grpc 1.69.0 → 1.70.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (640) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +251 -249
  3. data/include/grpc/support/atm.h +0 -13
  4. data/src/core/call/request_buffer.cc +224 -0
  5. data/src/core/call/request_buffer.h +192 -0
  6. data/src/core/client_channel/client_channel.cc +2 -3
  7. data/src/core/client_channel/client_channel_args.h +21 -0
  8. data/src/core/client_channel/client_channel_filter.h +1 -3
  9. data/src/core/client_channel/retry_interceptor.cc +406 -0
  10. data/src/core/client_channel/retry_interceptor.h +157 -0
  11. data/src/core/client_channel/retry_service_config.h +13 -0
  12. data/src/core/client_channel/retry_throttle.cc +33 -18
  13. data/src/core/client_channel/retry_throttle.h +3 -3
  14. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +596 -94
  15. data/src/core/ext/transport/chttp2/server/chttp2_server.h +189 -13
  16. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +1 -0
  17. data/src/core/ext/transport/chttp2/transport/frame_security.cc +1 -3
  18. data/src/core/ext/transport/chttp2/transport/stream_lists.cc +40 -1
  19. data/src/core/ext/upb-gen/envoy/admin/v3/config_dump_shared.upb.h +3 -1
  20. data/src/core/ext/upb-gen/envoy/config/cluster/v3/cluster.upb.h +66 -36
  21. data/src/core/ext/upb-gen/envoy/config/cluster/v3/cluster.upb_minitable.c +19 -17
  22. data/src/core/ext/upb-gen/envoy/config/core/v3/base.upb.h +116 -0
  23. data/src/core/ext/upb-gen/envoy/config/core/v3/base.upb_minitable.c +31 -5
  24. data/src/core/ext/upb-gen/envoy/config/core/v3/base.upb_minitable.h +2 -0
  25. data/src/core/ext/upb-gen/envoy/config/core/v3/protocol.upb.h +67 -6
  26. data/src/core/ext/upb-gen/envoy/config/core/v3/protocol.upb_minitable.c +12 -8
  27. data/src/core/ext/upb-gen/envoy/config/core/v3/socket_cmsg_headers.upb.h +151 -0
  28. data/src/core/ext/upb-gen/envoy/config/core/v3/socket_cmsg_headers.upb_minitable.c +60 -0
  29. data/src/core/ext/upb-gen/envoy/config/core/v3/socket_cmsg_headers.upb_minitable.h +32 -0
  30. data/src/core/ext/upb-gen/envoy/config/core/v3/socket_option.upb.h +228 -21
  31. data/src/core/ext/upb-gen/envoy/config/core/v3/socket_option.upb_minitable.c +65 -17
  32. data/src/core/ext/upb-gen/envoy/config/core/v3/socket_option.upb_minitable.h +6 -0
  33. data/src/core/ext/upb-gen/envoy/config/listener/v3/listener_components.upb.h +7 -106
  34. data/src/core/ext/upb-gen/envoy/config/listener/v3/listener_components.upb_minitable.c +7 -28
  35. data/src/core/ext/upb-gen/envoy/config/listener/v3/listener_components.upb_minitable.h +0 -2
  36. data/src/core/ext/upb-gen/envoy/config/listener/v3/quic_config.upb.h +85 -0
  37. data/src/core/ext/upb-gen/envoy/config/listener/v3/quic_config.upb_minitable.c +25 -3
  38. data/src/core/ext/upb-gen/envoy/config/overload/v3/overload.upb.h +2 -1
  39. data/src/core/ext/upb-gen/envoy/config/rbac/v3/rbac.upb.h +152 -0
  40. data/src/core/ext/upb-gen/envoy/config/rbac/v3/rbac.upb_minitable.c +40 -10
  41. data/src/core/ext/upb-gen/envoy/config/rbac/v3/rbac.upb_minitable.h +2 -0
  42. data/src/core/ext/upb-gen/envoy/config/route/v3/route_components.upb.h +135 -4
  43. data/src/core/ext/upb-gen/envoy/config/route/v3/route_components.upb_minitable.c +41 -9
  44. data/src/core/ext/upb-gen/envoy/config/route/v3/route_components.upb_minitable.h +2 -0
  45. data/src/core/ext/upb-gen/envoy/config/trace/v3/trace.upb.h +0 -2
  46. data/src/core/ext/upb-gen/envoy/config/trace/v3/trace.upb_minitable.c +0 -1
  47. data/src/core/ext/upb-gen/envoy/config/trace/v3/trace.upb_minitable.h +0 -1
  48. data/src/core/ext/upb-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +16 -0
  49. data/src/core/ext/upb-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb_minitable.c +3 -2
  50. data/src/core/ext/upb-gen/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.h +60 -0
  51. data/src/core/ext/upb-gen/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb_minitable.c +13 -2
  52. data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/http_11_proxy/v3/upstream_http_11_connect.upb.h +0 -1
  53. data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/http_11_proxy/v3/upstream_http_11_connect.upb_minitable.c +0 -1
  54. data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +102 -24
  55. data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/tls.upb_minitable.c +28 -19
  56. data/src/core/ext/upb-gen/envoy/service/discovery/v3/discovery.upb.h +251 -18
  57. data/src/core/ext/upb-gen/envoy/service/discovery/v3/discovery.upb_minitable.c +41 -16
  58. data/src/core/ext/upb-gen/envoy/service/discovery/v3/discovery.upb_minitable.h +2 -0
  59. data/src/core/ext/upb-gen/envoy/service/status/v3/csds.upb.h +2 -1
  60. data/src/core/ext/upbdefs-gen/envoy/admin/v3/config_dump_shared.upbdefs.c +11 -10
  61. data/src/core/ext/upbdefs-gen/envoy/config/cluster/v3/cluster.upbdefs.c +418 -413
  62. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/base.upbdefs.c +161 -153
  63. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/base.upbdefs.h +5 -0
  64. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/protocol.upbdefs.c +267 -261
  65. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/socket_cmsg_headers.upbdefs.c +46 -0
  66. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/socket_cmsg_headers.upbdefs.h +33 -0
  67. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/socket_option.upbdefs.c +29 -19
  68. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/socket_option.upbdefs.h +15 -0
  69. data/src/core/ext/upbdefs-gen/envoy/config/listener/v3/listener_components.upbdefs.c +58 -65
  70. data/src/core/ext/upbdefs-gen/envoy/config/listener/v3/listener_components.upbdefs.h +0 -5
  71. data/src/core/ext/upbdefs-gen/envoy/config/listener/v3/quic_config.upbdefs.c +73 -63
  72. data/src/core/ext/upbdefs-gen/envoy/config/overload/v3/overload.upbdefs.c +49 -48
  73. data/src/core/ext/upbdefs-gen/envoy/config/rbac/v3/rbac.upbdefs.c +117 -100
  74. data/src/core/ext/upbdefs-gen/envoy/config/rbac/v3/rbac.upbdefs.h +5 -0
  75. data/src/core/ext/upbdefs-gen/envoy/config/route/v3/route_components.upbdefs.c +905 -897
  76. data/src/core/ext/upbdefs-gen/envoy/config/route/v3/route_components.upbdefs.h +5 -0
  77. data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/trace.upbdefs.c +15 -18
  78. data/src/core/ext/upbdefs-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +460 -457
  79. data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/http_11_proxy/v3/upstream_http_11_connect.upbdefs.c +16 -19
  80. data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +95 -95
  81. data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +202 -191
  82. data/src/core/ext/upbdefs-gen/envoy/service/discovery/v3/discovery.upbdefs.c +148 -135
  83. data/src/core/ext/upbdefs-gen/envoy/service/discovery/v3/discovery.upbdefs.h +5 -0
  84. data/src/core/ext/upbdefs-gen/envoy/service/status/v3/csds.upbdefs.c +23 -22
  85. data/src/core/filter/filter_args.h +112 -0
  86. data/src/core/handshaker/http_connect/http_connect_handshaker.cc +1 -1
  87. data/src/core/lib/channel/promise_based_filter.h +5 -79
  88. data/src/core/lib/debug/trace_flags.cc +2 -0
  89. data/src/core/lib/debug/trace_flags.h +1 -0
  90. data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +14 -0
  91. data/src/core/lib/event_engine/posix_engine/posix_engine.cc +7 -2
  92. data/src/core/lib/event_engine/posix_engine/posix_engine.h +0 -2
  93. data/src/core/lib/event_engine/windows/windows_engine.cc +1 -0
  94. data/src/core/lib/experiments/experiments.cc +90 -39
  95. data/src/core/lib/experiments/experiments.h +43 -24
  96. data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +1 -1
  97. data/src/core/lib/promise/activity.cc +2 -0
  98. data/src/core/lib/promise/activity.h +29 -8
  99. data/src/core/lib/promise/map.h +42 -0
  100. data/src/core/lib/promise/party.cc +36 -1
  101. data/src/core/lib/promise/party.h +13 -5
  102. data/src/core/lib/promise/sleep.h +1 -0
  103. data/src/core/lib/promise/status_flag.h +10 -0
  104. data/src/core/lib/resource_quota/arena.h +8 -0
  105. data/src/core/lib/resource_quota/connection_quota.h +4 -0
  106. data/src/core/lib/surface/call_utils.h +2 -0
  107. data/src/core/lib/surface/client_call.cc +43 -35
  108. data/src/core/lib/surface/client_call.h +5 -0
  109. data/src/core/lib/surface/event_string.cc +7 -1
  110. data/src/core/lib/surface/init_internally.h +13 -2
  111. data/src/core/lib/surface/server_call.cc +100 -85
  112. data/src/core/lib/surface/version.cc +2 -2
  113. data/src/core/lib/transport/call_filters.cc +10 -4
  114. data/src/core/lib/transport/call_filters.h +8 -0
  115. data/src/core/lib/transport/call_spine.cc +36 -71
  116. data/src/core/lib/transport/call_spine.h +131 -7
  117. data/src/core/lib/transport/call_state.h +132 -39
  118. data/src/core/lib/transport/interception_chain.cc +8 -0
  119. data/src/core/lib/transport/interception_chain.h +9 -0
  120. data/src/core/load_balancing/endpoint_list.cc +10 -0
  121. data/src/core/load_balancing/endpoint_list.h +13 -6
  122. data/src/core/load_balancing/lb_policy.h +0 -8
  123. data/src/core/load_balancing/pick_first/pick_first.cc +89 -56
  124. data/src/core/load_balancing/ring_hash/ring_hash.cc +158 -70
  125. data/src/core/load_balancing/ring_hash/ring_hash.h +4 -11
  126. data/src/core/load_balancing/round_robin/round_robin.cc +9 -14
  127. data/src/core/load_balancing/weighted_round_robin/weighted_round_robin.cc +12 -15
  128. data/src/core/resolver/dns/c_ares/dns_resolver_ares.cc +4 -4
  129. data/src/core/resolver/xds/xds_dependency_manager.cc +139 -135
  130. data/src/core/resolver/xds/xds_dependency_manager.h +24 -18
  131. data/src/core/resolver/xds/xds_resolver.cc +28 -47
  132. data/src/core/server/server.cc +290 -24
  133. data/src/core/server/server.h +199 -61
  134. data/src/core/server/xds_server_config_fetcher.cc +78 -142
  135. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +1 -1
  136. data/src/core/util/backoff.cc +15 -4
  137. data/src/core/util/http_client/httpcli.cc +66 -18
  138. data/src/core/util/http_client/httpcli.h +14 -4
  139. data/src/core/util/matchers.h +5 -10
  140. data/src/core/util/ref_counted.h +1 -0
  141. data/src/core/util/ref_counted_ptr.h +1 -1
  142. data/src/core/util/useful.h +9 -11
  143. data/src/core/xds/grpc/xds_endpoint_parser.cc +54 -23
  144. data/src/core/xds/grpc/xds_metadata.h +8 -0
  145. data/src/core/xds/xds_client/xds_api.cc +0 -223
  146. data/src/core/xds/xds_client/xds_api.h +1 -133
  147. data/src/core/xds/xds_client/xds_client.cc +599 -466
  148. data/src/core/xds/xds_client/xds_client.h +107 -26
  149. data/src/core/xds/xds_client/xds_resource_type_impl.h +10 -5
  150. data/src/ruby/ext/grpc/extconf.rb +1 -0
  151. data/src/ruby/lib/grpc/version.rb +1 -1
  152. data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_bitstr.c → a_bitstr.cc} +3 -2
  153. data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_d2i_fp.c → a_d2i_fp.cc} +1 -1
  154. data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_dup.c → a_dup.cc} +1 -1
  155. data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_i2d_fp.c → a_i2d_fp.cc} +1 -1
  156. data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_int.c → a_int.cc} +2 -1
  157. data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_mbstr.c → a_mbstr.cc} +9 -7
  158. data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_object.c → a_object.cc} +1 -1
  159. data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_strnid.c → a_strnid.cc} +7 -4
  160. data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_type.c → a_type.cc} +4 -4
  161. data/third_party/boringssl-with-bazel/src/crypto/asn1/{asn1_lib.c → asn1_lib.cc} +4 -4
  162. data/third_party/boringssl-with-bazel/src/crypto/asn1/{asn_pack.c → asn_pack.cc} +2 -2
  163. data/third_party/boringssl-with-bazel/src/crypto/asn1/{posix_time.c → posix_time.cc} +2 -2
  164. data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_dec.c → tasn_dec.cc} +4 -3
  165. data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_enc.c → tasn_enc.cc} +9 -6
  166. data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_fre.c → tasn_fre.cc} +14 -20
  167. data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_new.c → tasn_new.cc} +7 -6
  168. data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_utl.c → tasn_utl.cc} +13 -10
  169. data/third_party/boringssl-with-bazel/src/crypto/base64/{base64.c → base64.cc} +9 -12
  170. data/third_party/boringssl-with-bazel/src/crypto/bcm_support.h +7 -1
  171. data/third_party/boringssl-with-bazel/src/crypto/bio/{bio.c → bio.cc} +32 -58
  172. data/third_party/boringssl-with-bazel/src/crypto/bio/{bio_mem.c → bio_mem.cc} +8 -7
  173. data/third_party/boringssl-with-bazel/src/crypto/bio/{connect.c → connect.cc} +24 -16
  174. data/third_party/boringssl-with-bazel/src/crypto/bio/{file.c → file.cc} +3 -3
  175. data/third_party/boringssl-with-bazel/src/crypto/bio/{pair.c → pair.cc} +22 -20
  176. data/third_party/boringssl-with-bazel/src/crypto/bio/{printf.c → printf.cc} +2 -2
  177. data/third_party/boringssl-with-bazel/src/crypto/bio/{socket_helper.c → socket_helper.cc} +1 -1
  178. data/third_party/boringssl-with-bazel/src/crypto/blake2/{blake2.c → blake2.cc} +2 -2
  179. data/third_party/boringssl-with-bazel/src/crypto/bn_extra/{bn_asn1.c → bn_asn1.cc} +1 -1
  180. data/third_party/boringssl-with-bazel/src/crypto/bn_extra/{convert.c → convert.cc} +21 -21
  181. data/third_party/boringssl-with-bazel/src/crypto/buf/{buf.c → buf.cc} +6 -3
  182. data/third_party/boringssl-with-bazel/src/crypto/bytestring/{asn1_compat.c → asn1_compat.cc} +1 -1
  183. data/third_party/boringssl-with-bazel/src/crypto/bytestring/{ber.c → ber.cc} +1 -1
  184. data/third_party/boringssl-with-bazel/src/crypto/bytestring/{cbb.c → cbb.cc} +33 -49
  185. data/third_party/boringssl-with-bazel/src/crypto/bytestring/{cbs.c → cbs.cc} +20 -27
  186. data/third_party/boringssl-with-bazel/src/crypto/bytestring/internal.h +1 -1
  187. data/third_party/boringssl-with-bazel/src/crypto/bytestring/{unicode.c → unicode.cc} +1 -1
  188. data/third_party/boringssl-with-bazel/src/crypto/chacha/{chacha.c → chacha.cc} +1 -1
  189. data/third_party/boringssl-with-bazel/src/crypto/chacha/internal.h +1 -1
  190. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_aesctrhmac.c → e_aesctrhmac.cc} +1 -1
  191. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_aesgcmsiv.c → e_aesgcmsiv.cc} +23 -26
  192. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_chacha20poly1305.c → e_chacha20poly1305.cc} +1 -8
  193. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_des.c → e_des.cc} +61 -49
  194. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_null.c → e_null.cc} +12 -9
  195. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_rc2.c → e_rc2.cc} +23 -19
  196. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_rc4.c → e_rc4.cc} +10 -8
  197. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_tls.c → e_tls.cc} +2 -1
  198. data/third_party/boringssl-with-bazel/src/crypto/conf/{conf.c → conf.cc} +17 -14
  199. data/third_party/boringssl-with-bazel/src/crypto/conf/internal.h +1 -1
  200. data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_apple.c → cpu_aarch64_apple.cc} +2 -2
  201. data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_fuchsia.c → cpu_aarch64_fuchsia.cc} +2 -2
  202. data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_linux.c → cpu_aarch64_linux.cc} +2 -2
  203. data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_openbsd.c → cpu_aarch64_openbsd.cc} +4 -4
  204. data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_sysreg.c → cpu_aarch64_sysreg.cc} +3 -2
  205. data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_win.c → cpu_aarch64_win.cc} +2 -2
  206. data/third_party/boringssl-with-bazel/src/crypto/{cpu_arm_freebsd.c → cpu_arm_freebsd.cc} +3 -3
  207. data/third_party/boringssl-with-bazel/src/crypto/{cpu_arm_linux.c → cpu_arm_linux.cc} +5 -5
  208. data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_linux.h +1 -1
  209. data/third_party/boringssl-with-bazel/src/crypto/{cpu_intel.c → cpu_intel.cc} +47 -32
  210. data/third_party/boringssl-with-bazel/src/crypto/{crypto.c → crypto.cc} +6 -11
  211. data/third_party/boringssl-with-bazel/src/crypto/curve25519/{curve25519.c → curve25519.cc} +28 -31
  212. data/third_party/boringssl-with-bazel/src/crypto/curve25519/{curve25519_64_adx.c → curve25519_64_adx.cc} +1 -1
  213. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519_tables.h +1 -1
  214. data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h +1 -1
  215. data/third_party/boringssl-with-bazel/src/crypto/curve25519/{spake25519.c → spake25519.cc} +20 -16
  216. data/third_party/boringssl-with-bazel/src/crypto/dh_extra/{dh_asn1.c → dh_asn1.cc} +2 -2
  217. data/third_party/boringssl-with-bazel/src/crypto/digest_extra/{digest_extra.c → digest_extra.cc} +113 -31
  218. data/third_party/boringssl-with-bazel/src/crypto/dsa/{dsa.c → dsa.cc} +153 -154
  219. data/third_party/boringssl-with-bazel/src/crypto/dsa/{dsa_asn1.c → dsa_asn1.cc} +2 -2
  220. data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +1 -3
  221. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/{ec_asn1.c → ec_asn1.cc} +35 -0
  222. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/{ec_derive.c → ec_derive.cc} +1 -1
  223. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/{hash_to_curve.c → hash_to_curve.cc} +66 -64
  224. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +1 -1
  225. data/third_party/boringssl-with-bazel/src/crypto/ecdsa_extra/{ecdsa_asn1.c → ecdsa_asn1.cc} +15 -25
  226. data/third_party/boringssl-with-bazel/src/crypto/engine/{engine.c → engine.cc} +12 -8
  227. data/third_party/boringssl-with-bazel/src/crypto/err/{err.c → err.cc} +24 -27
  228. data/third_party/boringssl-with-bazel/src/crypto/err/internal.h +1 -1
  229. data/third_party/boringssl-with-bazel/src/crypto/evp/{evp.c → evp.cc} +8 -9
  230. data/third_party/boringssl-with-bazel/src/crypto/evp/{evp_ctx.c → evp_ctx.cc} +7 -8
  231. data/third_party/boringssl-with-bazel/src/crypto/evp/{p_dh.c → p_dh.cc} +23 -14
  232. data/third_party/boringssl-with-bazel/src/crypto/evp/{p_dh_asn1.c → p_dh_asn1.cc} +38 -21
  233. data/third_party/boringssl-with-bazel/src/crypto/evp/{p_dsa_asn1.c → p_dsa_asn1.cc} +19 -24
  234. data/third_party/boringssl-with-bazel/src/crypto/evp/{p_ec.c → p_ec.cc} +20 -23
  235. data/third_party/boringssl-with-bazel/src/crypto/evp/{p_ec_asn1.c → p_ec_asn1.cc} +20 -20
  236. data/third_party/boringssl-with-bazel/src/crypto/evp/{p_ed25519.c → p_ed25519.cc} +22 -19
  237. data/third_party/boringssl-with-bazel/src/crypto/evp/{p_ed25519_asn1.c → p_ed25519_asn1.cc} +14 -13
  238. data/third_party/boringssl-with-bazel/src/crypto/evp/{p_hkdf.c → p_hkdf.cc} +18 -14
  239. data/third_party/boringssl-with-bazel/src/crypto/evp/{p_rsa.c → p_rsa.cc} +38 -37
  240. data/third_party/boringssl-with-bazel/src/crypto/evp/{p_rsa_asn1.c → p_rsa_asn1.cc} +16 -18
  241. data/third_party/boringssl-with-bazel/src/crypto/evp/{p_x25519.c → p_x25519.cc} +22 -19
  242. data/third_party/boringssl-with-bazel/src/crypto/evp/{p_x25519_asn1.c → p_x25519_asn1.cc} +18 -17
  243. data/third_party/boringssl-with-bazel/src/crypto/evp/{pbkdf.c → pbkdf.cc} +2 -2
  244. data/third_party/boringssl-with-bazel/src/crypto/evp/{print.c → print.cc} +4 -5
  245. data/third_party/boringssl-with-bazel/src/crypto/evp/{scrypt.c → scrypt.cc} +7 -5
  246. data/third_party/boringssl-with-bazel/src/crypto/{ex_data.c → ex_data.cc} +3 -4
  247. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{aes_nohw.c.inc → aes_nohw.cc.inc} +1 -1
  248. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +1 -5
  249. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{key_wrap.c.inc → key_wrap.cc.inc} +1 -1
  250. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/{bcm.c → bcm.cc} +96 -101
  251. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm_interface.h +165 -12
  252. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{add.c.inc → add.cc.inc} +1 -0
  253. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/asm/{x86_64-gcc.c.inc → x86_64-gcc.cc.inc} +4 -4
  254. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{bn.c.inc → bn.cc.inc} +12 -24
  255. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{ctx.c.inc → ctx.cc.inc} +5 -7
  256. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{div.c.inc → div.cc.inc} +29 -38
  257. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{div_extra.c.inc → div_extra.cc.inc} +1 -1
  258. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{exponentiation.c.inc → exponentiation.cc.inc} +22 -22
  259. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{gcd.c.inc → gcd.cc.inc} +3 -6
  260. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{gcd_extra.c.inc → gcd_extra.cc.inc} +33 -25
  261. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{montgomery.c.inc → montgomery.cc.inc} +10 -17
  262. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{mul.c.inc → mul.cc.inc} +11 -15
  263. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{prime.c.inc → prime.cc.inc} +31 -34
  264. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{shift.c.inc → shift.cc.inc} +3 -4
  265. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{aead.c.inc → aead.cc.inc} +18 -10
  266. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{cipher.c.inc → cipher.cc.inc} +6 -9
  267. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{e_aes.c.inc → e_aes.cc.inc} +46 -54
  268. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cmac/{cmac.c.inc → cmac.cc.inc} +6 -6
  269. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/delocate.h +14 -10
  270. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/{dh.c.inc → dh.cc.inc} +15 -19
  271. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/internal.h +1 -3
  272. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/{digest.c.inc → digest.cc.inc} +17 -13
  273. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/{digests.c.inc → digests.cc.inc} +29 -113
  274. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digestsign/{digestsign.c.inc → digestsign.cc.inc} +3 -3
  275. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/builtin_curves.h +1 -1
  276. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec.c.inc → ec.cc.inc} +10 -15
  277. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec_key.c.inc → ec_key.cc.inc} +12 -14
  278. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{felem.c.inc → felem.cc.inc} +1 -1
  279. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{oct.c.inc → oct.cc.inc} +5 -6
  280. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p224-64.c.inc → p224-64.cc.inc} +1 -1
  281. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-nistz-table.h +1 -1
  282. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-nistz.c.inc → p256-nistz.cc.inc} +15 -13
  283. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256.c.inc → p256.cc.inc} +1 -1
  284. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +1 -1
  285. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{scalar.c.inc → scalar.cc.inc} +1 -1
  286. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{simple_mul.c.inc → simple_mul.cc.inc} +1 -1
  287. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{util.c.inc → util.cc.inc} +1 -1
  288. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{wnaf.c.inc → wnaf.cc.inc} +24 -15
  289. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/{ecdh.c.inc → ecdh.cc.inc} +14 -5
  290. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/{ecdsa.c.inc → ecdsa.cc.inc} +6 -7
  291. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +1 -1
  292. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/{fips_shared_support.c → fips_shared_support.cc} +2 -3
  293. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hkdf/{hkdf.c.inc → hkdf.cc.inc} +1 -1
  294. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hmac/{hmac.c.inc → hmac.cc.inc} +3 -2
  295. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{gcm.c.inc → gcm.cc.inc} +69 -21
  296. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{gcm_nohw.c.inc → gcm_nohw.cc.inc} +1 -1
  297. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +53 -33
  298. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{polyval.c.inc → polyval.cc.inc} +2 -3
  299. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/{ctrdrbg.c.inc → ctrdrbg.cc.inc} +5 -4
  300. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +1 -1
  301. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/{rand.c.inc → rand.cc.inc} +20 -18
  302. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{blinding.c.inc → blinding.cc.inc} +5 -4
  303. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{padding.c.inc → padding.cc.inc} +21 -21
  304. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{rsa.c.inc → rsa.cc.inc} +77 -73
  305. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{rsa_impl.c.inc → rsa_impl.cc.inc} +50 -53
  306. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/{fips.c.inc → fips.cc.inc} +14 -6
  307. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/{self_check.c.inc → self_check.cc.inc} +56 -52
  308. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/{service_indicator.c.inc → service_indicator.cc.inc} +10 -11
  309. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +2 -4
  310. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha1.c.inc → sha1.cc.inc} +26 -33
  311. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha256.c.inc → sha256.cc.inc} +37 -55
  312. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha512.c.inc → sha512.cc.inc} +48 -76
  313. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/internal.h +1 -1
  314. data/third_party/boringssl-with-bazel/src/crypto/hpke/{hpke.c → hpke.cc} +7 -4
  315. data/third_party/boringssl-with-bazel/src/crypto/hrss/{hrss.c → hrss.cc} +53 -110
  316. data/third_party/boringssl-with-bazel/src/crypto/hrss/internal.h +1 -1
  317. data/third_party/boringssl-with-bazel/src/crypto/internal.h +191 -248
  318. data/third_party/boringssl-with-bazel/src/crypto/keccak/internal.h +1 -1
  319. data/third_party/boringssl-with-bazel/src/crypto/keccak/{keccak.c → keccak.cc} +1 -1
  320. data/third_party/boringssl-with-bazel/src/crypto/kyber/internal.h +1 -1
  321. data/third_party/boringssl-with-bazel/src/crypto/kyber/{kyber.c → kyber.cc} +1 -1
  322. data/third_party/boringssl-with-bazel/src/crypto/lhash/{lhash.c → lhash.cc} +8 -7
  323. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/md4/md4.c.inc → md4/md4.cc} +8 -12
  324. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/md5 → md5}/internal.h +1 -1
  325. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/md5/md5.c.inc → md5/md5.cc} +4 -3
  326. data/third_party/boringssl-with-bazel/src/crypto/{mem.c → mem.cc} +34 -22
  327. data/third_party/boringssl-with-bazel/src/crypto/mldsa/internal.h +4 -1
  328. data/third_party/boringssl-with-bazel/src/crypto/mldsa/{mldsa.c → mldsa.cc} +646 -543
  329. data/third_party/boringssl-with-bazel/src/crypto/mlkem/internal.h +1 -1
  330. data/third_party/boringssl-with-bazel/src/crypto/mlkem/mlkem.cc +8 -8
  331. data/third_party/boringssl-with-bazel/src/crypto/obj/{obj.c → obj.cc} +27 -30
  332. data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_info.c → pem_info.cc} +2 -2
  333. data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_lib.c → pem_lib.cc} +3 -4
  334. data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_oth.c → pem_oth.cc} +1 -1
  335. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/internal.h +1 -1
  336. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/{pkcs7.c → pkcs7.cc} +5 -5
  337. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/{pkcs7_x509.c → pkcs7_x509.cc} +26 -25
  338. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/internal.h +2 -2
  339. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/{p5_pbev2.c → p5_pbev2.cc} +2 -2
  340. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/{pkcs8.c → pkcs8.cc} +159 -158
  341. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/{pkcs8_x509.c → pkcs8_x509.cc} +90 -97
  342. data/third_party/boringssl-with-bazel/src/crypto/poly1305/internal.h +1 -1
  343. data/third_party/boringssl-with-bazel/src/crypto/poly1305/{poly1305.c → poly1305.cc} +3 -3
  344. data/third_party/boringssl-with-bazel/src/crypto/poly1305/{poly1305_arm.c → poly1305_arm.cc} +4 -2
  345. data/third_party/boringssl-with-bazel/src/crypto/poly1305/{poly1305_vec.c → poly1305_vec.cc} +14 -11
  346. data/third_party/boringssl-with-bazel/src/crypto/pool/internal.h +1 -1
  347. data/third_party/boringssl-with-bazel/src/crypto/pool/{pool.c → pool.cc} +12 -11
  348. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{deterministic.c → deterministic.cc} +2 -2
  349. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{fork_detect.c → fork_detect.cc} +11 -12
  350. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{forkunsafe.c → forkunsafe.cc} +2 -2
  351. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{getentropy.c → getentropy.cc} +1 -1
  352. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/getrandom_fillin.h +1 -1
  353. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{ios.c → ios.cc} +1 -1
  354. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{passive.c → passive.cc} +22 -18
  355. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{rand_extra.c → rand_extra.cc} +1 -1
  356. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/sysrand_internal.h +1 -1
  357. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{trusty.c → trusty.cc} +1 -1
  358. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{urandom.c → urandom.cc} +7 -7
  359. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{windows.c → windows.cc} +1 -1
  360. data/third_party/boringssl-with-bazel/src/crypto/{refcount.c → refcount.cc} +1 -1
  361. data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/{rsa_asn1.c → rsa_asn1.cc} +2 -2
  362. data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/{rsa_crypt.c → rsa_crypt.cc} +81 -78
  363. data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_extra.cc +17 -0
  364. data/third_party/boringssl-with-bazel/src/crypto/sha/sha1.cc +52 -0
  365. data/third_party/boringssl-with-bazel/src/crypto/sha/sha256.cc +87 -0
  366. data/third_party/boringssl-with-bazel/src/crypto/sha/sha512.cc +104 -0
  367. data/third_party/boringssl-with-bazel/src/crypto/siphash/{siphash.c → siphash.cc} +1 -1
  368. data/third_party/boringssl-with-bazel/src/crypto/slhdsa/address.h +123 -0
  369. data/third_party/boringssl-with-bazel/src/crypto/slhdsa/fors.cc +169 -0
  370. data/third_party/boringssl-with-bazel/src/crypto/slhdsa/fors.h +58 -0
  371. data/third_party/boringssl-with-bazel/src/crypto/slhdsa/internal.h +63 -0
  372. data/third_party/boringssl-with-bazel/src/crypto/slhdsa/merkle.cc +161 -0
  373. data/third_party/boringssl-with-bazel/src/crypto/slhdsa/merkle.h +70 -0
  374. data/third_party/boringssl-with-bazel/src/crypto/slhdsa/params.h +83 -0
  375. data/third_party/boringssl-with-bazel/src/crypto/slhdsa/slhdsa.cc +307 -0
  376. data/third_party/boringssl-with-bazel/src/crypto/slhdsa/thash.cc +173 -0
  377. data/third_party/boringssl-with-bazel/src/crypto/slhdsa/thash.h +85 -0
  378. data/third_party/boringssl-with-bazel/src/crypto/slhdsa/wots.cc +171 -0
  379. data/third_party/boringssl-with-bazel/src/crypto/slhdsa/wots.h +50 -0
  380. data/third_party/boringssl-with-bazel/src/crypto/stack/{stack.c → stack.cc} +10 -6
  381. data/third_party/boringssl-with-bazel/src/crypto/{thread_none.c → thread_none.cc} +1 -1
  382. data/third_party/boringssl-with-bazel/src/crypto/{thread_pthread.c → thread_pthread.cc} +9 -8
  383. data/third_party/boringssl-with-bazel/src/crypto/{thread_win.c → thread_win.cc} +21 -17
  384. data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +1 -1
  385. data/third_party/boringssl-with-bazel/src/crypto/trust_token/{pmbtoken.c → pmbtoken.cc} +146 -158
  386. data/third_party/boringssl-with-bazel/src/crypto/trust_token/{trust_token.c → trust_token.cc} +19 -21
  387. data/third_party/boringssl-with-bazel/src/crypto/trust_token/{voprf.c → voprf.cc} +165 -169
  388. data/third_party/boringssl-with-bazel/src/crypto/x509/{a_digest.c → a_digest.cc} +1 -1
  389. data/third_party/boringssl-with-bazel/src/crypto/x509/{a_sign.c → a_sign.cc} +37 -34
  390. data/third_party/boringssl-with-bazel/src/crypto/x509/{a_verify.c → a_verify.cc} +1 -1
  391. data/third_party/boringssl-with-bazel/src/crypto/x509/{algorithm.c → algorithm.cc} +1 -1
  392. data/third_party/boringssl-with-bazel/src/crypto/x509/{asn1_gen.c → asn1_gen.cc} +5 -6
  393. data/third_party/boringssl-with-bazel/src/crypto/x509/{by_dir.c → by_dir.cc} +7 -6
  394. data/third_party/boringssl-with-bazel/src/crypto/x509/{policy.c → policy.cc} +188 -178
  395. data/third_party/boringssl-with-bazel/src/crypto/x509/{rsa_pss.c → rsa_pss.cc} +48 -44
  396. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_akey.c → v3_akey.cc} +4 -2
  397. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_alt.c → v3_alt.cc} +5 -5
  398. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_bcons.c → v3_bcons.cc} +3 -1
  399. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_bitst.c → v3_bitst.cc} +6 -3
  400. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_conf.c → v3_conf.cc} +5 -5
  401. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_cpols.c → v3_cpols.cc} +47 -41
  402. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_crld.c → v3_crld.cc} +3 -2
  403. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_enum.c → v3_enum.cc} +5 -2
  404. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_extku.c → v3_extku.cc} +3 -1
  405. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_genn.c → v3_genn.cc} +7 -7
  406. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_ia5.c → v3_ia5.cc} +3 -2
  407. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_info.c → v3_info.cc} +4 -2
  408. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_int.c → v3_int.cc} +3 -1
  409. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_lib.c → v3_lib.cc} +9 -6
  410. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_ncons.c → v3_ncons.cc} +3 -3
  411. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_ocsp.c → v3_ocsp.cc} +4 -1
  412. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_pcons.c → v3_pcons.cc} +3 -3
  413. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_pmaps.c → v3_pmaps.cc} +3 -3
  414. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_prn.c → v3_prn.cc} +2 -1
  415. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_purp.c → v3_purp.cc} +16 -8
  416. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_skey.c → v3_skey.cc} +6 -3
  417. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_utl.c → v3_utl.cc} +15 -10
  418. data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_att.c → x509_att.cc} +3 -2
  419. data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_lu.c → x509_lu.cc} +6 -5
  420. data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_v3.c → x509_v3.cc} +2 -2
  421. data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_vfy.c → x509_vfy.cc} +216 -212
  422. data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_vpm.c → x509_vpm.cc} +55 -13
  423. data/third_party/boringssl-with-bazel/src/crypto/x509/{x509spki.c → x509spki.cc} +3 -3
  424. data/third_party/boringssl-with-bazel/src/crypto/x509/{x_all.c → x_all.cc} +10 -6
  425. data/third_party/boringssl-with-bazel/src/crypto/x509/{x_crl.c → x_crl.cc} +6 -6
  426. data/third_party/boringssl-with-bazel/src/crypto/x509/{x_name.c → x_name.cc} +39 -32
  427. data/third_party/boringssl-with-bazel/src/crypto/x509/{x_pubkey.c → x_pubkey.cc} +4 -2
  428. data/third_party/boringssl-with-bazel/src/crypto/x509/{x_x509.c → x_x509.cc} +48 -44
  429. data/third_party/boringssl-with-bazel/src/crypto/x509/{x_x509a.c → x_x509a.cc} +4 -2
  430. data/third_party/boringssl-with-bazel/src/gen/crypto/{err_data.c → err_data.cc} +359 -358
  431. data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +1 -1
  432. data/third_party/boringssl-with-bazel/src/include/openssl/asm_base.h +1 -1
  433. data/third_party/boringssl-with-bazel/src/include/openssl/asn1_mac.h +1 -1
  434. data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +237 -275
  435. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +12 -5
  436. data/third_party/boringssl-with-bazel/src/include/openssl/bcm_public.h +82 -0
  437. data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +1 -1
  438. data/third_party/boringssl-with-bazel/src/include/openssl/buffer.h +1 -1
  439. data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +1 -1
  440. data/third_party/boringssl-with-bazel/src/include/openssl/chacha.h +1 -1
  441. data/third_party/boringssl-with-bazel/src/include/openssl/cmac.h +1 -1
  442. data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +1 -1
  443. data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +13 -2
  444. data/third_party/boringssl-with-bazel/src/include/openssl/ctrdrbg.h +1 -1
  445. data/third_party/boringssl-with-bazel/src/include/openssl/curve25519.h +1 -1
  446. data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +4 -0
  447. data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +6 -1
  448. data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +4 -0
  449. data/third_party/boringssl-with-bazel/src/include/openssl/dtls1.h +1 -1
  450. data/third_party/boringssl-with-bazel/src/include/openssl/e_os2.h +1 -1
  451. data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h +17 -1
  452. data/third_party/boringssl-with-bazel/src/include/openssl/engine.h +1 -1
  453. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +1 -1
  454. data/third_party/boringssl-with-bazel/src/include/openssl/experimental/kyber.h +1 -1
  455. data/third_party/boringssl-with-bazel/src/include/openssl/hkdf.h +1 -1
  456. data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +1 -1
  457. data/third_party/boringssl-with-bazel/src/include/openssl/hrss.h +1 -1
  458. data/third_party/boringssl-with-bazel/src/include/openssl/is_boringssl.h +1 -1
  459. data/third_party/boringssl-with-bazel/src/include/openssl/kdf.h +1 -1
  460. data/third_party/boringssl-with-bazel/src/include/openssl/mldsa.h +8 -8
  461. data/third_party/boringssl-with-bazel/src/include/openssl/mlkem.h +1 -1
  462. data/third_party/boringssl-with-bazel/src/include/openssl/obj_mac.h +1 -1
  463. data/third_party/boringssl-with-bazel/src/include/openssl/objects.h +1 -1
  464. data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +1 -1
  465. data/third_party/boringssl-with-bazel/src/include/openssl/opensslv.h +1 -1
  466. data/third_party/boringssl-with-bazel/src/include/openssl/ossl_typ.h +1 -1
  467. data/third_party/boringssl-with-bazel/src/include/openssl/pkcs12.h +1 -1
  468. data/third_party/boringssl-with-bazel/src/include/openssl/pkcs7.h +1 -1
  469. data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +2 -2
  470. data/third_party/boringssl-with-bazel/src/include/openssl/poly1305.h +1 -1
  471. data/third_party/boringssl-with-bazel/src/include/openssl/pool.h +1 -1
  472. data/third_party/boringssl-with-bazel/src/include/openssl/posix_time.h +1 -1
  473. data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +1 -1
  474. data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +10 -5
  475. data/third_party/boringssl-with-bazel/src/include/openssl/safestack.h +1 -1
  476. data/third_party/boringssl-with-bazel/src/include/openssl/sha.h +2 -40
  477. data/third_party/boringssl-with-bazel/src/include/openssl/siphash.h +1 -1
  478. data/third_party/boringssl-with-bazel/src/include/openssl/slhdsa.h +133 -0
  479. data/third_party/boringssl-with-bazel/src/include/openssl/span.h +6 -1
  480. data/third_party/boringssl-with-bazel/src/include/openssl/srtp.h +1 -1
  481. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +160 -116
  482. data/third_party/boringssl-with-bazel/src/include/openssl/ssl3.h +1 -0
  483. data/third_party/boringssl-with-bazel/src/include/openssl/target.h +1 -1
  484. data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +2 -2
  485. data/third_party/boringssl-with-bazel/src/include/openssl/time.h +1 -1
  486. data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +1 -1
  487. data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +1 -1
  488. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +1 -1
  489. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3_errors.h +2 -2
  490. data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +2 -6
  491. data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +667 -322
  492. data/third_party/boringssl-with-bazel/src/ssl/d1_lib.cc +116 -119
  493. data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +163 -21
  494. data/third_party/boringssl-with-bazel/src/ssl/d1_srtp.cc +4 -12
  495. data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +94 -49
  496. data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +296 -198
  497. data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +23 -14
  498. data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +363 -343
  499. data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +48 -58
  500. data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +44 -36
  501. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +145 -159
  502. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +65 -58
  503. data/third_party/boringssl-with-bazel/src/ssl/internal.h +910 -356
  504. data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +29 -41
  505. data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +13 -11
  506. data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +2 -2
  507. data/third_party/boringssl-with-bazel/src/ssl/ssl_aead_ctx.cc +90 -183
  508. data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +38 -64
  509. data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +1 -1
  510. data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +103 -44
  511. data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +210 -220
  512. data/third_party/boringssl-with-bazel/src/ssl/ssl_credential.cc +70 -12
  513. data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +20 -17
  514. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +146 -169
  515. data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +15 -16
  516. data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +79 -95
  517. data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +3 -9
  518. data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +91 -16
  519. data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +30 -16
  520. data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +51 -56
  521. data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +22 -25
  522. data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +43 -27
  523. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +63 -59
  524. data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +204 -121
  525. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +86 -59
  526. data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +51 -62
  527. data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +37 -25
  528. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +6 -0
  529. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +6 -0
  530. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64_adx.h +4 -1
  531. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +1 -1
  532. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +3 -0
  533. metadata +339 -339
  534. data/src/core/ext/upb-gen/envoy/config/trace/v3/opencensus.upb.h +0 -426
  535. data/src/core/ext/upb-gen/envoy/config/trace/v3/opencensus.upb_minitable.c +0 -87
  536. data/src/core/ext/upb-gen/envoy/config/trace/v3/opencensus.upb_minitable.h +0 -32
  537. data/src/core/ext/upb-gen/opencensus/proto/trace/v1/trace_config.upb.h +0 -408
  538. data/src/core/ext/upb-gen/opencensus/proto/trace/v1/trace_config.upb_minitable.c +0 -124
  539. data/src/core/ext/upb-gen/opencensus/proto/trace/v1/trace_config.upb_minitable.h +0 -38
  540. data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/opencensus.upbdefs.c +0 -108
  541. data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/opencensus.upbdefs.h +0 -33
  542. data/src/core/ext/upbdefs-gen/opencensus/proto/trace/v1/trace_config.upbdefs.c +0 -67
  543. data/src/core/ext/upbdefs-gen/opencensus/proto/trace/v1/trace_config.upbdefs.h +0 -48
  544. data/src/core/util/atm.cc +0 -34
  545. data/third_party/boringssl-with-bazel/src/crypto/dilithium/dilithium.c +0 -1539
  546. data/third_party/boringssl-with-bazel/src/crypto/dilithium/internal.h +0 -58
  547. data/third_party/boringssl-with-bazel/src/crypto/spx/address.c +0 -101
  548. data/third_party/boringssl-with-bazel/src/crypto/spx/address.h +0 -50
  549. data/third_party/boringssl-with-bazel/src/crypto/spx/fors.c +0 -133
  550. data/third_party/boringssl-with-bazel/src/crypto/spx/fors.h +0 -54
  551. data/third_party/boringssl-with-bazel/src/crypto/spx/merkle.c +0 -150
  552. data/third_party/boringssl-with-bazel/src/crypto/spx/merkle.h +0 -61
  553. data/third_party/boringssl-with-bazel/src/crypto/spx/params.h +0 -71
  554. data/third_party/boringssl-with-bazel/src/crypto/spx/spx.c +0 -140
  555. data/third_party/boringssl-with-bazel/src/crypto/spx/spx_util.c +0 -53
  556. data/third_party/boringssl-with-bazel/src/crypto/spx/spx_util.h +0 -44
  557. data/third_party/boringssl-with-bazel/src/crypto/spx/thash.c +0 -136
  558. data/third_party/boringssl-with-bazel/src/crypto/spx/thash.h +0 -70
  559. data/third_party/boringssl-with-bazel/src/crypto/spx/wots.c +0 -135
  560. data/third_party/boringssl-with-bazel/src/crypto/spx/wots.h +0 -45
  561. data/third_party/boringssl-with-bazel/src/include/openssl/experimental/dilithium.h +0 -129
  562. data/third_party/boringssl-with-bazel/src/include/openssl/experimental/spx.h +0 -90
  563. /data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_bool.c → a_bool.cc} +0 -0
  564. /data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_gentm.c → a_gentm.cc} +0 -0
  565. /data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_octet.c → a_octet.cc} +0 -0
  566. /data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_strex.c → a_strex.cc} +0 -0
  567. /data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_time.c → a_time.cc} +0 -0
  568. /data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_utctm.c → a_utctm.cc} +0 -0
  569. /data/third_party/boringssl-with-bazel/src/crypto/asn1/{asn1_par.c → asn1_par.cc} +0 -0
  570. /data/third_party/boringssl-with-bazel/src/crypto/asn1/{f_int.c → f_int.cc} +0 -0
  571. /data/third_party/boringssl-with-bazel/src/crypto/asn1/{f_string.c → f_string.cc} +0 -0
  572. /data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_typ.c → tasn_typ.cc} +0 -0
  573. /data/third_party/boringssl-with-bazel/src/crypto/bio/{errno.c → errno.cc} +0 -0
  574. /data/third_party/boringssl-with-bazel/src/crypto/bio/{fd.c → fd.cc} +0 -0
  575. /data/third_party/boringssl-with-bazel/src/crypto/bio/{hexdump.c → hexdump.cc} +0 -0
  576. /data/third_party/boringssl-with-bazel/src/crypto/bio/{socket.c → socket.cc} +0 -0
  577. /data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{cipher_extra.c → cipher_extra.cc} +0 -0
  578. /data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{derive_key.c → derive_key.cc} +0 -0
  579. /data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{tls_cbc.c → tls_cbc.cc} +0 -0
  580. /data/third_party/boringssl-with-bazel/src/crypto/des/{des.c → des.cc} +0 -0
  581. /data/third_party/boringssl-with-bazel/src/crypto/dh_extra/{params.c → params.cc} +0 -0
  582. /data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/{ecdh_extra.c → ecdh_extra.cc} +0 -0
  583. /data/third_party/boringssl-with-bazel/src/crypto/evp/{evp_asn1.c → evp_asn1.cc} +0 -0
  584. /data/third_party/boringssl-with-bazel/src/crypto/evp/{sign.c → sign.cc} +0 -0
  585. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{aes.c.inc → aes.cc.inc} +0 -0
  586. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{mode_wrappers.c.inc → mode_wrappers.cc.inc} +0 -0
  587. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{bytes.c.inc → bytes.cc.inc} +0 -0
  588. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{cmp.c.inc → cmp.cc.inc} +0 -0
  589. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{generic.c.inc → generic.cc.inc} +0 -0
  590. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{jacobi.c.inc → jacobi.cc.inc} +0 -0
  591. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{montgomery_inv.c.inc → montgomery_inv.cc.inc} +0 -0
  592. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{random.c.inc → random.cc.inc} +0 -0
  593. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{rsaz_exp.c.inc → rsaz_exp.cc.inc} +0 -0
  594. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{sqrt.c.inc → sqrt.cc.inc} +0 -0
  595. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{e_aesccm.c.inc → e_aesccm.cc.inc} +0 -0
  596. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/{check.c.inc → check.cc.inc} +0 -0
  597. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec_montgomery.c.inc → ec_montgomery.cc.inc} +0 -0
  598. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{simple.c.inc → simple.cc.inc} +0 -0
  599. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{cbc.c.inc → cbc.cc.inc} +0 -0
  600. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{cfb.c.inc → cfb.cc.inc} +0 -0
  601. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{ctr.c.inc → ctr.cc.inc} +0 -0
  602. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{ofb.c.inc → ofb.cc.inc} +0 -0
  603. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/{kdf.c.inc → kdf.cc.inc} +0 -0
  604. /data/third_party/boringssl-with-bazel/src/crypto/obj/{obj_xref.c → obj_xref.cc} +0 -0
  605. /data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_all.c → pem_all.cc} +0 -0
  606. /data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_pk8.c → pem_pk8.cc} +0 -0
  607. /data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_pkey.c → pem_pkey.cc} +0 -0
  608. /data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_x509.c → pem_x509.cc} +0 -0
  609. /data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_xaux.c → pem_xaux.cc} +0 -0
  610. /data/third_party/boringssl-with-bazel/src/crypto/rc4/{rc4.c → rc4.cc} +0 -0
  611. /data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/{rsa_print.c → rsa_print.cc} +0 -0
  612. /data/third_party/boringssl-with-bazel/src/crypto/{thread.c → thread.cc} +0 -0
  613. /data/third_party/boringssl-with-bazel/src/crypto/x509/{by_file.c → by_file.cc} +0 -0
  614. /data/third_party/boringssl-with-bazel/src/crypto/x509/{i2d_pr.c → i2d_pr.cc} +0 -0
  615. /data/third_party/boringssl-with-bazel/src/crypto/x509/{name_print.c → name_print.cc} +0 -0
  616. /data/third_party/boringssl-with-bazel/src/crypto/x509/{t_crl.c → t_crl.cc} +0 -0
  617. /data/third_party/boringssl-with-bazel/src/crypto/x509/{t_req.c → t_req.cc} +0 -0
  618. /data/third_party/boringssl-with-bazel/src/crypto/x509/{t_x509.c → t_x509.cc} +0 -0
  619. /data/third_party/boringssl-with-bazel/src/crypto/x509/{t_x509a.c → t_x509a.cc} +0 -0
  620. /data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_akeya.c → v3_akeya.cc} +0 -0
  621. /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509.c → x509.cc} +0 -0
  622. /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_cmp.c → x509_cmp.cc} +0 -0
  623. /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_d2.c → x509_d2.cc} +0 -0
  624. /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_def.c → x509_def.cc} +0 -0
  625. /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_ext.c → x509_ext.cc} +0 -0
  626. /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_obj.c → x509_obj.cc} +0 -0
  627. /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_req.c → x509_req.cc} +0 -0
  628. /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_set.c → x509_set.cc} +0 -0
  629. /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_trs.c → x509_trs.cc} +0 -0
  630. /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_txt.c → x509_txt.cc} +0 -0
  631. /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509cset.c → x509cset.cc} +0 -0
  632. /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509name.c → x509name.cc} +0 -0
  633. /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509rset.c → x509rset.cc} +0 -0
  634. /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_algor.c → x_algor.cc} +0 -0
  635. /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_attrib.c → x_attrib.cc} +0 -0
  636. /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_exten.c → x_exten.cc} +0 -0
  637. /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_req.c → x_req.cc} +0 -0
  638. /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_sig.c → x_sig.cc} +0 -0
  639. /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_spki.c → x_spki.cc} +0 -0
  640. /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_val.c → x_val.cc} +0 -0
data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc CHANGED
@@ -1,4 +1,4 @@
1
- /* Copyright (c) 2016, Google Inc.
1
+ /* Copyright 2016 The BoringSSL Authors
2
2
  *
3
3
  * Permission to use, copy, modify, and/or distribute this software for any
4
4
  * purpose with or without fee is hereby granted, provided that the above
@@ -169,9 +169,9 @@ bool tls13_process_certificate(SSL_HANDSHAKE *hs, const SSLMessage &msg,
169
169
  }
170
170
 
171
171
  CBS context, certificate_list;
172
- if (!CBS_get_u8_length_prefixed(&body, &context) ||
173
- CBS_len(&context) != 0 ||
174
- !CBS_get_u24_length_prefixed(&body, &certificate_list) ||
172
+ if (!CBS_get_u8_length_prefixed(&body, &context) || //
173
+ CBS_len(&context) != 0 || //
174
+ !CBS_get_u24_length_prefixed(&body, &certificate_list) || //
175
175
  CBS_len(&body) != 0) {
176
176
  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
177
177
  OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
@@ -221,7 +221,7 @@ bool tls13_process_certificate(SSL_HANDSHAKE *hs, const SSLMessage &msg,
221
221
 
222
222
  UniquePtr<CRYPTO_BUFFER> buf(
223
223
  CRYPTO_BUFFER_new_from_CBS(&certificate, ssl->ctx->pool));
224
- if (!buf ||
224
+ if (!buf || //
225
225
  !PushToStack(certs.get(), std::move(buf))) {
226
226
  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
227
227
  return false;
@@ -249,8 +249,7 @@ bool tls13_process_certificate(SSL_HANDSHAKE *hs, const SSLMessage &msg,
249
249
  if (!CBS_get_u8(&status_request.data, &status_type) ||
250
250
  status_type != TLSEXT_STATUSTYPE_ocsp ||
251
251
  !CBS_get_u24_length_prefixed(&status_request.data, &ocsp_response) ||
252
- CBS_len(&ocsp_response) == 0 ||
253
- CBS_len(&status_request.data) != 0) {
252
+ CBS_len(&ocsp_response) == 0 || CBS_len(&status_request.data) != 0) {
254
253
  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
255
254
  return false;
256
255
  }
@@ -317,7 +316,8 @@ bool tls13_process_certificate(SSL_HANDSHAKE *hs, const SSLMessage &msg,
317
316
  return true;
318
317
  }
319
318
 
320
- bool tls13_process_certificate_verify(SSL_HANDSHAKE *hs, const SSLMessage &msg) {
319
+ bool tls13_process_certificate_verify(SSL_HANDSHAKE *hs,
320
+ const SSLMessage &msg) {
321
321
  SSL *const ssl = hs->ssl;
322
322
  if (hs->peer_pubkey == NULL) {
323
323
  OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
@@ -326,8 +326,8 @@ bool tls13_process_certificate_verify(SSL_HANDSHAKE *hs, const SSLMessage &msg)
326
326
 
327
327
  CBS body = msg.body, signature;
328
328
  uint16_t signature_algorithm;
329
- if (!CBS_get_u16(&body, &signature_algorithm) ||
330
- !CBS_get_u16_length_prefixed(&body, &signature) ||
329
+ if (!CBS_get_u16(&body, &signature_algorithm) || //
330
+ !CBS_get_u16_length_prefixed(&body, &signature) || //
331
331
  CBS_len(&body) != 0) {
332
332
  OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
333
333
  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
@@ -367,7 +367,7 @@ bool tls13_process_finished(SSL_HANDSHAKE *hs, const SSLMessage &msg,
367
367
  Span<const uint8_t> verify_data;
368
368
  if (use_saved_value) {
369
369
  assert(ssl->server);
370
- verify_data = hs->expected_client_finished();
370
+ verify_data = hs->expected_client_finished;
371
371
  } else {
372
372
  size_t len;
373
373
  if (!tls13_finished_mac(hs, verify_data_buf, &len, !ssl->server)) {
@@ -409,7 +409,7 @@ bool tls13_add_certificate(SSL_HANDSHAKE *hs) {
409
409
  }
410
410
  }
411
411
 
412
- if (// The request context is always empty in the handshake.
412
+ if ( // The request context is always empty in the handshake.
413
413
  !CBB_add_u8(body, 0) ||
414
414
  !CBB_add_u24_length_prefixed(body, &certificate_list)) {
415
415
  OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
@@ -588,7 +588,7 @@ enum ssl_private_key_result_t tls13_add_certificate_verify(SSL_HANDSHAKE *hs) {
588
588
  return sign_result;
589
589
  }
590
590
 
591
- if (!CBB_did_write(&child, sig_len) ||
591
+ if (!CBB_did_write(&child, sig_len) || //
592
592
  !ssl_add_message_cbb(ssl, cbb.get())) {
593
593
  return ssl_private_key_failure;
594
594
  }
@@ -618,13 +618,31 @@ bool tls13_add_finished(SSL_HANDSHAKE *hs) {
618
618
  return true;
619
619
  }
620
620
 
621
- bool tls13_add_key_update(SSL *ssl, int update_requested) {
621
+ bool tls13_add_key_update(SSL *ssl, int request_type) {
622
+ if (ssl->s3->key_update_pending) {
623
+ return true;
624
+ }
625
+
626
+ // We do not support multiple parallel outgoing flights. If there is an
627
+ // outgoing flight pending, queue the KeyUpdate for later.
628
+ if (SSL_is_dtls(ssl) && !ssl->d1->outgoing_messages.empty()) {
629
+ ssl->d1->queued_key_update = request_type == SSL_KEY_UPDATE_REQUESTED
630
+ ? QueuedKeyUpdate::kUpdateRequested
631
+ : QueuedKeyUpdate::kUpdateNotRequested;
632
+ return true;
633
+ }
634
+
622
635
  ScopedCBB cbb;
623
636
  CBB body_cbb;
624
637
  if (!ssl->method->init_message(ssl, cbb.get(), &body_cbb,
625
638
  SSL3_MT_KEY_UPDATE) ||
626
- !CBB_add_u8(&body_cbb, update_requested) ||
627
- !ssl_add_message_cbb(ssl, cbb.get()) ||
639
+ !CBB_add_u8(&body_cbb, request_type) ||
640
+ !ssl_add_message_cbb(ssl, cbb.get())) {
641
+ return false;
642
+ }
643
+
644
+ // In DTLS, the actual key update is deferred until KeyUpdate is ACKed.
645
+ if (!SSL_is_dtls(ssl) &&
628
646
  !tls13_rotate_traffic_key(ssl, evp_aead_seal)) {
629
647
  return false;
630
648
  }
@@ -633,16 +651,16 @@ bool tls13_add_key_update(SSL *ssl, int update_requested) {
633
651
  // wire. This prevents us from accumulating write obligations when read and
634
652
  // write progress at different rates. See RFC 8446, section 4.6.3.
635
653
  ssl->s3->key_update_pending = true;
636
-
654
+ ssl->method->finish_flight(ssl);
637
655
  return true;
638
656
  }
639
657
 
640
658
  static bool tls13_receive_key_update(SSL *ssl, const SSLMessage &msg) {
641
659
  CBS body = msg.body;
642
660
  uint8_t key_update_request;
643
- if (!CBS_get_u8(&body, &key_update_request) ||
644
- CBS_len(&body) != 0 ||
645
- (key_update_request != SSL_KEY_UPDATE_NOT_REQUESTED &&
661
+ if (!CBS_get_u8(&body, &key_update_request) || //
662
+ CBS_len(&body) != 0 || //
663
+ (key_update_request != SSL_KEY_UPDATE_NOT_REQUESTED && //
646
664
  key_update_request != SSL_KEY_UPDATE_REQUESTED)) {
647
665
  OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
648
666
  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
@@ -655,7 +673,6 @@ static bool tls13_receive_key_update(SSL *ssl, const SSLMessage &msg) {
655
673
 
656
674
  // Acknowledge the KeyUpdate
657
675
  if (key_update_request == SSL_KEY_UPDATE_REQUESTED &&
658
- !ssl->s3->key_update_pending &&
659
676
  !tls13_add_key_update(ssl, SSL_KEY_UPDATE_NOT_REQUESTED)) {
660
677
  return false;
661
678
  }
@@ -664,10 +681,13 @@ static bool tls13_receive_key_update(SSL *ssl, const SSLMessage &msg) {
664
681
  }
665
682
 
666
683
  bool tls13_post_handshake(SSL *ssl, const SSLMessage &msg) {
684
+ if (msg.type == SSL3_MT_NEW_SESSION_TICKET && !ssl->server) {
685
+ return tls13_process_new_session_ticket(ssl, msg);
686
+ }
687
+
667
688
  if (msg.type == SSL3_MT_KEY_UPDATE) {
668
689
  ssl->s3->key_update_count++;
669
- if (ssl->quic_method != nullptr ||
670
- ssl->s3->key_update_count > kMaxKeyUpdates) {
690
+ if (SSL_is_quic(ssl) || ssl->s3->key_update_count > kMaxKeyUpdates) {
671
691
  OPENSSL_PUT_ERROR(SSL, SSL_R_TOO_MANY_KEY_UPDATES);
672
692
  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
673
693
  return false;
@@ -678,10 +698,6 @@ bool tls13_post_handshake(SSL *ssl, const SSLMessage &msg) {
678
698
 
679
699
  ssl->s3->key_update_count = 0;
680
700
 
681
- if (msg.type == SSL3_MT_NEW_SESSION_TICKET && !ssl->server) {
682
- return tls13_process_new_session_ticket(ssl, msg);
683
- }
684
-
685
701
  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
686
702
  OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_MESSAGE);
687
703
  return false;
data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc CHANGED
@@ -1,4 +1,4 @@
1
- /* Copyright (c) 2016, Google Inc.
1
+ /* Copyright 2016 The BoringSSL Authors
2
2
  *
3
3
  * Permission to use, copy, modify, and/or distribute this software for any
4
4
  * purpose with or without fee is hereby granted, provided that the above
@@ -73,31 +73,34 @@ static bool close_early_data(SSL_HANDSHAKE *hs, ssl_encryption_level_t level) {
73
73
  // write state. The two ClientHello sequence numbers must align, and handshake
74
74
  // write keys must be installed early to ACK the EncryptedExtensions.
75
75
  //
76
- // We do not currently implement DTLS 1.3 and, in QUIC, the caller handles
77
- // 0-RTT data, so we can skip installing 0-RTT keys and act as if there is one
78
- // write level. If we implement DTLS 1.3, we'll need to model this better.
79
- if (ssl->quic_method == nullptr) {
76
+ // TODO(crbug.com/381113363): We do not support 0-RTT in DTLS 1.3 and, in
77
+ // QUIC, the caller handles 0-RTT data, so we can skip installing 0-RTT keys
78
+ // and act as if there is one write level. Now that we're implementing
79
+ // DTLS 1.3, switch the abstraction to the DTLS/QUIC model where handshake
80
+ // keys write keys are installed immediately, but the TLS record layer
81
+ // internally waits to activate that epoch until the 0-RTT channel is closed.
82
+ if (!SSL_is_quic(ssl)) {
80
83
  if (level == ssl_encryption_initial) {
81
84
  bssl::UniquePtr<SSLAEADContext> null_ctx =
82
- SSLAEADContext::CreateNullCipher(SSL_is_dtls(ssl));
83
- if (!null_ctx ||
85
+ SSLAEADContext::CreateNullCipher();
86
+ if (!null_ctx || //
84
87
  !ssl->method->set_write_state(ssl, ssl_encryption_initial,
85
88
  std::move(null_ctx),
86
- /*secret_for_quic=*/{})) {
89
+ /*traffic_secret=*/{})) {
87
90
  return false;
88
91
  }
89
- ssl->s3->aead_write_ctx->SetVersionIfNullCipher(ssl->version);
90
92
  } else {
91
93
  assert(level == ssl_encryption_handshake);
92
94
  if (!tls13_set_traffic_key(ssl, ssl_encryption_handshake, evp_aead_seal,
93
95
  hs->new_session.get(),
94
- hs->client_handshake_secret())) {
96
+ hs->client_handshake_secret)) {
95
97
  return false;
96
98
  }
97
99
  }
100
+ } else {
101
+ assert(ssl->s3->quic_write_level == level);
98
102
  }
99
103
 
100
- assert(ssl->s3->write_level == level);
101
104
  return true;
102
105
  }
103
106
 
@@ -107,24 +110,21 @@ static bool parse_server_hello_tls13(const SSL_HANDSHAKE *hs,
107
110
  if (!ssl_parse_server_hello(out, out_alert, msg)) {
108
111
  return false;
109
112
  }
110
- uint16_t server_hello_version = TLS1_2_VERSION;
111
- if (SSL_is_dtls(hs->ssl)) {
112
- server_hello_version = DTLS1_2_VERSION;
113
- }
113
+ uint16_t expected_version =
114
+ SSL_is_dtls(hs->ssl) ? DTLS1_2_VERSION : TLS1_2_VERSION;
114
115
  // DTLS 1.3 disables "compatibility mode" (RFC 8446, appendix D.4). When
115
116
  // disabled, servers MUST NOT echo the legacy_session_id (RFC 9147, section
116
117
  // 5). The client could have sent a session ID indicating its willingness to
117
118
  // resume a DTLS 1.2 session, so just checking that the session IDs match is
118
119
  // incorrect.
119
- bool session_id_match =
120
- (SSL_is_dtls(hs->ssl) && CBS_len(&out->session_id) == 0) ||
121
- (!SSL_is_dtls(hs->ssl) &&
122
- CBS_mem_equal(&out->session_id, hs->session_id, hs->session_id_len));
123
-
124
- // The RFC8446 version of the structure fixes some legacy values.
125
- // Additionally, the session ID must echo the original one.
126
- if (out->legacy_version != server_hello_version ||
127
- out->compression_method != 0 || !session_id_match ||
120
+ Span<const uint8_t> expected_session_id = SSL_is_dtls(hs->ssl)
121
+ ? Span<const uint8_t>()
122
+ : MakeConstSpan(hs->session_id);
123
+
124
+ // RFC 8446 fixes some legacy values. Check them.
125
+ if (out->legacy_version != expected_version || //
126
+ out->compression_method != 0 ||
127
+ Span<const uint8_t>(out->session_id) != expected_session_id ||
128
128
  CBS_len(&out->extensions) == 0) {
129
129
  OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
130
130
  *out_alert = SSL_AD_DECODE_ERROR;
@@ -183,7 +183,7 @@ static bool check_ech_confirmation(const SSL_HANDSHAKE *hs, bool *out_accepted,
183
183
 
184
184
  static enum ssl_hs_wait_t do_read_hello_retry_request(SSL_HANDSHAKE *hs) {
185
185
  SSL *const ssl = hs->ssl;
186
- assert(ssl->s3->have_version);
186
+ assert(ssl->s3->version != 0);
187
187
  SSLMessage msg;
188
188
  if (!ssl->method->get_message(ssl, &msg)) {
189
189
  return ssl_hs_read_message;
@@ -192,7 +192,7 @@ static enum ssl_hs_wait_t do_read_hello_retry_request(SSL_HANDSHAKE *hs) {
192
192
  // Queue up a ChangeCipherSpec for whenever we next send something. This
193
193
  // will be before the second ClientHello. If we offered early data, this was
194
194
  // already done.
195
- if (!hs->early_data_offered &&
195
+ if (!hs->early_data_offered && //
196
196
  !ssl->method->add_change_cipher_spec(ssl)) {
197
197
  return ssl_hs_error;
198
198
  }
@@ -271,8 +271,8 @@ static enum ssl_hs_wait_t do_read_hello_retry_request(SSL_HANDSHAKE *hs) {
271
271
  }
272
272
  if (cookie.present) {
273
273
  CBS cookie_value;
274
- if (!CBS_get_u16_length_prefixed(&cookie.data, &cookie_value) ||
275
- CBS_len(&cookie_value) == 0 ||
274
+ if (!CBS_get_u16_length_prefixed(&cookie.data, &cookie_value) || //
275
+ CBS_len(&cookie_value) == 0 || //
276
276
  CBS_len(&cookie.data) != 0) {
277
277
  OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
278
278
  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
@@ -348,9 +348,6 @@ static enum ssl_hs_wait_t do_read_hello_retry_request(SSL_HANDSHAKE *hs) {
348
348
  }
349
349
 
350
350
  static enum ssl_hs_wait_t do_send_second_client_hello(SSL_HANDSHAKE *hs) {
351
- // Any 0-RTT keys must have been discarded.
352
- assert(hs->ssl->s3->write_level == ssl_encryption_initial);
353
-
354
351
  // Build the second ClientHelloInner, if applicable. The second ClientHello
355
352
  // uses an empty string for |enc|.
356
353
  if (hs->ssl->s3->ech_status == ssl_ech_accepted &&
@@ -421,7 +418,10 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
421
418
 
422
419
  // When offering ECH, |ssl->session| is only offered in ClientHelloInner.
423
420
  const bool pre_shared_key_allowed =
424
- ssl->session != nullptr && ssl->s3->ech_status != ssl_ech_rejected;
421
+ ssl->session != nullptr &&
422
+ ssl_session_get_type(ssl->session.get()) ==
423
+ SSLSessionType::kPreSharedKey &&
424
+ ssl->s3->ech_status != ssl_ech_rejected;
425
425
  SSLExtension key_share(TLSEXT_TYPE_key_share),
426
426
  pre_shared_key(TLSEXT_TYPE_pre_shared_key, pre_shared_key_allowed),
427
427
  supported_versions(TLSEXT_TYPE_supported_versions);
@@ -434,10 +434,10 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
434
434
 
435
435
  // Recheck supported_versions, in case this is after HelloRetryRequest.
436
436
  uint16_t version;
437
- if (!supported_versions.present ||
438
- !CBS_get_u16(&supported_versions.data, &version) ||
439
- CBS_len(&supported_versions.data) != 0 ||
440
- version != ssl->version) {
437
+ if (!supported_versions.present || //
438
+ !CBS_get_u16(&supported_versions.data, &version) || //
439
+ CBS_len(&supported_versions.data) != 0 || //
440
+ version != ssl->s3->version) {
441
441
  OPENSSL_PUT_ERROR(SSL, SSL_R_SECOND_SERVERHELLO_VERSION_MISMATCH);
442
442
  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
443
443
  return ssl_hs_error;
@@ -451,7 +451,7 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
451
451
  return ssl_hs_error;
452
452
  }
453
453
 
454
- if (ssl->session->ssl_version != ssl->version) {
454
+ if (ssl->session->ssl_version != ssl->s3->version) {
455
455
  OPENSSL_PUT_ERROR(SSL, SSL_R_OLD_SESSION_VERSION_NOT_RETURNED);
456
456
  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
457
457
  return ssl_hs_error;
@@ -495,11 +495,9 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
495
495
  // Set up the key schedule and incorporate the PSK into the running secret.
496
496
  size_t hash_len = EVP_MD_size(
497
497
  ssl_get_handshake_digest(ssl_protocol_version(ssl), hs->new_cipher));
498
- if (!tls13_init_key_schedule(
499
- hs, ssl->s3->session_reused
500
- ? MakeConstSpan(hs->new_session->secret,
501
- hs->new_session->secret_length)
502
- : MakeConstSpan(kZeroes, hash_len))) {
498
+ if (!tls13_init_key_schedule(hs, ssl->s3->session_reused
499
+ ? MakeConstSpan(hs->new_session->secret)
500
+ : MakeConstSpan(kZeroes, hash_len))) {
503
501
  return ssl_hs_error;
504
502
  }
505
503
 
@@ -519,8 +517,8 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
519
517
  return ssl_hs_error;
520
518
  }
521
519
 
522
- if (!tls13_advance_key_schedule(hs, dhe_secret) ||
523
- !ssl_hash_message(hs, msg) ||
520
+ if (!tls13_advance_key_schedule(hs, dhe_secret) || //
521
+ !ssl_hash_message(hs, msg) || //
524
522
  !tls13_derive_handshake_secrets(hs)) {
525
523
  return ssl_hs_error;
526
524
  }
@@ -529,17 +527,17 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
529
527
  // traffic keys to when the early data stream is closed. See
530
528
  // |close_early_data|. Note if the server has already rejected 0-RTT via
531
529
  // HelloRetryRequest, |in_early_data| is already false.
532
- if (!hs->in_early_data || ssl->quic_method != nullptr) {
530
+ if (!hs->in_early_data || SSL_is_quic(ssl)) {
533
531
  if (!tls13_set_traffic_key(ssl, ssl_encryption_handshake, evp_aead_seal,
534
532
  hs->new_session.get(),
535
- hs->client_handshake_secret())) {
533
+ hs->client_handshake_secret)) {
536
534
  return ssl_hs_error;
537
535
  }
538
536
  }
539
537
 
540
538
  if (!tls13_set_traffic_key(ssl, ssl_encryption_handshake, evp_aead_open,
541
539
  hs->new_session.get(),
542
- hs->server_handshake_secret())) {
540
+ hs->server_handshake_secret)) {
543
541
  return ssl_hs_error;
544
542
  }
545
543
 
@@ -559,7 +557,7 @@ static enum ssl_hs_wait_t do_read_encrypted_extensions(SSL_HANDSHAKE *hs) {
559
557
  }
560
558
 
561
559
  CBS body = msg.body, extensions;
562
- if (!CBS_get_u16_length_prefixed(&body, &extensions) ||
560
+ if (!CBS_get_u16_length_prefixed(&body, &extensions) || //
563
561
  CBS_len(&body) != 0) {
564
562
  OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
565
563
  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
@@ -675,7 +673,7 @@ static enum ssl_hs_wait_t do_read_certificate_request(SSL_HANDSHAKE *hs) {
675
673
  }
676
674
 
677
675
  if (ca.present) {
678
- hs->ca_names = ssl_parse_client_CA_list(ssl, &alert, &ca.data);
676
+ hs->ca_names = SSL_parse_CA_list(ssl, &alert, &ca.data);
679
677
  if (!hs->ca_names) {
680
678
  ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
681
679
  return ssl_hs_error;
@@ -795,8 +793,9 @@ static enum ssl_hs_wait_t do_send_end_of_early_data(SSL_HANDSHAKE *hs) {
795
793
  SSL *const ssl = hs->ssl;
796
794
 
797
795
  if (ssl->s3->early_data_accepted) {
798
- // QUIC omits the EndOfEarlyData message. See RFC 9001, section 8.3.
799
- if (ssl->quic_method == nullptr) {
796
+ // DTLS and QUIC omit the EndOfEarlyData message. See RFC 9001, section 8.3,
797
+ // and RFC 9147, section 5.6.
798
+ if (!SSL_is_quic(ssl) && !SSL_is_dtls(ssl)) {
800
799
  ScopedCBB cbb;
801
800
  CBB body;
802
801
  if (!ssl->method->init_message(ssl, cbb.get(), &body,
@@ -853,7 +852,12 @@ static bool check_credential(SSL_HANDSHAKE *hs, const SSL_CREDENTIAL *cred,
853
852
  }
854
853
 
855
854
  // All currently supported credentials require a signature.
856
- return tls1_choose_signature_algorithm(hs, cred, out_sigalg);
855
+ if (!tls1_choose_signature_algorithm(hs, cred, out_sigalg)) {
856
+ return false;
857
+ }
858
+ // Use this credential if it either matches a requested issuer,
859
+ // or does not require issuer matching.
860
+ return ssl_credential_matches_requested_issuers(hs, cred);
857
861
  }
858
862
 
859
863
  static enum ssl_hs_wait_t do_send_client_certificate(SSL_HANDSHAKE *hs) {
@@ -961,10 +965,10 @@ static enum ssl_hs_wait_t do_complete_second_flight(SSL_HANDSHAKE *hs) {
961
965
  // Derive the final keys and enable them.
962
966
  if (!tls13_set_traffic_key(ssl, ssl_encryption_application, evp_aead_seal,
963
967
  hs->new_session.get(),
964
- hs->client_traffic_secret_0()) ||
968
+ hs->client_traffic_secret_0) ||
965
969
  !tls13_set_traffic_key(ssl, ssl_encryption_application, evp_aead_open,
966
970
  hs->new_session.get(),
967
- hs->server_traffic_secret_0()) ||
971
+ hs->server_traffic_secret_0) ||
968
972
  !tls13_derive_resumption_secret(hs)) {
969
973
  return ssl_hs_error;
970
974
  }
@@ -1116,8 +1120,9 @@ UniquePtr<SSL_SESSION> tls13_create_session_with_ticket(SSL *ssl, CBS *body) {
1116
1120
  !CBS_get_u32(body, &session->ticket_age_add) ||
1117
1121
  !CBS_get_u8_length_prefixed(body, &ticket_nonce) ||
1118
1122
  !CBS_get_u16_length_prefixed(body, &ticket) ||
1123
+ CBS_len(&ticket) == 0 || //
1119
1124
  !session->ticket.CopyFrom(ticket) ||
1120
- !CBS_get_u16_length_prefixed(body, &extensions) ||
1125
+ !CBS_get_u16_length_prefixed(body, &extensions) || //
1121
1126
  CBS_len(body) != 0) {
1122
1127
  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1123
1128
  OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
@@ -1153,8 +1158,7 @@ UniquePtr<SSL_SESSION> tls13_create_session_with_ticket(SSL *ssl, CBS *body) {
1153
1158
 
1154
1159
  // QUIC does not use the max_early_data_size parameter and always sets it to
1155
1160
  // a fixed value. See RFC 9001, section 4.6.1.
1156
- if (ssl->quic_method != nullptr &&
1157
- session->ticket_max_early_data != 0xffffffff) {
1161
+ if (SSL_is_quic(ssl) && session->ticket_max_early_data != 0xffffffff) {
1158
1162
  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
1159
1163
  OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
1160
1164
  return nullptr;
@@ -1163,8 +1167,8 @@ UniquePtr<SSL_SESSION> tls13_create_session_with_ticket(SSL *ssl, CBS *body) {
1163
1167
 
1164
1168
  // Historically, OpenSSL filled in fake session IDs for ticket-based sessions.
1165
1169
  // Envoy's tests depend on this, although perhaps they shouldn't.
1166
- SHA256(CBS_data(&ticket), CBS_len(&ticket), session->session_id);
1167
- session->session_id_length = SHA256_DIGEST_LENGTH;
1170
+ session->session_id.ResizeForOverwrite(SHA256_DIGEST_LENGTH);
1171
+ SHA256(CBS_data(&ticket), CBS_len(&ticket), session->session_id.data());
1168
1172
 
1169
1173
  session->ticket_age_add_valid = true;
1170
1174
  session->not_resumable = false;