1229
+ if (name_subdomain[name_subdomain_length - 1] == '.') {
1230
+ name_subdomain_length--;
1231
+ }
1232
+ return ((entry_length > 0) && (name_subdomain_length == entry_length) &&
1233
+ strncmp(entry, name_subdomain, entry_length) == 0);
1234
+ }
1235
+
1236
+ static int ssl_server_handshaker_factory_servername_callback(SSL *ssl, int *ap,
1237
+ void *arg) {
1238
+ tsi_ssl_server_handshaker_factory *impl =
1239
+ (tsi_ssl_server_handshaker_factory *)arg;
1240
+ size_t i = 0;
1241
+ const char *servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
1242
+ if (servername == NULL || strlen(servername) == 0) {
1243
+ return SSL_TLSEXT_ERR_NOACK;
1244
+ }
1245
+
1246
+ for (i = 0; i < impl->ssl_context_count; i++) {
1247
+ if (tsi_ssl_peer_matches_name(&impl->ssl_context_x509_subject_names[i],
1248
+ servername)) {
1249
+ SSL_set_SSL_CTX(ssl, impl->ssl_contexts[i]);
1250
+ return SSL_TLSEXT_ERR_OK;
1251
+ }
1252
+ }
1253
+ gpr_log(GPR_ERROR, "No match found for server name: %s.", servername);
1254
+ return SSL_TLSEXT_ERR_ALERT_WARNING;
1255
+ }
1256
+
1257
+ #if TSI_OPENSSL_ALPN_SUPPORT
1258
+ static int server_handshaker_factory_alpn_callback(
1259
+ SSL *ssl, const unsigned char **out, unsigned char *outlen,
1260
+ const unsigned char *in, unsigned int inlen, void *arg) {
1261
+ tsi_ssl_server_handshaker_factory *factory =
1262
+ (tsi_ssl_server_handshaker_factory *)arg;
1263
+ return select_protocol_list(out, outlen, in, inlen,
1264
+ factory->alpn_protocol_list,
1265
+ factory->alpn_protocol_list_length);
1266
+ }
1267
+ #endif /* TSI_OPENSSL_ALPN_SUPPORT */
1268
+
1269
+ static int server_handshaker_factory_npn_advertised_callback(
1270
+ SSL *ssl, const unsigned char **out, unsigned int *outlen, void *arg) {
1271
+ tsi_ssl_server_handshaker_factory *factory =
1272
+ (tsi_ssl_server_handshaker_factory *)arg;
1273
+ *out = factory->alpn_protocol_list;
1274
+ GPR_ASSERT(factory->alpn_protocol_list_length <= UINT_MAX);
1275
+ *outlen = (unsigned int)factory->alpn_protocol_list_length;
1276
+ return SSL_TLSEXT_ERR_OK;
1277
+ }
1278
+
1279
+ /* --- tsi_ssl_handshaker_factory constructors. --- */
1280
+
1281
+ tsi_result tsi_create_ssl_client_handshaker_factory(
1282
+ const unsigned char *pem_private_key, size_t pem_private_key_size,
1283
+ const unsigned char *pem_cert_chain, size_t pem_cert_chain_size,
1284
+ const unsigned char *pem_root_certs, size_t pem_root_certs_size,
1285
+ const char *cipher_list, const unsigned char **alpn_protocols,
1286
+ const unsigned char *alpn_protocols_lengths, uint16_t num_alpn_protocols,
1287
+ tsi_ssl_client_handshaker_factory **factory) {
1288
+ SSL_CTX *ssl_context = NULL;
1289
+ tsi_ssl_client_handshaker_factory *impl = NULL;
1290
+ tsi_result result = TSI_OK;
1291
+
1292
+ gpr_once_init(&init_openssl_once, init_openssl);
1293
+
1294
+ if (factory == NULL) return TSI_INVALID_ARGUMENT;
1295
+ *factory = NULL;
1296
+ if (pem_root_certs == NULL) return TSI_INVALID_ARGUMENT;
1297
+
1298
+ ssl_context = SSL_CTX_new(TLSv1_2_method());
1299
+ if (ssl_context == NULL) {
1300
+ gpr_log(GPR_ERROR, "Could not create ssl context.");
1301
+ return TSI_INVALID_ARGUMENT;
1302
+ }
1303
+
1304
+ impl = gpr_zalloc(sizeof(*impl));
1305
+ impl->ssl_context = ssl_context;
1306
+
1307
+ do {
1308
+ result =
1309
+ populate_ssl_context(ssl_context, pem_private_key, pem_private_key_size,
1310
+ pem_cert_chain, pem_cert_chain_size, cipher_list);
1311
+ if (result != TSI_OK) break;
1312
+ result = ssl_ctx_load_verification_certs(ssl_context, pem_root_certs,
1313
+ pem_root_certs_size, NULL);
1314
+ if (result != TSI_OK) {
1315
+ gpr_log(GPR_ERROR, "Cannot load server root certificates.");
1316
+ break;
1317
+ }
1318
+
1319
+ if (num_alpn_protocols != 0) {
1320
+ result = build_alpn_protocol_name_list(
1321
+ alpn_protocols, alpn_protocols_lengths, num_alpn_protocols,
1322
+ &impl->alpn_protocol_list, &impl->alpn_protocol_list_length);
1323
+ if (result != TSI_OK) {
1324
+ gpr_log(GPR_ERROR, "Building alpn list failed with error %s.",
1325
+ tsi_result_to_string(result));
1326
+ break;
1327
+ }
1328
+ #if TSI_OPENSSL_ALPN_SUPPORT
1329
+ GPR_ASSERT(impl->alpn_protocol_list_length < UINT_MAX);
1330
+ if (SSL_CTX_set_alpn_protos(
1331
+ ssl_context, impl->alpn_protocol_list,
1332
+ (unsigned int)impl->alpn_protocol_list_length)) {
1333
+ gpr_log(GPR_ERROR, "Could not set alpn protocol list to context.");
1334
+ result = TSI_INVALID_ARGUMENT;
1335
+ break;
1336
+ }
1337
+ #endif /* TSI_OPENSSL_ALPN_SUPPORT */
1338
+ SSL_CTX_set_next_proto_select_cb(
1339
+ ssl_context, client_handshaker_factory_npn_callback, impl);
1340
+ }
1341
+ } while (0);
1342
+ if (result != TSI_OK) {
1343
+ tsi_ssl_client_handshaker_factory_destroy(impl);
1344
+ return result;
1345
+ }
1346
+ SSL_CTX_set_verify(ssl_context, SSL_VERIFY_PEER, NULL);
1347
+ /* TODO(jboeuf): Add revocation verification. */
1348
+
1349
+ *factory = impl;
1350
+ return TSI_OK;
1351
+ }
1352
+
1353
+ tsi_result tsi_create_ssl_server_handshaker_factory(
1354
+ const unsigned char **pem_private_keys,
1355
+ const size_t *pem_private_keys_sizes, const unsigned char **pem_cert_chains,
1356
+ const size_t *pem_cert_chains_sizes, size_t key_cert_pair_count,
1357
+ const unsigned char *pem_client_root_certs,
1358
+ size_t pem_client_root_certs_size, int force_client_auth,
1359
+ const char *cipher_list, const unsigned char **alpn_protocols,
1360
+ const unsigned char *alpn_protocols_lengths, uint16_t num_alpn_protocols,
1361
+ tsi_ssl_server_handshaker_factory **factory) {
1362
+ return tsi_create_ssl_server_handshaker_factory_ex(
1363
+ pem_private_keys, pem_private_keys_sizes, pem_cert_chains,
1364
+ pem_cert_chains_sizes, key_cert_pair_count, pem_client_root_certs,
1365
+ pem_client_root_certs_size,
1366
+ force_client_auth ? TSI_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY
1367
+ : TSI_DONT_REQUEST_CLIENT_CERTIFICATE,
1368
+ cipher_list, alpn_protocols, alpn_protocols_lengths, num_alpn_protocols,
1369
+ factory);
1370
+ }
1371
+
1372
+ tsi_result tsi_create_ssl_server_handshaker_factory_ex(
1373
+ const unsigned char **pem_private_keys,
1374
+ const size_t *pem_private_keys_sizes, const unsigned char **pem_cert_chains,
1375
+ const size_t *pem_cert_chains_sizes, size_t key_cert_pair_count,
1376
+ const unsigned char *pem_client_root_certs,
1377
+ size_t pem_client_root_certs_size,
1378
+ tsi_client_certificate_request_type client_certificate_request,
1379
+ const char *cipher_list, const unsigned char **alpn_protocols,
1380
+ const unsigned char *alpn_protocols_lengths, uint16_t num_alpn_protocols,
1381
+ tsi_ssl_server_handshaker_factory **factory) {
1382
+ tsi_ssl_server_handshaker_factory *impl = NULL;
1383
+ tsi_result result = TSI_OK;
1384
+ size_t i = 0;
1385
+
1386
+ gpr_once_init(&init_openssl_once, init_openssl);
1387
+
1388
+ if (factory == NULL) return TSI_INVALID_ARGUMENT;
1389
+ *factory = NULL;
1390
+ if (key_cert_pair_count == 0 || pem_private_keys == NULL ||
1391
+ pem_cert_chains == NULL) {
1392
+ return TSI_INVALID_ARGUMENT;
1393
+ }
1394
+
1395
+ impl = gpr_zalloc(sizeof(*impl));
1396
+ impl->ssl_contexts = gpr_zalloc(key_cert_pair_count * sizeof(SSL_CTX *));
1397
+ impl->ssl_context_x509_subject_names =
1398
+ gpr_zalloc(key_cert_pair_count * sizeof(tsi_peer));
1399
+ if (impl->ssl_contexts == NULL ||
1400
+ impl->ssl_context_x509_subject_names == NULL) {
1401
+ tsi_ssl_server_handshaker_factory_destroy(impl);
1402
+ return TSI_OUT_OF_RESOURCES;
1403
+ }
1404
+ impl->ssl_context_count = key_cert_pair_count;
1405
+
1406
+ if (num_alpn_protocols > 0) {
1407
+ result = build_alpn_protocol_name_list(
1408
+ alpn_protocols, alpn_protocols_lengths, num_alpn_protocols,
1409
+ &impl->alpn_protocol_list, &impl->alpn_protocol_list_length);
1410
+ if (result != TSI_OK) {
1411
+ tsi_ssl_server_handshaker_factory_destroy(impl);
1412
+ return result;
1413
+ }
1414
+ }
1415
+
1416
+ for (i = 0; i < key_cert_pair_count; i++) {
1417
+ do {
1418
+ impl->ssl_contexts[i] = SSL_CTX_new(TLSv1_2_method());
1419
+ if (impl->ssl_contexts[i] == NULL) {
1420
+ gpr_log(GPR_ERROR, "Could not create ssl context.");
1421
+ result = TSI_OUT_OF_RESOURCES;
1422
+ break;
1423
+ }
1424
+ result = populate_ssl_context(
1425
+ impl->ssl_contexts[i], pem_private_keys[i], pem_private_keys_sizes[i],
1426
+ pem_cert_chains[i], pem_cert_chains_sizes[i], cipher_list);
1427
+ if (result != TSI_OK) break;
1428
+
1429
+ if (pem_client_root_certs != NULL) {
1430
+ STACK_OF(X509_NAME) *root_names = NULL;
1431
+ result = ssl_ctx_load_verification_certs(
1432
+ impl->ssl_contexts[i], pem_client_root_certs,
1433
+ pem_client_root_certs_size, &root_names);
1434
+ if (result != TSI_OK) {
1435
+ gpr_log(GPR_ERROR, "Invalid verification certs.");
1436
+ break;
1437
+ }
1438
+ SSL_CTX_set_client_CA_list(impl->ssl_contexts[i], root_names);
1439
+ switch (client_certificate_request) {
1440
+ case TSI_DONT_REQUEST_CLIENT_CERTIFICATE:
1441
+ SSL_CTX_set_verify(impl->ssl_contexts[i], SSL_VERIFY_NONE, NULL);
1442
+ break;
1443
+ case TSI_REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY:
1444
+ SSL_CTX_set_verify(impl->ssl_contexts[i], SSL_VERIFY_PEER,
1445
+ NullVerifyCallback);
1446
+ break;
1447
+ case TSI_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY:
1448
+ SSL_CTX_set_verify(impl->ssl_contexts[i], SSL_VERIFY_PEER, NULL);
1449
+ break;
1450
+ case TSI_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY:
1451
+ SSL_CTX_set_verify(
1452
+ impl->ssl_contexts[i],
1453
+ SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1454
+ NullVerifyCallback);
1455
+ break;
1456
+ case TSI_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY:
1457
+ SSL_CTX_set_verify(
1458
+ impl->ssl_contexts[i],
1459
+ SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
1460
+ break;
1461
+ }
1462
+ /* TODO(jboeuf): Add revocation verification. */
1463
+ }
1464
+
1465
+ result = extract_x509_subject_names_from_pem_cert(
1466
+ pem_cert_chains[i], pem_cert_chains_sizes[i],
1467
+ &impl->ssl_context_x509_subject_names[i]);
1468
+ if (result != TSI_OK) break;
1469
+
1470
+ SSL_CTX_set_tlsext_servername_callback(
1471
+ impl->ssl_contexts[i],
1472
+ ssl_server_handshaker_factory_servername_callback);
1473
+ SSL_CTX_set_tlsext_servername_arg(impl->ssl_contexts[i], impl);
1474
+ #if TSI_OPENSSL_ALPN_SUPPORT
1475
+ SSL_CTX_set_alpn_select_cb(impl->ssl_contexts[i],
1476
+ server_handshaker_factory_alpn_callback, impl);
1477
+ #endif /* TSI_OPENSSL_ALPN_SUPPORT */
1478
+ SSL_CTX_set_next_protos_advertised_cb(
1479
+ impl->ssl_contexts[i],
1480
+ server_handshaker_factory_npn_advertised_callback, impl);
1481
+ } while (0);
1482
+
1483
+ if (result != TSI_OK) {
1484
+ tsi_ssl_server_handshaker_factory_destroy(impl);
1485
+ return result;
1486
+ }
1487
+ }
1488
+ *factory = impl;
1489
+ return TSI_OK;
1490
+ }
1491
+
1492
+ /* --- tsi_ssl utils. --- */
1493
+
1494
+ int tsi_ssl_peer_matches_name(const tsi_peer *peer, const char *name) {
1495
+ size_t i = 0;
1496
+ size_t san_count = 0;
1497
+ const tsi_peer_property *cn_property = NULL;
1498
+ int like_ip = looks_like_ip_address(name);
1499
+
1500
+ /* Check the SAN first. */
1501
+ for (i = 0; i < peer->property_count; i++) {
1502
+ const tsi_peer_property *property = &peer->properties[i];
1503
+ if (property->name == NULL) continue;
1504
+ if (strcmp(property->name,
1505
+ TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY) == 0) {
1506
+ san_count++;
1507
+
1508
+ if (!like_ip && does_entry_match_name(property->value.data,
1509
+ property->value.length, name)) {
1510
+ return 1;
1511
+ } else if (like_ip &&
1512
+ strncmp(name, property->value.data, property->value.length) ==
1513
+ 0 &&
1514
+ strlen(name) == property->value.length) {
1515
+ /* IP Addresses are exact matches only. */
1516
+ return 1;
1517
+ }
1518
+ } else if (strcmp(property->name,
1519
+ TSI_X509_SUBJECT_COMMON_NAME_PEER_PROPERTY) == 0) {
1520
+ cn_property = property;
1521
+ }
1522
+ }
1523
+
1524
+ /* If there's no SAN, try the CN, but only if its not like an IP Address */
1525
+ if (san_count == 0 && cn_property != NULL && !like_ip) {
1526
+ if (does_entry_match_name(cn_property->value.data,
1527
+ cn_property->value.length, name)) {
1528
+ return 1;
1529
+ }
1530
+ }
1531
+
1532
+ return 0; /* Not found. */
1533
+ }