grpc-flamingo 1.11.0 → 1.15.0

data/third_party/boringssl/ssl/s3_both.cc

@@ -238,8 +238,8 @@ int ssl3_flush_flight(SSL *ssl) {
     return -1;
   }
 
-  if (ssl->s3->pending_flight->length > 0xffffffff ||
-      ssl->s3->pending_flight->length > INT_MAX) {
+  static_assert(INT_MAX <= 0xffffffff, "int is larger than 32 bits");
+  if (ssl->s3->pending_flight->length > INT_MAX) {
     OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
     return -1;
   }

data/third_party/boringssl/ssl/s3_lib.cc

@@ -175,7 +175,9 @@ SSL3_STATE::SSL3_STATE()
       send_connection_binding(false),
       tlsext_channel_id_valid(false),
       key_update_pending(false),
-      wpend_pending(false) {}
+      wpend_pending(false),
+      early_data_accepted(false),
+      draft_downgrade(false) {}
 
 SSL3_STATE::~SSL3_STATE() {}
 

data/third_party/boringssl/ssl/s3_pkt.cc

@@ -304,14 +304,6 @@ ssl_open_record_t ssl3_open_app_data(SSL *ssl, Span<uint8_t> *out,
   const bool is_early_data_read = ssl->server && SSL_in_early_data(ssl);
 
   if (type == SSL3_RT_HANDSHAKE) {
-    // If reading 0-RTT data, reject handshake data. 0-RTT data is terminated
-    // by an alert.
-    if (!ssl_is_draft21(ssl->version) && is_early_data_read) {
-      OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_RECORD);
-      *out_alert = SSL_AD_UNEXPECTED_MESSAGE;
-      return ssl_open_record_error;
-    }
-
     // Post-handshake data prior to TLS 1.3 is always renegotiation, which we
     // never accept as a server. Otherwise |ssl3_get_message| will send
     // |SSL_R_EXCESSIVE_MESSAGE_SIZE|.
@@ -332,16 +324,6 @@ ssl_open_record_t ssl3_open_app_data(SSL *ssl, Span<uint8_t> *out,
     return ssl_open_record_discard;
   }
 
-  // Handle the end_of_early_data alert.
-  static const uint8_t kEndOfEarlyData[2] = {SSL3_AL_WARNING,
-                                             TLS1_AD_END_OF_EARLY_DATA};
-  if (!ssl_is_draft21(ssl->version) && is_early_data_read &&
-      type == SSL3_RT_ALERT && body == kEndOfEarlyData) {
-    // Stop accepting early data.
-    ssl->s3->hs->can_early_read = false;
-    return ssl_open_record_discard;
-  }
-
   if (type != SSL3_RT_APPLICATION_DATA) {
     OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_RECORD);
     *out_alert = SSL_AD_UNEXPECTED_MESSAGE;

data/third_party/boringssl/ssl/ssl_aead_ctx.cc

@@ -173,10 +173,7 @@ uint16_t SSLAEADContext::RecordVersion() const {
     return version_;
   }
 
-  if (ssl_is_resumption_record_version_experiment(version_)) {
-    return TLS1_2_VERSION;
-  }
-  return TLS1_VERSION;
+  return TLS1_2_VERSION;
 }
 
 size_t SSLAEADContext::ExplicitNonceLen() const {

data/third_party/boringssl/ssl/ssl_asn1.cc

@@ -197,26 +197,23 @@ static const unsigned kAuthTimeoutTag =
 static const unsigned kEarlyALPNTag =
     CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 26;
 
-static int SSL_SESSION_to_bytes_full(const SSL_SESSION *in, uint8_t **out_data,
-                                     size_t *out_len, int for_ticket) {
+static int SSL_SESSION_to_bytes_full(const SSL_SESSION *in, CBB *cbb,
+                                     int for_ticket) {
   if (in == NULL || in->cipher == NULL) {
     return 0;
   }
 
-  ScopedCBB cbb;
   CBB session, child, child2;
-  if (!CBB_init(cbb.get(), 0) ||
-      !CBB_add_asn1(cbb.get(), &session, CBS_ASN1_SEQUENCE) ||
+  if (!CBB_add_asn1(cbb, &session, CBS_ASN1_SEQUENCE) ||
       !CBB_add_asn1_uint64(&session, kVersion) ||
       !CBB_add_asn1_uint64(&session, in->ssl_version) ||
       !CBB_add_asn1(&session, &child, CBS_ASN1_OCTETSTRING) ||
       !CBB_add_u16(&child, (uint16_t)(in->cipher->id & 0xffff)) ||
-      !CBB_add_asn1(&session, &child, CBS_ASN1_OCTETSTRING) ||
       // The session ID is irrelevant for a session ticket.
-      !CBB_add_bytes(&child, in->session_id,
-                     for_ticket ? 0 : in->session_id_length) ||
-      !CBB_add_asn1(&session, &child, CBS_ASN1_OCTETSTRING) ||
-      !CBB_add_bytes(&child, in->master_key, in->master_key_length) ||
+      !CBB_add_asn1_octet_string(&session, in->session_id,
+                                 for_ticket ? 0 : in->session_id_length) ||
+      !CBB_add_asn1_octet_string(&session, in->master_key,
+                                 in->master_key_length) ||
       !CBB_add_asn1(&session, &child, kTimeTag) ||
       !CBB_add_asn1_uint64(&child, in->time) ||
       !CBB_add_asn1(&session, &child, kTimeoutTag) ||
@@ -240,8 +237,7 @@ static int SSL_SESSION_to_bytes_full(const SSL_SESSION *in, uint8_t **out_data,
   // Although it is OPTIONAL and usually empty, OpenSSL has
   // historically always encoded the sid_ctx.
   if (!CBB_add_asn1(&session, &child, kSessionIDContextTag) ||
-      !CBB_add_asn1(&child, &child2, CBS_ASN1_OCTETSTRING) ||
-      !CBB_add_bytes(&child2, in->sid_ctx, in->sid_ctx_length)) {
+      !CBB_add_asn1_octet_string(&child, in->sid_ctx, in->sid_ctx_length)) {
     OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
     return 0;
   }
@@ -256,9 +252,8 @@ static int SSL_SESSION_to_bytes_full(const SSL_SESSION *in, uint8_t **out_data,
 
   if (in->psk_identity) {
     if (!CBB_add_asn1(&session, &child, kPSKIdentityTag) ||
-        !CBB_add_asn1(&child, &child2, CBS_ASN1_OCTETSTRING) ||
-        !CBB_add_bytes(&child2, (const uint8_t *)in->psk_identity,
-                       strlen(in->psk_identity))) {
+        !CBB_add_asn1_octet_string(&child, (const uint8_t *)in->psk_identity,
+                                   strlen(in->psk_identity))) {
       OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
       return 0;
     }
@@ -274,8 +269,8 @@ static int SSL_SESSION_to_bytes_full(const SSL_SESSION *in, uint8_t **out_data,
 
   if (in->tlsext_tick && !for_ticket) {
     if (!CBB_add_asn1(&session, &child, kTicketTag) ||
-        !CBB_add_asn1(&child, &child2, CBS_ASN1_OCTETSTRING) ||
-        !CBB_add_bytes(&child2, in->tlsext_tick, in->tlsext_ticklen)) {
+        !CBB_add_asn1_octet_string(&child, in->tlsext_tick,
+                                   in->tlsext_ticklen)) {
       OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
       return 0;
     }
@@ -283,8 +278,8 @@ static int SSL_SESSION_to_bytes_full(const SSL_SESSION *in, uint8_t **out_data,
 
   if (in->peer_sha256_valid) {
     if (!CBB_add_asn1(&session, &child, kPeerSHA256Tag) ||
-        !CBB_add_asn1(&child, &child2, CBS_ASN1_OCTETSTRING) ||
-        !CBB_add_bytes(&child2, in->peer_sha256, sizeof(in->peer_sha256))) {
+        !CBB_add_asn1_octet_string(&child, in->peer_sha256,
+                                   sizeof(in->peer_sha256))) {
       OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
       return 0;
     }
@@ -292,9 +287,8 @@ static int SSL_SESSION_to_bytes_full(const SSL_SESSION *in, uint8_t **out_data,
 
   if (in->original_handshake_hash_len > 0) {
     if (!CBB_add_asn1(&session, &child, kOriginalHandshakeHashTag) ||
-        !CBB_add_asn1(&child, &child2, CBS_ASN1_OCTETSTRING) ||
-        !CBB_add_bytes(&child2, in->original_handshake_hash,
-                       in->original_handshake_hash_len)) {
+        !CBB_add_asn1_octet_string(&child, in->original_handshake_hash,
+                                   in->original_handshake_hash_len)) {
       OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
       return 0;
     }
@@ -302,10 +296,9 @@ static int SSL_SESSION_to_bytes_full(const SSL_SESSION *in, uint8_t **out_data,
 
   if (in->signed_cert_timestamp_list != nullptr) {
     if (!CBB_add_asn1(&session, &child, kSignedCertTimestampListTag) ||
-        !CBB_add_asn1(&child, &child2, CBS_ASN1_OCTETSTRING) ||
-        !CBB_add_bytes(&child2,
-                       CRYPTO_BUFFER_data(in->signed_cert_timestamp_list),
-                       CRYPTO_BUFFER_len(in->signed_cert_timestamp_list))) {
+        !CBB_add_asn1_octet_string(
+            &child, CRYPTO_BUFFER_data(in->signed_cert_timestamp_list),
+            CRYPTO_BUFFER_len(in->signed_cert_timestamp_list))) {
       OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
       return 0;
     }
@@ -313,9 +306,9 @@ static int SSL_SESSION_to_bytes_full(const SSL_SESSION *in, uint8_t **out_data,
 
   if (in->ocsp_response != nullptr) {
     if (!CBB_add_asn1(&session, &child, kOCSPResponseTag) ||
-        !CBB_add_asn1(&child, &child2, CBS_ASN1_OCTETSTRING) ||
-        !CBB_add_bytes(&child2, CRYPTO_BUFFER_data(in->ocsp_response),
-                       CRYPTO_BUFFER_len(in->ocsp_response))) {
+        !CBB_add_asn1_octet_string(&child,
+                                   CRYPTO_BUFFER_data(in->ocsp_response),
+                                   CRYPTO_BUFFER_len(in->ocsp_response))) {
       OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
       return 0;
     }
@@ -323,8 +316,7 @@ static int SSL_SESSION_to_bytes_full(const SSL_SESSION *in, uint8_t **out_data,
 
   if (in->extended_master_secret) {
     if (!CBB_add_asn1(&session, &child, kExtendedMasterSecretTag) ||
-        !CBB_add_asn1(&child, &child2, CBS_ASN1_BOOLEAN) ||
-        !CBB_add_u8(&child2, 0xff)) {
+        !CBB_add_asn1_bool(&child, true)) {
       OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
       return 0;
     }
@@ -367,8 +359,7 @@ static int SSL_SESSION_to_bytes_full(const SSL_SESSION *in, uint8_t **out_data,
 
   if (!in->is_server) {
     if (!CBB_add_asn1(&session, &child, kIsServerTag) ||
-        !CBB_add_asn1(&child, &child2, CBS_ASN1_BOOLEAN) ||
-        !CBB_add_u8(&child2, 0x00)) {
+        !CBB_add_asn1_bool(&child, false)) {
       OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
       return 0;
     }
@@ -397,19 +388,14 @@ static int SSL_SESSION_to_bytes_full(const SSL_SESSION *in, uint8_t **out_data,
 
   if (in->early_alpn) {
     if (!CBB_add_asn1(&session, &child, kEarlyALPNTag) ||
-        !CBB_add_asn1(&child, &child2, CBS_ASN1_OCTETSTRING) ||
-        !CBB_add_bytes(&child2, (const uint8_t *)in->early_alpn,
-                       in->early_alpn_len)) {
+        !CBB_add_asn1_octet_string(&child, (const uint8_t *)in->early_alpn,
+                                   in->early_alpn_len)) {
       OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
       return 0;
     }
   }
 
-  if (!CBB_finish(cbb.get(), out_data, out_len)) {
-    OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
-    return 0;
-  }
-  return 1;
+  return CBB_flush(cbb);
 }
 
 // SSL_SESSION_parse_string gets an optional ASN.1 OCTET STRING
@@ -770,6 +756,10 @@ UniquePtr<SSL_SESSION> SSL_SESSION_parse(CBS *cbs,
   return ret;
 }
 
+int ssl_session_serialize(const SSL_SESSION *in, CBB *cbb) {
+  return SSL_SESSION_to_bytes_full(in, cbb, 0);
+}
+
 }  // namespace bssl
 
 using namespace bssl;
@@ -792,12 +782,26 @@ int SSL_SESSION_to_bytes(const SSL_SESSION *in, uint8_t **out_data,
     return 1;
   }
 
-  return SSL_SESSION_to_bytes_full(in, out_data, out_len, 0);
+  ScopedCBB cbb;
+  if (!CBB_init(cbb.get(), 256) ||
+      !SSL_SESSION_to_bytes_full(in, cbb.get(), 0) ||
+      !CBB_finish(cbb.get(), out_data, out_len)) {
+    return 0;
+  }
+
+  return 1;
 }
 
 int SSL_SESSION_to_bytes_for_ticket(const SSL_SESSION *in, uint8_t **out_data,
                                     size_t *out_len) {
-  return SSL_SESSION_to_bytes_full(in, out_data, out_len, 1);
+  ScopedCBB cbb;
+  if (!CBB_init(cbb.get(), 256) ||
+      !SSL_SESSION_to_bytes_full(in, cbb.get(), 1) ||
+      !CBB_finish(cbb.get(), out_data, out_len)) {
+    return 0;
+  }
+
+  return 1;
 }
 
 int i2d_SSL_SESSION(SSL_SESSION *in, uint8_t **pp) {

data/third_party/boringssl/ssl/ssl_cipher.cc

@@ -4,21 +4,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -33,10 +33,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -48,7 +48,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -62,7 +62,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -109,7 +109,7 @@
  */
 /* ====================================================================
  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by 
+ * ECC cipher suite support in OpenSSL originally developed by
  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
  */
 /* ====================================================================
@@ -1774,4 +1774,8 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) { return 1; }
 
 const char *SSL_COMP_get_name(const COMP_METHOD *comp) { return NULL; }
 
+const char *SSL_COMP_get0_name(const SSL_COMP *comp) { return comp->name; }
+
+int SSL_COMP_get_id(const SSL_COMP *comp) { return comp->id; }
+
 void SSL_COMP_free_compression_methods(void) {}

data/third_party/boringssl/ssl/ssl_key_share.cc

@@ -97,8 +97,10 @@ class ECKeyShare : public SSLKeyShare {
       return false;
     }
 
-    if (!EC_POINT_oct2point(group.get(), peer_point.get(), peer_key.data(),
+    if (peer_key.empty() || peer_key[0] != POINT_CONVERSION_UNCOMPRESSED ||
+        !EC_POINT_oct2point(group.get(), peer_point.get(), peer_key.data(),
                             peer_key.size(), bn_ctx.get())) {
+      OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_ECPOINT);
       *out_alert = SSL_AD_DECODE_ERROR;
       return false;
     }

data/third_party/boringssl/ssl/ssl_lib.cc

@@ -4,21 +4,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -33,10 +33,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -48,7 +48,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -62,7 +62,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -109,7 +109,7 @@
  */
 /* ====================================================================
  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by 
+ * ECC cipher suite support in OpenSSL originally developed by
  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
  */
 /* ====================================================================
@@ -465,6 +465,10 @@ void ssl_ctx_get_current_time(const SSL_CTX *ctx,
 #endif
 }
 
+void SSL_CTX_set_handoff_mode(SSL_CTX *ctx, bool on) {
+  ctx->handoff = on;
+}
+
 }  // namespace bssl
 
 using namespace bssl;
@@ -577,12 +581,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *method) {
   ret->mode = SSL_MODE_NO_AUTO_CHAIN;
 
   // Lock the SSL_CTX to the specified version, for compatibility with legacy
-  // uses of SSL_METHOD, but we do not set the minimum version for
-  // |SSLv3_method|.
+  // uses of SSL_METHOD.
   if (!SSL_CTX_set_max_proto_version(ret, method->version) ||
-      !SSL_CTX_set_min_proto_version(ret, method->version == SSL3_VERSION
-                                              ? 0  // default
-                                              : method->version)) {
+      !SSL_CTX_set_min_proto_version(ret, method->version)) {
     OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
     goto err2;
   }
@@ -736,6 +737,7 @@ SSL *SSL_new(SSL_CTX *ctx) {
 
   ssl->signed_cert_timestamps_enabled = ctx->signed_cert_timestamps_enabled;
   ssl->ocsp_stapling_enabled = ctx->ocsp_stapling_enabled;
+  ssl->handoff = ctx->handoff;
 
   return ssl;
 
@@ -771,6 +773,8 @@ void SSL_free(SSL *ssl) {
   SSL_CTX_free(ssl->session_ctx);
   OPENSSL_free(ssl->supported_group_list);
   OPENSSL_free(ssl->alpn_client_proto_list);
+  OPENSSL_free(ssl->token_binding_params);
+  OPENSSL_free(ssl->quic_transport_params);
   EVP_PKEY_free(ssl->tlsext_channel_id_private);
   OPENSSL_free(ssl->psk_identity_hint);
   sk_CRYPTO_BUFFER_pop_free(ssl->client_CA, CRYPTO_BUFFER_free);
@@ -1163,6 +1167,23 @@ int SSL_send_fatal_alert(SSL *ssl, uint8_t alert) {
   return ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
 }
 
+int SSL_set_quic_transport_params(SSL *ssl, const uint8_t *params,
+                                  size_t params_len) {
+  ssl->quic_transport_params = (uint8_t *)BUF_memdup(params, params_len);
+  if (!ssl->quic_transport_params) {
+    return 0;
+  }
+  ssl->quic_transport_params_len = params_len;
+  return 1;
+}
+
+void SSL_get_peer_quic_transport_params(const SSL *ssl,
+                                        const uint8_t **out_params,
+                                        size_t *out_params_len) {
+  *out_params = ssl->s3->peer_quic_transport_params.data();
+  *out_params_len = ssl->s3->peer_quic_transport_params.size();
+}
+
 void SSL_CTX_set_early_data_enabled(SSL_CTX *ctx, int enabled) {
   ctx->cert->enable_early_data = !!enabled;
 }
@@ -1187,7 +1208,7 @@ int SSL_in_early_data(const SSL *ssl) {
 }
 
 int SSL_early_data_accepted(const SSL *ssl) {
-  return ssl->early_data_accepted;
+  return ssl->s3->early_data_accepted;
 }
 
 void SSL_reset_early_data_reject(SSL *ssl) {
@@ -1250,6 +1271,9 @@ int SSL_get_error(const SSL *ssl, int ret_code) {
     case SSL_CERTIFICATE_SELECTION_PENDING:
       return SSL_ERROR_PENDING_CERTIFICATE;
 
+    case SSL_HANDOFF:
+      return SSL_ERROR_HANDOFF;
+
     case SSL_READING: {
       BIO *bio = SSL_get_rbio(ssl);
       if (BIO_should_read(bio)) {
@@ -2122,6 +2146,28 @@ size_t SSL_get_tls_channel_id(SSL *ssl, uint8_t *out, size_t max_out) {
   return 64;
 }
 
+int SSL_set_token_binding_params(SSL *ssl, const uint8_t *params, size_t len) {
+  if (len > 256) {
+    OPENSSL_PUT_ERROR(SSL, ERR_R_OVERFLOW);
+    return 0;
+  }
+  OPENSSL_free(ssl->token_binding_params);
+  ssl->token_binding_params = (uint8_t *)BUF_memdup(params, len);
+  if (!ssl->token_binding_params) {
+    return 0;
+  }
+  ssl->token_binding_params_len = len;
+  return 1;
+}
+
+int SSL_is_token_binding_negotiated(const SSL *ssl) {
+  return ssl->token_binding_negotiated;
+}
+
+uint8_t SSL_get_negotiated_token_binding_param(const SSL *ssl) {
+  return ssl->negotiated_token_binding_param;
+}
+
 size_t SSL_get0_certificate_types(SSL *ssl, const uint8_t **out_types) {
   if (ssl->server || ssl->s3->hs == NULL) {
     *out_types = NULL;
@@ -2385,6 +2431,23 @@ void SSL_CTX_set_psk_server_callback(
   ctx->psk_server_callback = cb;
 }
 
+int SSL_set_dummy_pq_padding_size(SSL *ssl, size_t num_bytes) {
+  if (num_bytes > 0xffff) {
+    return 0;
+  }
+
+  ssl->dummy_pq_padding_len = num_bytes;
+  return 1;
+}
+
+int SSL_dummy_pq_padding_used(SSL *ssl) {
+  if (ssl->server) {
+    return 0;
+  }
+
+  return ssl->did_dummy_pq_padding;
+}
+
 void SSL_CTX_set_msg_callback(SSL_CTX *ctx,
                               void (*cb)(int write_p, int version,
                                          int content_type, const void *buf,
@@ -2567,6 +2630,12 @@ int32_t SSL_get_ticket_age_skew(const SSL *ssl) {
   return ssl->s3->ticket_age_skew;
 }
 
+void SSL_CTX_set_false_start_allowed_without_alpn(SSL_CTX *ctx, int allowed) {
+  ctx->false_start_allowed_without_alpn = !!allowed;
+}
+
+int SSL_is_draft_downgrade(const SSL *ssl) { return ssl->s3->draft_downgrade; }
+
 int SSL_clear(SSL *ssl) {
   // In OpenSSL, reusing a client |SSL| with |SSL_clear| causes the previously
   // established session to be offered the next time around. wpa_supplicant