grpc 1.69.0 → 1.70.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (640) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +251 -249
  3. data/include/grpc/support/atm.h +0 -13
  4. data/src/core/call/request_buffer.cc +224 -0
  5. data/src/core/call/request_buffer.h +192 -0
  6. data/src/core/client_channel/client_channel.cc +2 -3
  7. data/src/core/client_channel/client_channel_args.h +21 -0
  8. data/src/core/client_channel/client_channel_filter.h +1 -3
  9. data/src/core/client_channel/retry_interceptor.cc +406 -0
  10. data/src/core/client_channel/retry_interceptor.h +157 -0
  11. data/src/core/client_channel/retry_service_config.h +13 -0
  12. data/src/core/client_channel/retry_throttle.cc +33 -18
  13. data/src/core/client_channel/retry_throttle.h +3 -3
  14. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +596 -94
  15. data/src/core/ext/transport/chttp2/server/chttp2_server.h +189 -13
  16. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +1 -0
  17. data/src/core/ext/transport/chttp2/transport/frame_security.cc +1 -3
  18. data/src/core/ext/transport/chttp2/transport/stream_lists.cc +40 -1
  19. data/src/core/ext/upb-gen/envoy/admin/v3/config_dump_shared.upb.h +3 -1
  20. data/src/core/ext/upb-gen/envoy/config/cluster/v3/cluster.upb.h +66 -36
  21. data/src/core/ext/upb-gen/envoy/config/cluster/v3/cluster.upb_minitable.c +19 -17
  22. data/src/core/ext/upb-gen/envoy/config/core/v3/base.upb.h +116 -0
  23. data/src/core/ext/upb-gen/envoy/config/core/v3/base.upb_minitable.c +31 -5
  24. data/src/core/ext/upb-gen/envoy/config/core/v3/base.upb_minitable.h +2 -0
  25. data/src/core/ext/upb-gen/envoy/config/core/v3/protocol.upb.h +67 -6
  26. data/src/core/ext/upb-gen/envoy/config/core/v3/protocol.upb_minitable.c +12 -8
  27. data/src/core/ext/upb-gen/envoy/config/core/v3/socket_cmsg_headers.upb.h +151 -0
  28. data/src/core/ext/upb-gen/envoy/config/core/v3/socket_cmsg_headers.upb_minitable.c +60 -0
  29. data/src/core/ext/upb-gen/envoy/config/core/v3/socket_cmsg_headers.upb_minitable.h +32 -0
  30. data/src/core/ext/upb-gen/envoy/config/core/v3/socket_option.upb.h +228 -21
  31. data/src/core/ext/upb-gen/envoy/config/core/v3/socket_option.upb_minitable.c +65 -17
  32. data/src/core/ext/upb-gen/envoy/config/core/v3/socket_option.upb_minitable.h +6 -0
  33. data/src/core/ext/upb-gen/envoy/config/listener/v3/listener_components.upb.h +7 -106
  34. data/src/core/ext/upb-gen/envoy/config/listener/v3/listener_components.upb_minitable.c +7 -28
  35. data/src/core/ext/upb-gen/envoy/config/listener/v3/listener_components.upb_minitable.h +0 -2
  36. data/src/core/ext/upb-gen/envoy/config/listener/v3/quic_config.upb.h +85 -0
  37. data/src/core/ext/upb-gen/envoy/config/listener/v3/quic_config.upb_minitable.c +25 -3
  38. data/src/core/ext/upb-gen/envoy/config/overload/v3/overload.upb.h +2 -1
  39. data/src/core/ext/upb-gen/envoy/config/rbac/v3/rbac.upb.h +152 -0
  40. data/src/core/ext/upb-gen/envoy/config/rbac/v3/rbac.upb_minitable.c +40 -10
  41. data/src/core/ext/upb-gen/envoy/config/rbac/v3/rbac.upb_minitable.h +2 -0
  42. data/src/core/ext/upb-gen/envoy/config/route/v3/route_components.upb.h +135 -4
  43. data/src/core/ext/upb-gen/envoy/config/route/v3/route_components.upb_minitable.c +41 -9
  44. data/src/core/ext/upb-gen/envoy/config/route/v3/route_components.upb_minitable.h +2 -0
  45. data/src/core/ext/upb-gen/envoy/config/trace/v3/trace.upb.h +0 -2
  46. data/src/core/ext/upb-gen/envoy/config/trace/v3/trace.upb_minitable.c +0 -1
  47. data/src/core/ext/upb-gen/envoy/config/trace/v3/trace.upb_minitable.h +0 -1
  48. data/src/core/ext/upb-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +16 -0
  49. data/src/core/ext/upb-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb_minitable.c +3 -2
  50. data/src/core/ext/upb-gen/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.h +60 -0
  51. data/src/core/ext/upb-gen/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb_minitable.c +13 -2
  52. data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/http_11_proxy/v3/upstream_http_11_connect.upb.h +0 -1
  53. data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/http_11_proxy/v3/upstream_http_11_connect.upb_minitable.c +0 -1
  54. data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +102 -24
  55. data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/tls.upb_minitable.c +28 -19
  56. data/src/core/ext/upb-gen/envoy/service/discovery/v3/discovery.upb.h +251 -18
  57. data/src/core/ext/upb-gen/envoy/service/discovery/v3/discovery.upb_minitable.c +41 -16
  58. data/src/core/ext/upb-gen/envoy/service/discovery/v3/discovery.upb_minitable.h +2 -0
  59. data/src/core/ext/upb-gen/envoy/service/status/v3/csds.upb.h +2 -1
  60. data/src/core/ext/upbdefs-gen/envoy/admin/v3/config_dump_shared.upbdefs.c +11 -10
  61. data/src/core/ext/upbdefs-gen/envoy/config/cluster/v3/cluster.upbdefs.c +418 -413
  62. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/base.upbdefs.c +161 -153
  63. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/base.upbdefs.h +5 -0
  64. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/protocol.upbdefs.c +267 -261
  65. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/socket_cmsg_headers.upbdefs.c +46 -0
  66. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/socket_cmsg_headers.upbdefs.h +33 -0
  67. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/socket_option.upbdefs.c +29 -19
  68. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/socket_option.upbdefs.h +15 -0
  69. data/src/core/ext/upbdefs-gen/envoy/config/listener/v3/listener_components.upbdefs.c +58 -65
  70. data/src/core/ext/upbdefs-gen/envoy/config/listener/v3/listener_components.upbdefs.h +0 -5
  71. data/src/core/ext/upbdefs-gen/envoy/config/listener/v3/quic_config.upbdefs.c +73 -63
  72. data/src/core/ext/upbdefs-gen/envoy/config/overload/v3/overload.upbdefs.c +49 -48
  73. data/src/core/ext/upbdefs-gen/envoy/config/rbac/v3/rbac.upbdefs.c +117 -100
  74. data/src/core/ext/upbdefs-gen/envoy/config/rbac/v3/rbac.upbdefs.h +5 -0
  75. data/src/core/ext/upbdefs-gen/envoy/config/route/v3/route_components.upbdefs.c +905 -897
  76. data/src/core/ext/upbdefs-gen/envoy/config/route/v3/route_components.upbdefs.h +5 -0
  77. data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/trace.upbdefs.c +15 -18
  78. data/src/core/ext/upbdefs-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +460 -457
  79. data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/http_11_proxy/v3/upstream_http_11_connect.upbdefs.c +16 -19
  80. data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +95 -95
  81. data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +202 -191
  82. data/src/core/ext/upbdefs-gen/envoy/service/discovery/v3/discovery.upbdefs.c +148 -135
  83. data/src/core/ext/upbdefs-gen/envoy/service/discovery/v3/discovery.upbdefs.h +5 -0
  84. data/src/core/ext/upbdefs-gen/envoy/service/status/v3/csds.upbdefs.c +23 -22
  85. data/src/core/filter/filter_args.h +112 -0
  86. data/src/core/handshaker/http_connect/http_connect_handshaker.cc +1 -1
  87. data/src/core/lib/channel/promise_based_filter.h +5 -79
  88. data/src/core/lib/debug/trace_flags.cc +2 -0
  89. data/src/core/lib/debug/trace_flags.h +1 -0
  90. data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +14 -0
  91. data/src/core/lib/event_engine/posix_engine/posix_engine.cc +7 -2
  92. data/src/core/lib/event_engine/posix_engine/posix_engine.h +0 -2
  93. data/src/core/lib/event_engine/windows/windows_engine.cc +1 -0
  94. data/src/core/lib/experiments/experiments.cc +90 -39
  95. data/src/core/lib/experiments/experiments.h +43 -24
  96. data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +1 -1
  97. data/src/core/lib/promise/activity.cc +2 -0
  98. data/src/core/lib/promise/activity.h +29 -8
  99. data/src/core/lib/promise/map.h +42 -0
  100. data/src/core/lib/promise/party.cc +36 -1
  101. data/src/core/lib/promise/party.h +13 -5
  102. data/src/core/lib/promise/sleep.h +1 -0
  103. data/src/core/lib/promise/status_flag.h +10 -0
  104. data/src/core/lib/resource_quota/arena.h +8 -0
  105. data/src/core/lib/resource_quota/connection_quota.h +4 -0
  106. data/src/core/lib/surface/call_utils.h +2 -0
  107. data/src/core/lib/surface/client_call.cc +43 -35
  108. data/src/core/lib/surface/client_call.h +5 -0
  109. data/src/core/lib/surface/event_string.cc +7 -1
  110. data/src/core/lib/surface/init_internally.h +13 -2
  111. data/src/core/lib/surface/server_call.cc +100 -85
  112. data/src/core/lib/surface/version.cc +2 -2
  113. data/src/core/lib/transport/call_filters.cc +10 -4
  114. data/src/core/lib/transport/call_filters.h +8 -0
  115. data/src/core/lib/transport/call_spine.cc +36 -71
  116. data/src/core/lib/transport/call_spine.h +131 -7
  117. data/src/core/lib/transport/call_state.h +132 -39
  118. data/src/core/lib/transport/interception_chain.cc +8 -0
  119. data/src/core/lib/transport/interception_chain.h +9 -0
  120. data/src/core/load_balancing/endpoint_list.cc +10 -0
  121. data/src/core/load_balancing/endpoint_list.h +13 -6
  122. data/src/core/load_balancing/lb_policy.h +0 -8
  123. data/src/core/load_balancing/pick_first/pick_first.cc +89 -56
  124. data/src/core/load_balancing/ring_hash/ring_hash.cc +158 -70
  125. data/src/core/load_balancing/ring_hash/ring_hash.h +4 -11
  126. data/src/core/load_balancing/round_robin/round_robin.cc +9 -14
  127. data/src/core/load_balancing/weighted_round_robin/weighted_round_robin.cc +12 -15
  128. data/src/core/resolver/dns/c_ares/dns_resolver_ares.cc +4 -4
  129. data/src/core/resolver/xds/xds_dependency_manager.cc +139 -135
  130. data/src/core/resolver/xds/xds_dependency_manager.h +24 -18
  131. data/src/core/resolver/xds/xds_resolver.cc +28 -47
  132. data/src/core/server/server.cc +290 -24
  133. data/src/core/server/server.h +199 -61
  134. data/src/core/server/xds_server_config_fetcher.cc +78 -142
  135. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +1 -1
  136. data/src/core/util/backoff.cc +15 -4
  137. data/src/core/util/http_client/httpcli.cc +66 -18
  138. data/src/core/util/http_client/httpcli.h +14 -4
  139. data/src/core/util/matchers.h +5 -10
  140. data/src/core/util/ref_counted.h +1 -0
  141. data/src/core/util/ref_counted_ptr.h +1 -1
  142. data/src/core/util/useful.h +9 -11
  143. data/src/core/xds/grpc/xds_endpoint_parser.cc +54 -23
  144. data/src/core/xds/grpc/xds_metadata.h +8 -0
  145. data/src/core/xds/xds_client/xds_api.cc +0 -223
  146. data/src/core/xds/xds_client/xds_api.h +1 -133
  147. data/src/core/xds/xds_client/xds_client.cc +599 -466
  148. data/src/core/xds/xds_client/xds_client.h +107 -26
  149. data/src/core/xds/xds_client/xds_resource_type_impl.h +10 -5
  150. data/src/ruby/ext/grpc/extconf.rb +1 -0
  151. data/src/ruby/lib/grpc/version.rb +1 -1
  152. data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_bitstr.c → a_bitstr.cc} +3 -2
  153. data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_d2i_fp.c → a_d2i_fp.cc} +1 -1
  154. data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_dup.c → a_dup.cc} +1 -1
  155. data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_i2d_fp.c → a_i2d_fp.cc} +1 -1
  156. data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_int.c → a_int.cc} +2 -1
  157. data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_mbstr.c → a_mbstr.cc} +9 -7
  158. data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_object.c → a_object.cc} +1 -1
  159. data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_strnid.c → a_strnid.cc} +7 -4
  160. data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_type.c → a_type.cc} +4 -4
  161. data/third_party/boringssl-with-bazel/src/crypto/asn1/{asn1_lib.c → asn1_lib.cc} +4 -4
  162. data/third_party/boringssl-with-bazel/src/crypto/asn1/{asn_pack.c → asn_pack.cc} +2 -2
  163. data/third_party/boringssl-with-bazel/src/crypto/asn1/{posix_time.c → posix_time.cc} +2 -2
  164. data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_dec.c → tasn_dec.cc} +4 -3
  165. data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_enc.c → tasn_enc.cc} +9 -6
  166. data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_fre.c → tasn_fre.cc} +14 -20
  167. data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_new.c → tasn_new.cc} +7 -6
  168. data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_utl.c → tasn_utl.cc} +13 -10
  169. data/third_party/boringssl-with-bazel/src/crypto/base64/{base64.c → base64.cc} +9 -12
  170. data/third_party/boringssl-with-bazel/src/crypto/bcm_support.h +7 -1
  171. data/third_party/boringssl-with-bazel/src/crypto/bio/{bio.c → bio.cc} +32 -58
  172. data/third_party/boringssl-with-bazel/src/crypto/bio/{bio_mem.c → bio_mem.cc} +8 -7
  173. data/third_party/boringssl-with-bazel/src/crypto/bio/{connect.c → connect.cc} +24 -16
  174. data/third_party/boringssl-with-bazel/src/crypto/bio/{file.c → file.cc} +3 -3
  175. data/third_party/boringssl-with-bazel/src/crypto/bio/{pair.c → pair.cc} +22 -20
  176. data/third_party/boringssl-with-bazel/src/crypto/bio/{printf.c → printf.cc} +2 -2
  177. data/third_party/boringssl-with-bazel/src/crypto/bio/{socket_helper.c → socket_helper.cc} +1 -1
  178. data/third_party/boringssl-with-bazel/src/crypto/blake2/{blake2.c → blake2.cc} +2 -2
  179. data/third_party/boringssl-with-bazel/src/crypto/bn_extra/{bn_asn1.c → bn_asn1.cc} +1 -1
  180. data/third_party/boringssl-with-bazel/src/crypto/bn_extra/{convert.c → convert.cc} +21 -21
  181. data/third_party/boringssl-with-bazel/src/crypto/buf/{buf.c → buf.cc} +6 -3
  182. data/third_party/boringssl-with-bazel/src/crypto/bytestring/{asn1_compat.c → asn1_compat.cc} +1 -1
  183. data/third_party/boringssl-with-bazel/src/crypto/bytestring/{ber.c → ber.cc} +1 -1
  184. data/third_party/boringssl-with-bazel/src/crypto/bytestring/{cbb.c → cbb.cc} +33 -49
  185. data/third_party/boringssl-with-bazel/src/crypto/bytestring/{cbs.c → cbs.cc} +20 -27
  186. data/third_party/boringssl-with-bazel/src/crypto/bytestring/internal.h +1 -1
  187. data/third_party/boringssl-with-bazel/src/crypto/bytestring/{unicode.c → unicode.cc} +1 -1
  188. data/third_party/boringssl-with-bazel/src/crypto/chacha/{chacha.c → chacha.cc} +1 -1
  189. data/third_party/boringssl-with-bazel/src/crypto/chacha/internal.h +1 -1
  190. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_aesctrhmac.c → e_aesctrhmac.cc} +1 -1
  191. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_aesgcmsiv.c → e_aesgcmsiv.cc} +23 -26
  192. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_chacha20poly1305.c → e_chacha20poly1305.cc} +1 -8
  193. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_des.c → e_des.cc} +61 -49
  194. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_null.c → e_null.cc} +12 -9
  195. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_rc2.c → e_rc2.cc} +23 -19
  196. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_rc4.c → e_rc4.cc} +10 -8
  197. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_tls.c → e_tls.cc} +2 -1
  198. data/third_party/boringssl-with-bazel/src/crypto/conf/{conf.c → conf.cc} +17 -14
  199. data/third_party/boringssl-with-bazel/src/crypto/conf/internal.h +1 -1
  200. data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_apple.c → cpu_aarch64_apple.cc} +2 -2
  201. data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_fuchsia.c → cpu_aarch64_fuchsia.cc} +2 -2
  202. data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_linux.c → cpu_aarch64_linux.cc} +2 -2
  203. data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_openbsd.c → cpu_aarch64_openbsd.cc} +4 -4
  204. data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_sysreg.c → cpu_aarch64_sysreg.cc} +3 -2
  205. data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_win.c → cpu_aarch64_win.cc} +2 -2
  206. data/third_party/boringssl-with-bazel/src/crypto/{cpu_arm_freebsd.c → cpu_arm_freebsd.cc} +3 -3
  207. data/third_party/boringssl-with-bazel/src/crypto/{cpu_arm_linux.c → cpu_arm_linux.cc} +5 -5
  208. data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_linux.h +1 -1
  209. data/third_party/boringssl-with-bazel/src/crypto/{cpu_intel.c → cpu_intel.cc} +47 -32
  210. data/third_party/boringssl-with-bazel/src/crypto/{crypto.c → crypto.cc} +6 -11
  211. data/third_party/boringssl-with-bazel/src/crypto/curve25519/{curve25519.c → curve25519.cc} +28 -31
  212. data/third_party/boringssl-with-bazel/src/crypto/curve25519/{curve25519_64_adx.c → curve25519_64_adx.cc} +1 -1
  213. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519_tables.h +1 -1
  214. data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h +1 -1
  215. data/third_party/boringssl-with-bazel/src/crypto/curve25519/{spake25519.c → spake25519.cc} +20 -16
  216. data/third_party/boringssl-with-bazel/src/crypto/dh_extra/{dh_asn1.c → dh_asn1.cc} +2 -2
  217. data/third_party/boringssl-with-bazel/src/crypto/digest_extra/{digest_extra.c → digest_extra.cc} +113 -31
  218. data/third_party/boringssl-with-bazel/src/crypto/dsa/{dsa.c → dsa.cc} +153 -154
  219. data/third_party/boringssl-with-bazel/src/crypto/dsa/{dsa_asn1.c → dsa_asn1.cc} +2 -2
  220. data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +1 -3
  221. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/{ec_asn1.c → ec_asn1.cc} +35 -0
  222. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/{ec_derive.c → ec_derive.cc} +1 -1
  223. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/{hash_to_curve.c → hash_to_curve.cc} +66 -64
  224. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +1 -1
  225. data/third_party/boringssl-with-bazel/src/crypto/ecdsa_extra/{ecdsa_asn1.c → ecdsa_asn1.cc} +15 -25
  226. data/third_party/boringssl-with-bazel/src/crypto/engine/{engine.c → engine.cc} +12 -8
  227. data/third_party/boringssl-with-bazel/src/crypto/err/{err.c → err.cc} +24 -27
  228. data/third_party/boringssl-with-bazel/src/crypto/err/internal.h +1 -1
  229. data/third_party/boringssl-with-bazel/src/crypto/evp/{evp.c → evp.cc} +8 -9
  230. data/third_party/boringssl-with-bazel/src/crypto/evp/{evp_ctx.c → evp_ctx.cc} +7 -8
  231. data/third_party/boringssl-with-bazel/src/crypto/evp/{p_dh.c → p_dh.cc} +23 -14
  232. data/third_party/boringssl-with-bazel/src/crypto/evp/{p_dh_asn1.c → p_dh_asn1.cc} +38 -21
  233. data/third_party/boringssl-with-bazel/src/crypto/evp/{p_dsa_asn1.c → p_dsa_asn1.cc} +19 -24
  234. data/third_party/boringssl-with-bazel/src/crypto/evp/{p_ec.c → p_ec.cc} +20 -23
  235. data/third_party/boringssl-with-bazel/src/crypto/evp/{p_ec_asn1.c → p_ec_asn1.cc} +20 -20
  236. data/third_party/boringssl-with-bazel/src/crypto/evp/{p_ed25519.c → p_ed25519.cc} +22 -19
  237. data/third_party/boringssl-with-bazel/src/crypto/evp/{p_ed25519_asn1.c → p_ed25519_asn1.cc} +14 -13
  238. data/third_party/boringssl-with-bazel/src/crypto/evp/{p_hkdf.c → p_hkdf.cc} +18 -14
  239. data/third_party/boringssl-with-bazel/src/crypto/evp/{p_rsa.c → p_rsa.cc} +38 -37
  240. data/third_party/boringssl-with-bazel/src/crypto/evp/{p_rsa_asn1.c → p_rsa_asn1.cc} +16 -18
  241. data/third_party/boringssl-with-bazel/src/crypto/evp/{p_x25519.c → p_x25519.cc} +22 -19
  242. data/third_party/boringssl-with-bazel/src/crypto/evp/{p_x25519_asn1.c → p_x25519_asn1.cc} +18 -17
  243. data/third_party/boringssl-with-bazel/src/crypto/evp/{pbkdf.c → pbkdf.cc} +2 -2
  244. data/third_party/boringssl-with-bazel/src/crypto/evp/{print.c → print.cc} +4 -5
  245. data/third_party/boringssl-with-bazel/src/crypto/evp/{scrypt.c → scrypt.cc} +7 -5
  246. data/third_party/boringssl-with-bazel/src/crypto/{ex_data.c → ex_data.cc} +3 -4
  247. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{aes_nohw.c.inc → aes_nohw.cc.inc} +1 -1
  248. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +1 -5
  249. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{key_wrap.c.inc → key_wrap.cc.inc} +1 -1
  250. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/{bcm.c → bcm.cc} +96 -101
  251. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm_interface.h +165 -12
  252. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{add.c.inc → add.cc.inc} +1 -0
  253. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/asm/{x86_64-gcc.c.inc → x86_64-gcc.cc.inc} +4 -4
  254. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{bn.c.inc → bn.cc.inc} +12 -24
  255. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{ctx.c.inc → ctx.cc.inc} +5 -7
  256. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{div.c.inc → div.cc.inc} +29 -38
  257. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{div_extra.c.inc → div_extra.cc.inc} +1 -1
  258. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{exponentiation.c.inc → exponentiation.cc.inc} +22 -22
  259. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{gcd.c.inc → gcd.cc.inc} +3 -6
  260. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{gcd_extra.c.inc → gcd_extra.cc.inc} +33 -25
  261. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{montgomery.c.inc → montgomery.cc.inc} +10 -17
  262. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{mul.c.inc → mul.cc.inc} +11 -15
  263. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{prime.c.inc → prime.cc.inc} +31 -34
  264. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{shift.c.inc → shift.cc.inc} +3 -4
  265. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{aead.c.inc → aead.cc.inc} +18 -10
  266. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{cipher.c.inc → cipher.cc.inc} +6 -9
  267. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{e_aes.c.inc → e_aes.cc.inc} +46 -54
  268. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cmac/{cmac.c.inc → cmac.cc.inc} +6 -6
  269. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/delocate.h +14 -10
  270. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/{dh.c.inc → dh.cc.inc} +15 -19
  271. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/internal.h +1 -3
  272. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/{digest.c.inc → digest.cc.inc} +17 -13
  273. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/{digests.c.inc → digests.cc.inc} +29 -113
  274. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digestsign/{digestsign.c.inc → digestsign.cc.inc} +3 -3
  275. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/builtin_curves.h +1 -1
  276. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec.c.inc → ec.cc.inc} +10 -15
  277. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec_key.c.inc → ec_key.cc.inc} +12 -14
  278. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{felem.c.inc → felem.cc.inc} +1 -1
  279. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{oct.c.inc → oct.cc.inc} +5 -6
  280. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p224-64.c.inc → p224-64.cc.inc} +1 -1
  281. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-nistz-table.h +1 -1
  282. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-nistz.c.inc → p256-nistz.cc.inc} +15 -13
  283. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256.c.inc → p256.cc.inc} +1 -1
  284. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +1 -1
  285. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{scalar.c.inc → scalar.cc.inc} +1 -1
  286. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{simple_mul.c.inc → simple_mul.cc.inc} +1 -1
  287. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{util.c.inc → util.cc.inc} +1 -1
  288. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{wnaf.c.inc → wnaf.cc.inc} +24 -15
  289. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/{ecdh.c.inc → ecdh.cc.inc} +14 -5
  290. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/{ecdsa.c.inc → ecdsa.cc.inc} +6 -7
  291. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +1 -1
  292. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/{fips_shared_support.c → fips_shared_support.cc} +2 -3
  293. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hkdf/{hkdf.c.inc → hkdf.cc.inc} +1 -1
  294. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hmac/{hmac.c.inc → hmac.cc.inc} +3 -2
  295. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{gcm.c.inc → gcm.cc.inc} +69 -21
  296. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{gcm_nohw.c.inc → gcm_nohw.cc.inc} +1 -1
  297. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +53 -33
  298. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{polyval.c.inc → polyval.cc.inc} +2 -3
  299. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/{ctrdrbg.c.inc → ctrdrbg.cc.inc} +5 -4
  300. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +1 -1
  301. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/{rand.c.inc → rand.cc.inc} +20 -18
  302. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{blinding.c.inc → blinding.cc.inc} +5 -4
  303. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{padding.c.inc → padding.cc.inc} +21 -21
  304. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{rsa.c.inc → rsa.cc.inc} +77 -73
  305. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{rsa_impl.c.inc → rsa_impl.cc.inc} +50 -53
  306. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/{fips.c.inc → fips.cc.inc} +14 -6
  307. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/{self_check.c.inc → self_check.cc.inc} +56 -52
  308. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/{service_indicator.c.inc → service_indicator.cc.inc} +10 -11
  309. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +2 -4
  310. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha1.c.inc → sha1.cc.inc} +26 -33
  311. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha256.c.inc → sha256.cc.inc} +37 -55
  312. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha512.c.inc → sha512.cc.inc} +48 -76
  313. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/internal.h +1 -1
  314. data/third_party/boringssl-with-bazel/src/crypto/hpke/{hpke.c → hpke.cc} +7 -4
  315. data/third_party/boringssl-with-bazel/src/crypto/hrss/{hrss.c → hrss.cc} +53 -110
  316. data/third_party/boringssl-with-bazel/src/crypto/hrss/internal.h +1 -1
  317. data/third_party/boringssl-with-bazel/src/crypto/internal.h +191 -248
  318. data/third_party/boringssl-with-bazel/src/crypto/keccak/internal.h +1 -1
  319. data/third_party/boringssl-with-bazel/src/crypto/keccak/{keccak.c → keccak.cc} +1 -1
  320. data/third_party/boringssl-with-bazel/src/crypto/kyber/internal.h +1 -1
  321. data/third_party/boringssl-with-bazel/src/crypto/kyber/{kyber.c → kyber.cc} +1 -1
  322. data/third_party/boringssl-with-bazel/src/crypto/lhash/{lhash.c → lhash.cc} +8 -7
  323. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/md4/md4.c.inc → md4/md4.cc} +8 -12
  324. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/md5 → md5}/internal.h +1 -1
  325. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/md5/md5.c.inc → md5/md5.cc} +4 -3
  326. data/third_party/boringssl-with-bazel/src/crypto/{mem.c → mem.cc} +34 -22
  327. data/third_party/boringssl-with-bazel/src/crypto/mldsa/internal.h +4 -1
  328. data/third_party/boringssl-with-bazel/src/crypto/mldsa/{mldsa.c → mldsa.cc} +646 -543
  329. data/third_party/boringssl-with-bazel/src/crypto/mlkem/internal.h +1 -1
  330. data/third_party/boringssl-with-bazel/src/crypto/mlkem/mlkem.cc +8 -8
  331. data/third_party/boringssl-with-bazel/src/crypto/obj/{obj.c → obj.cc} +27 -30
  332. data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_info.c → pem_info.cc} +2 -2
  333. data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_lib.c → pem_lib.cc} +3 -4
  334. data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_oth.c → pem_oth.cc} +1 -1
  335. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/internal.h +1 -1
  336. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/{pkcs7.c → pkcs7.cc} +5 -5
  337. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/{pkcs7_x509.c → pkcs7_x509.cc} +26 -25
  338. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/internal.h +2 -2
  339. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/{p5_pbev2.c → p5_pbev2.cc} +2 -2
  340. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/{pkcs8.c → pkcs8.cc} +159 -158
  341. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/{pkcs8_x509.c → pkcs8_x509.cc} +90 -97
  342. data/third_party/boringssl-with-bazel/src/crypto/poly1305/internal.h +1 -1
  343. data/third_party/boringssl-with-bazel/src/crypto/poly1305/{poly1305.c → poly1305.cc} +3 -3
  344. data/third_party/boringssl-with-bazel/src/crypto/poly1305/{poly1305_arm.c → poly1305_arm.cc} +4 -2
  345. data/third_party/boringssl-with-bazel/src/crypto/poly1305/{poly1305_vec.c → poly1305_vec.cc} +14 -11
  346. data/third_party/boringssl-with-bazel/src/crypto/pool/internal.h +1 -1
  347. data/third_party/boringssl-with-bazel/src/crypto/pool/{pool.c → pool.cc} +12 -11
  348. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{deterministic.c → deterministic.cc} +2 -2
  349. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{fork_detect.c → fork_detect.cc} +11 -12
  350. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{forkunsafe.c → forkunsafe.cc} +2 -2
  351. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{getentropy.c → getentropy.cc} +1 -1
  352. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/getrandom_fillin.h +1 -1
  353. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{ios.c → ios.cc} +1 -1
  354. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{passive.c → passive.cc} +22 -18
  355. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{rand_extra.c → rand_extra.cc} +1 -1
  356. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/sysrand_internal.h +1 -1
  357. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{trusty.c → trusty.cc} +1 -1
  358. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{urandom.c → urandom.cc} +7 -7
  359. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{windows.c → windows.cc} +1 -1
  360. data/third_party/boringssl-with-bazel/src/crypto/{refcount.c → refcount.cc} +1 -1
  361. data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/{rsa_asn1.c → rsa_asn1.cc} +2 -2
  362. data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/{rsa_crypt.c → rsa_crypt.cc} +81 -78
  363. data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_extra.cc +17 -0
  364. data/third_party/boringssl-with-bazel/src/crypto/sha/sha1.cc +52 -0
  365. data/third_party/boringssl-with-bazel/src/crypto/sha/sha256.cc +87 -0
  366. data/third_party/boringssl-with-bazel/src/crypto/sha/sha512.cc +104 -0
  367. data/third_party/boringssl-with-bazel/src/crypto/siphash/{siphash.c → siphash.cc} +1 -1
  368. data/third_party/boringssl-with-bazel/src/crypto/slhdsa/address.h +123 -0
  369. data/third_party/boringssl-with-bazel/src/crypto/slhdsa/fors.cc +169 -0
  370. data/third_party/boringssl-with-bazel/src/crypto/slhdsa/fors.h +58 -0
  371. data/third_party/boringssl-with-bazel/src/crypto/slhdsa/internal.h +63 -0
  372. data/third_party/boringssl-with-bazel/src/crypto/slhdsa/merkle.cc +161 -0
  373. data/third_party/boringssl-with-bazel/src/crypto/slhdsa/merkle.h +70 -0
  374. data/third_party/boringssl-with-bazel/src/crypto/slhdsa/params.h +83 -0
  375. data/third_party/boringssl-with-bazel/src/crypto/slhdsa/slhdsa.cc +307 -0
  376. data/third_party/boringssl-with-bazel/src/crypto/slhdsa/thash.cc +173 -0
  377. data/third_party/boringssl-with-bazel/src/crypto/slhdsa/thash.h +85 -0
  378. data/third_party/boringssl-with-bazel/src/crypto/slhdsa/wots.cc +171 -0
  379. data/third_party/boringssl-with-bazel/src/crypto/slhdsa/wots.h +50 -0
  380. data/third_party/boringssl-with-bazel/src/crypto/stack/{stack.c → stack.cc} +10 -6
  381. data/third_party/boringssl-with-bazel/src/crypto/{thread_none.c → thread_none.cc} +1 -1
  382. data/third_party/boringssl-with-bazel/src/crypto/{thread_pthread.c → thread_pthread.cc} +9 -8
  383. data/third_party/boringssl-with-bazel/src/crypto/{thread_win.c → thread_win.cc} +21 -17
  384. data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +1 -1
  385. data/third_party/boringssl-with-bazel/src/crypto/trust_token/{pmbtoken.c → pmbtoken.cc} +146 -158
  386. data/third_party/boringssl-with-bazel/src/crypto/trust_token/{trust_token.c → trust_token.cc} +19 -21
  387. data/third_party/boringssl-with-bazel/src/crypto/trust_token/{voprf.c → voprf.cc} +165 -169
  388. data/third_party/boringssl-with-bazel/src/crypto/x509/{a_digest.c → a_digest.cc} +1 -1
  389. data/third_party/boringssl-with-bazel/src/crypto/x509/{a_sign.c → a_sign.cc} +37 -34
  390. data/third_party/boringssl-with-bazel/src/crypto/x509/{a_verify.c → a_verify.cc} +1 -1
  391. data/third_party/boringssl-with-bazel/src/crypto/x509/{algorithm.c → algorithm.cc} +1 -1
  392. data/third_party/boringssl-with-bazel/src/crypto/x509/{asn1_gen.c → asn1_gen.cc} +5 -6
  393. data/third_party/boringssl-with-bazel/src/crypto/x509/{by_dir.c → by_dir.cc} +7 -6
  394. data/third_party/boringssl-with-bazel/src/crypto/x509/{policy.c → policy.cc} +188 -178
  395. data/third_party/boringssl-with-bazel/src/crypto/x509/{rsa_pss.c → rsa_pss.cc} +48 -44
  396. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_akey.c → v3_akey.cc} +4 -2
  397. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_alt.c → v3_alt.cc} +5 -5
  398. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_bcons.c → v3_bcons.cc} +3 -1
  399. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_bitst.c → v3_bitst.cc} +6 -3
  400. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_conf.c → v3_conf.cc} +5 -5
  401. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_cpols.c → v3_cpols.cc} +47 -41
  402. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_crld.c → v3_crld.cc} +3 -2
  403. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_enum.c → v3_enum.cc} +5 -2
  404. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_extku.c → v3_extku.cc} +3 -1
  405. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_genn.c → v3_genn.cc} +7 -7
  406. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_ia5.c → v3_ia5.cc} +3 -2
  407. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_info.c → v3_info.cc} +4 -2
  408. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_int.c → v3_int.cc} +3 -1
  409. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_lib.c → v3_lib.cc} +9 -6
  410. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_ncons.c → v3_ncons.cc} +3 -3
  411. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_ocsp.c → v3_ocsp.cc} +4 -1
  412. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_pcons.c → v3_pcons.cc} +3 -3
  413. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_pmaps.c → v3_pmaps.cc} +3 -3
  414. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_prn.c → v3_prn.cc} +2 -1
  415. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_purp.c → v3_purp.cc} +16 -8
  416. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_skey.c → v3_skey.cc} +6 -3
  417. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_utl.c → v3_utl.cc} +15 -10
  418. data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_att.c → x509_att.cc} +3 -2
  419. data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_lu.c → x509_lu.cc} +6 -5
  420. data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_v3.c → x509_v3.cc} +2 -2
  421. data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_vfy.c → x509_vfy.cc} +216 -212
  422. data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_vpm.c → x509_vpm.cc} +55 -13
  423. data/third_party/boringssl-with-bazel/src/crypto/x509/{x509spki.c → x509spki.cc} +3 -3
  424. data/third_party/boringssl-with-bazel/src/crypto/x509/{x_all.c → x_all.cc} +10 -6
  425. data/third_party/boringssl-with-bazel/src/crypto/x509/{x_crl.c → x_crl.cc} +6 -6
  426. data/third_party/boringssl-with-bazel/src/crypto/x509/{x_name.c → x_name.cc} +39 -32
  427. data/third_party/boringssl-with-bazel/src/crypto/x509/{x_pubkey.c → x_pubkey.cc} +4 -2
  428. data/third_party/boringssl-with-bazel/src/crypto/x509/{x_x509.c → x_x509.cc} +48 -44
  429. data/third_party/boringssl-with-bazel/src/crypto/x509/{x_x509a.c → x_x509a.cc} +4 -2
  430. data/third_party/boringssl-with-bazel/src/gen/crypto/{err_data.c → err_data.cc} +359 -358
  431. data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +1 -1
  432. data/third_party/boringssl-with-bazel/src/include/openssl/asm_base.h +1 -1
  433. data/third_party/boringssl-with-bazel/src/include/openssl/asn1_mac.h +1 -1
  434. data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +237 -275
  435. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +12 -5
  436. data/third_party/boringssl-with-bazel/src/include/openssl/bcm_public.h +82 -0
  437. data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +1 -1
  438. data/third_party/boringssl-with-bazel/src/include/openssl/buffer.h +1 -1
  439. data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +1 -1
  440. data/third_party/boringssl-with-bazel/src/include/openssl/chacha.h +1 -1
  441. data/third_party/boringssl-with-bazel/src/include/openssl/cmac.h +1 -1
  442. data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +1 -1
  443. data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +13 -2
  444. data/third_party/boringssl-with-bazel/src/include/openssl/ctrdrbg.h +1 -1
  445. data/third_party/boringssl-with-bazel/src/include/openssl/curve25519.h +1 -1
  446. data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +4 -0
  447. data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +6 -1
  448. data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +4 -0
  449. data/third_party/boringssl-with-bazel/src/include/openssl/dtls1.h +1 -1
  450. data/third_party/boringssl-with-bazel/src/include/openssl/e_os2.h +1 -1
  451. data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h +17 -1
  452. data/third_party/boringssl-with-bazel/src/include/openssl/engine.h +1 -1
  453. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +1 -1
  454. data/third_party/boringssl-with-bazel/src/include/openssl/experimental/kyber.h +1 -1
  455. data/third_party/boringssl-with-bazel/src/include/openssl/hkdf.h +1 -1
  456. data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +1 -1
  457. data/third_party/boringssl-with-bazel/src/include/openssl/hrss.h +1 -1
  458. data/third_party/boringssl-with-bazel/src/include/openssl/is_boringssl.h +1 -1
  459. data/third_party/boringssl-with-bazel/src/include/openssl/kdf.h +1 -1
  460. data/third_party/boringssl-with-bazel/src/include/openssl/mldsa.h +8 -8
  461. data/third_party/boringssl-with-bazel/src/include/openssl/mlkem.h +1 -1
  462. data/third_party/boringssl-with-bazel/src/include/openssl/obj_mac.h +1 -1
  463. data/third_party/boringssl-with-bazel/src/include/openssl/objects.h +1 -1
  464. data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +1 -1
  465. data/third_party/boringssl-with-bazel/src/include/openssl/opensslv.h +1 -1
  466. data/third_party/boringssl-with-bazel/src/include/openssl/ossl_typ.h +1 -1
  467. data/third_party/boringssl-with-bazel/src/include/openssl/pkcs12.h +1 -1
  468. data/third_party/boringssl-with-bazel/src/include/openssl/pkcs7.h +1 -1
  469. data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +2 -2
  470. data/third_party/boringssl-with-bazel/src/include/openssl/poly1305.h +1 -1
  471. data/third_party/boringssl-with-bazel/src/include/openssl/pool.h +1 -1
  472. data/third_party/boringssl-with-bazel/src/include/openssl/posix_time.h +1 -1
  473. data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +1 -1
  474. data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +10 -5
  475. data/third_party/boringssl-with-bazel/src/include/openssl/safestack.h +1 -1
  476. data/third_party/boringssl-with-bazel/src/include/openssl/sha.h +2 -40
  477. data/third_party/boringssl-with-bazel/src/include/openssl/siphash.h +1 -1
  478. data/third_party/boringssl-with-bazel/src/include/openssl/slhdsa.h +133 -0
  479. data/third_party/boringssl-with-bazel/src/include/openssl/span.h +6 -1
  480. data/third_party/boringssl-with-bazel/src/include/openssl/srtp.h +1 -1
  481. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +160 -116
  482. data/third_party/boringssl-with-bazel/src/include/openssl/ssl3.h +1 -0
  483. data/third_party/boringssl-with-bazel/src/include/openssl/target.h +1 -1
  484. data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +2 -2
  485. data/third_party/boringssl-with-bazel/src/include/openssl/time.h +1 -1
  486. data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +1 -1
  487. data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +1 -1
  488. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +1 -1
  489. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3_errors.h +2 -2
  490. data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +2 -6
  491. data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +667 -322
  492. data/third_party/boringssl-with-bazel/src/ssl/d1_lib.cc +116 -119
  493. data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +163 -21
  494. data/third_party/boringssl-with-bazel/src/ssl/d1_srtp.cc +4 -12
  495. data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +94 -49
  496. data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +296 -198
  497. data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +23 -14
  498. data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +363 -343
  499. data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +48 -58
  500. data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +44 -36
  501. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +145 -159
  502. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +65 -58
  503. data/third_party/boringssl-with-bazel/src/ssl/internal.h +910 -356
  504. data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +29 -41
  505. data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +13 -11
  506. data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +2 -2
  507. data/third_party/boringssl-with-bazel/src/ssl/ssl_aead_ctx.cc +90 -183
  508. data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +38 -64
  509. data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +1 -1
  510. data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +103 -44
  511. data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +210 -220
  512. data/third_party/boringssl-with-bazel/src/ssl/ssl_credential.cc +70 -12
  513. data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +20 -17
  514. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +146 -169
  515. data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +15 -16
  516. data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +79 -95
  517. data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +3 -9
  518. data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +91 -16
  519. data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +30 -16
  520. data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +51 -56
  521. data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +22 -25
  522. data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +43 -27
  523. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +63 -59
  524. data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +204 -121
  525. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +86 -59
  526. data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +51 -62
  527. data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +37 -25
  528. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +6 -0
  529. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +6 -0
  530. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64_adx.h +4 -1
  531. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +1 -1
  532. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +3 -0
  533. metadata +339 -339
  534. data/src/core/ext/upb-gen/envoy/config/trace/v3/opencensus.upb.h +0 -426
  535. data/src/core/ext/upb-gen/envoy/config/trace/v3/opencensus.upb_minitable.c +0 -87
  536. data/src/core/ext/upb-gen/envoy/config/trace/v3/opencensus.upb_minitable.h +0 -32
  537. data/src/core/ext/upb-gen/opencensus/proto/trace/v1/trace_config.upb.h +0 -408
  538. data/src/core/ext/upb-gen/opencensus/proto/trace/v1/trace_config.upb_minitable.c +0 -124
  539. data/src/core/ext/upb-gen/opencensus/proto/trace/v1/trace_config.upb_minitable.h +0 -38
  540. data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/opencensus.upbdefs.c +0 -108
  541. data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/opencensus.upbdefs.h +0 -33
  542. data/src/core/ext/upbdefs-gen/opencensus/proto/trace/v1/trace_config.upbdefs.c +0 -67
  543. data/src/core/ext/upbdefs-gen/opencensus/proto/trace/v1/trace_config.upbdefs.h +0 -48
  544. data/src/core/util/atm.cc +0 -34
  545. data/third_party/boringssl-with-bazel/src/crypto/dilithium/dilithium.c +0 -1539
  546. data/third_party/boringssl-with-bazel/src/crypto/dilithium/internal.h +0 -58
  547. data/third_party/boringssl-with-bazel/src/crypto/spx/address.c +0 -101
  548. data/third_party/boringssl-with-bazel/src/crypto/spx/address.h +0 -50
  549. data/third_party/boringssl-with-bazel/src/crypto/spx/fors.c +0 -133
  550. data/third_party/boringssl-with-bazel/src/crypto/spx/fors.h +0 -54
  551. data/third_party/boringssl-with-bazel/src/crypto/spx/merkle.c +0 -150
  552. data/third_party/boringssl-with-bazel/src/crypto/spx/merkle.h +0 -61
  553. data/third_party/boringssl-with-bazel/src/crypto/spx/params.h +0 -71
  554. data/third_party/boringssl-with-bazel/src/crypto/spx/spx.c +0 -140
  555. data/third_party/boringssl-with-bazel/src/crypto/spx/spx_util.c +0 -53
  556. data/third_party/boringssl-with-bazel/src/crypto/spx/spx_util.h +0 -44
  557. data/third_party/boringssl-with-bazel/src/crypto/spx/thash.c +0 -136
  558. data/third_party/boringssl-with-bazel/src/crypto/spx/thash.h +0 -70
  559. data/third_party/boringssl-with-bazel/src/crypto/spx/wots.c +0 -135
  560. data/third_party/boringssl-with-bazel/src/crypto/spx/wots.h +0 -45
  561. data/third_party/boringssl-with-bazel/src/include/openssl/experimental/dilithium.h +0 -129
  562. data/third_party/boringssl-with-bazel/src/include/openssl/experimental/spx.h +0 -90
  563. /data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_bool.c → a_bool.cc} +0 -0
  564. /data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_gentm.c → a_gentm.cc} +0 -0
  565. /data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_octet.c → a_octet.cc} +0 -0
  566. /data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_strex.c → a_strex.cc} +0 -0
  567. /data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_time.c → a_time.cc} +0 -0
  568. /data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_utctm.c → a_utctm.cc} +0 -0
  569. /data/third_party/boringssl-with-bazel/src/crypto/asn1/{asn1_par.c → asn1_par.cc} +0 -0
  570. /data/third_party/boringssl-with-bazel/src/crypto/asn1/{f_int.c → f_int.cc} +0 -0
  571. /data/third_party/boringssl-with-bazel/src/crypto/asn1/{f_string.c → f_string.cc} +0 -0
  572. /data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_typ.c → tasn_typ.cc} +0 -0
  573. /data/third_party/boringssl-with-bazel/src/crypto/bio/{errno.c → errno.cc} +0 -0
  574. /data/third_party/boringssl-with-bazel/src/crypto/bio/{fd.c → fd.cc} +0 -0
  575. /data/third_party/boringssl-with-bazel/src/crypto/bio/{hexdump.c → hexdump.cc} +0 -0
  576. /data/third_party/boringssl-with-bazel/src/crypto/bio/{socket.c → socket.cc} +0 -0
  577. /data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{cipher_extra.c → cipher_extra.cc} +0 -0
  578. /data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{derive_key.c → derive_key.cc} +0 -0
  579. /data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{tls_cbc.c → tls_cbc.cc} +0 -0
  580. /data/third_party/boringssl-with-bazel/src/crypto/des/{des.c → des.cc} +0 -0
  581. /data/third_party/boringssl-with-bazel/src/crypto/dh_extra/{params.c → params.cc} +0 -0
  582. /data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/{ecdh_extra.c → ecdh_extra.cc} +0 -0
  583. /data/third_party/boringssl-with-bazel/src/crypto/evp/{evp_asn1.c → evp_asn1.cc} +0 -0
  584. /data/third_party/boringssl-with-bazel/src/crypto/evp/{sign.c → sign.cc} +0 -0
  585. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{aes.c.inc → aes.cc.inc} +0 -0
  586. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{mode_wrappers.c.inc → mode_wrappers.cc.inc} +0 -0
  587. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{bytes.c.inc → bytes.cc.inc} +0 -0
  588. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{cmp.c.inc → cmp.cc.inc} +0 -0
  589. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{generic.c.inc → generic.cc.inc} +0 -0
  590. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{jacobi.c.inc → jacobi.cc.inc} +0 -0
  591. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{montgomery_inv.c.inc → montgomery_inv.cc.inc} +0 -0
  592. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{random.c.inc → random.cc.inc} +0 -0
  593. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{rsaz_exp.c.inc → rsaz_exp.cc.inc} +0 -0
  594. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{sqrt.c.inc → sqrt.cc.inc} +0 -0
  595. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{e_aesccm.c.inc → e_aesccm.cc.inc} +0 -0
  596. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/{check.c.inc → check.cc.inc} +0 -0
  597. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec_montgomery.c.inc → ec_montgomery.cc.inc} +0 -0
  598. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{simple.c.inc → simple.cc.inc} +0 -0
  599. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{cbc.c.inc → cbc.cc.inc} +0 -0
  600. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{cfb.c.inc → cfb.cc.inc} +0 -0
  601. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{ctr.c.inc → ctr.cc.inc} +0 -0
  602. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{ofb.c.inc → ofb.cc.inc} +0 -0
  603. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/{kdf.c.inc → kdf.cc.inc} +0 -0
  604. /data/third_party/boringssl-with-bazel/src/crypto/obj/{obj_xref.c → obj_xref.cc} +0 -0
  605. /data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_all.c → pem_all.cc} +0 -0
  606. /data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_pk8.c → pem_pk8.cc} +0 -0
  607. /data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_pkey.c → pem_pkey.cc} +0 -0
  608. /data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_x509.c → pem_x509.cc} +0 -0
  609. /data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_xaux.c → pem_xaux.cc} +0 -0
  610. /data/third_party/boringssl-with-bazel/src/crypto/rc4/{rc4.c → rc4.cc} +0 -0
  611. /data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/{rsa_print.c → rsa_print.cc} +0 -0
  612. /data/third_party/boringssl-with-bazel/src/crypto/{thread.c → thread.cc} +0 -0
  613. /data/third_party/boringssl-with-bazel/src/crypto/x509/{by_file.c → by_file.cc} +0 -0
  614. /data/third_party/boringssl-with-bazel/src/crypto/x509/{i2d_pr.c → i2d_pr.cc} +0 -0
  615. /data/third_party/boringssl-with-bazel/src/crypto/x509/{name_print.c → name_print.cc} +0 -0
  616. /data/third_party/boringssl-with-bazel/src/crypto/x509/{t_crl.c → t_crl.cc} +0 -0
  617. /data/third_party/boringssl-with-bazel/src/crypto/x509/{t_req.c → t_req.cc} +0 -0
  618. /data/third_party/boringssl-with-bazel/src/crypto/x509/{t_x509.c → t_x509.cc} +0 -0
  619. /data/third_party/boringssl-with-bazel/src/crypto/x509/{t_x509a.c → t_x509a.cc} +0 -0
  620. /data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_akeya.c → v3_akeya.cc} +0 -0
  621. /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509.c → x509.cc} +0 -0
  622. /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_cmp.c → x509_cmp.cc} +0 -0
  623. /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_d2.c → x509_d2.cc} +0 -0
  624. /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_def.c → x509_def.cc} +0 -0
  625. /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_ext.c → x509_ext.cc} +0 -0
  626. /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_obj.c → x509_obj.cc} +0 -0
  627. /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_req.c → x509_req.cc} +0 -0
  628. /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_set.c → x509_set.cc} +0 -0
  629. /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_trs.c → x509_trs.cc} +0 -0
  630. /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_txt.c → x509_txt.cc} +0 -0
  631. /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509cset.c → x509cset.cc} +0 -0
  632. /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509name.c → x509name.cc} +0 -0
  633. /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509rset.c → x509rset.cc} +0 -0
  634. /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_algor.c → x_algor.cc} +0 -0
  635. /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_attrib.c → x_attrib.cc} +0 -0
  636. /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_exten.c → x_exten.cc} +0 -0
  637. /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_req.c → x_req.cc} +0 -0
  638. /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_sig.c → x_sig.cc} +0 -0
  639. /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_spki.c → x_spki.cc} +0 -0
  640. /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_val.c → x_val.cc} +0 -0
data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc CHANGED
@@ -117,6 +117,8 @@
117
117
  #include <limits.h>
118
118
  #include <string.h>
119
119
 
120
+ #include <algorithm>
121
+
120
122
  #include <openssl/err.h>
121
123
  #include <openssl/evp.h>
122
124
  #include <openssl/mem.h>
@@ -140,33 +142,153 @@ static const unsigned int kMinMTU = 256 - 28;
140
142
  // the underlying BIO supplies one.
141
143
  static const unsigned int kDefaultMTU = 1500 - 28;
142
144
 
145
+ // BitRange returns a |uint8_t| with bits |start|, inclusive, to |end|,
146
+ // exclusive, set.
147
+ static uint8_t BitRange(size_t start, size_t end) {
148
+ assert(start <= end && end <= 8);
149
+ return static_cast<uint8_t>(~((1u << start) - 1) & ((1u << end) - 1));
150
+ }
143
151
 
144
- // Receiving handshake messages.
152
+ // FirstUnmarkedRangeInByte returns the first unmarked range in bits |b|.
153
+ static DTLSMessageBitmap::Range FirstUnmarkedRangeInByte(uint8_t b) {
154
+ size_t start, end;
155
+ for (start = 0; start < 8; start++) {
156
+ if ((b & (1u << start)) == 0) {
157
+ break;
158
+ }
159
+ }
160
+ for (end = start; end < 8; end++) {
161
+ if ((b & (1u << end)) != 0) {
162
+ break;
163
+ }
164
+ }
165
+ return DTLSMessageBitmap::Range{start, end};
166
+ }
167
+
168
+ bool DTLSMessageBitmap::Init(size_t num_bits) {
169
+ if (num_bits + 7 < num_bits) {
170
+ OPENSSL_PUT_ERROR(SSL, ERR_R_OVERFLOW);
171
+ return false;
172
+ }
173
+ size_t num_bytes = (num_bits + 7) / 8;
174
+ size_t bits_rounded = num_bytes * 8;
175
+ if (!bytes_.Init(num_bytes)) {
176
+ return false;
177
+ }
178
+ MarkRange(num_bits, bits_rounded);
179
+ first_unmarked_byte_ = 0;
180
+ return true;
181
+ }
182
+
183
+ void DTLSMessageBitmap::MarkRange(size_t start, size_t end) {
184
+ assert(start <= end);
185
+ // Don't bother touching bytes that have already been marked.
186
+ start = std::max(start, first_unmarked_byte_ << 3);
187
+ // Clamp everything within range.
188
+ start = std::min(start, bytes_.size() << 3);
189
+ end = std::min(end, bytes_.size() << 3);
190
+ if (start >= end) {
191
+ return;
192
+ }
193
+
194
+ if ((start >> 3) == (end >> 3)) {
195
+ bytes_[start >> 3] |= BitRange(start & 7, end & 7);
196
+ } else {
197
+ bytes_[start >> 3] |= BitRange(start & 7, 8);
198
+ for (size_t i = (start >> 3) + 1; i < (end >> 3); i++) {
199
+ bytes_[i] = 0xff;
200
+ }
201
+ if ((end & 7) != 0) {
202
+ bytes_[end >> 3] |= BitRange(0, end & 7);
203
+ }
204
+ }
205
+
206
+ // Maintain the |first_unmarked_byte_| invariant. This work is amortized
207
+ // across all |MarkRange| calls.
208
+ while (first_unmarked_byte_ < bytes_.size() &&
209
+ bytes_[first_unmarked_byte_] == 0xff) {
210
+ first_unmarked_byte_++;
211
+ }
212
+ // If the whole message is marked, we no longer need to spend memory on the
213
+ // bitmap.
214
+ if (first_unmarked_byte_ >= bytes_.size()) {
215
+ bytes_.Reset();
216
+ first_unmarked_byte_ = 0;
217
+ }
218
+ }
219
+
220
+ DTLSMessageBitmap::Range DTLSMessageBitmap::NextUnmarkedRange(
221
+ size_t start) const {
222
+ // Don't bother looking at bytes that are known to be fully marked.
223
+ start = std::max(start, first_unmarked_byte_ << 3);
224
+
225
+ size_t idx = start >> 3;
226
+ if (idx >= bytes_.size()) {
227
+ return Range{0, 0};
228
+ }
229
+
230
+ // Look at the bits from |start| up to a byte boundary.
231
+ uint8_t byte = bytes_[idx] | BitRange(0, start & 7);
232
+ if (byte == 0xff) {
233
+ // Nothing unmarked at this byte. Keep searching for an unmarked bit.
234
+ for (idx = idx + 1; idx < bytes_.size(); idx++) {
235
+ if (bytes_[idx] != 0xff) {
236
+ byte = bytes_[idx];
237
+ break;
238
+ }
239
+ }
240
+ if (idx >= bytes_.size()) {
241
+ return Range{0, 0};
242
+ }
243
+ }
244
+
245
+ Range range = FirstUnmarkedRangeInByte(byte);
246
+ assert(!range.empty());
247
+ bool should_extend = range.end == 8;
248
+ range.start += idx << 3;
249
+ range.end += idx << 3;
250
+ if (!should_extend) {
251
+ // The range did not end at a byte boundary. We're done.
252
+ return range;
253
+ }
145
254
 
146
- hm_fragment::~hm_fragment() {
147
- OPENSSL_free(data);
148
- OPENSSL_free(reassembly);
255
+ // Collect all fully unmarked bytes.
256
+ for (idx = idx + 1; idx < bytes_.size(); idx++) {
257
+ if (bytes_[idx] != 0) {
258
+ break;
259
+ }
260
+ }
261
+ range.end = idx << 3;
262
+
263
+ // Add any bits from the remaining byte, if any.
264
+ if (idx < bytes_.size()) {
265
+ Range extra = FirstUnmarkedRangeInByte(bytes_[idx]);
266
+ if (extra.start == 0) {
267
+ range.end += extra.end;
268
+ }
269
+ }
270
+
271
+ return range;
149
272
  }
150
273
 
151
- static UniquePtr<hm_fragment> dtls1_hm_fragment_new(
274
+ // Receiving handshake messages.
275
+
276
+ static UniquePtr<DTLSIncomingMessage> dtls_new_incoming_message(
152
277
  const struct hm_header_st *msg_hdr) {
153
278
  ScopedCBB cbb;
154
- UniquePtr<hm_fragment> frag = MakeUnique<hm_fragment>();
279
+ UniquePtr<DTLSIncomingMessage> frag = MakeUnique<DTLSIncomingMessage>();
155
280
  if (!frag) {
156
281
  return nullptr;
157
282
  }
158
283
  frag->type = msg_hdr->type;
159
284
  frag->seq = msg_hdr->seq;
160
- frag->msg_len = msg_hdr->msg_len;
161
285
 
162
286
  // Allocate space for the reassembled message and fill in the header.
163
- frag->data =
164
- (uint8_t *)OPENSSL_malloc(DTLS1_HM_HEADER_LENGTH + msg_hdr->msg_len);
165
- if (frag->data == NULL) {
287
+ if (!frag->data.InitForOverwrite(DTLS1_HM_HEADER_LENGTH + msg_hdr->msg_len)) {
166
288
  return nullptr;
167
289
  }
168
290
 
169
- if (!CBB_init_fixed(cbb.get(), frag->data, DTLS1_HM_HEADER_LENGTH) ||
291
+ if (!CBB_init_fixed(cbb.get(), frag->data.data(), DTLS1_HM_HEADER_LENGTH) ||
170
292
  !CBB_add_u8(cbb.get(), msg_hdr->type) ||
171
293
  !CBB_add_u24(cbb.get(), msg_hdr->msg_len) ||
172
294
  !CBB_add_u16(cbb.get(), msg_hdr->seq) ||
@@ -176,88 +298,26 @@ static UniquePtr<hm_fragment> dtls1_hm_fragment_new(
176
298
  return nullptr;
177
299
  }
178
300
 
179
- // If the handshake message is empty, |frag->reassembly| is NULL.
180
- if (msg_hdr->msg_len > 0) {
181
- // Initialize reassembly bitmask.
182
- if (msg_hdr->msg_len + 7 < msg_hdr->msg_len) {
183
- OPENSSL_PUT_ERROR(SSL, ERR_R_OVERFLOW);
184
- return nullptr;
185
- }
186
- size_t bitmask_len = (msg_hdr->msg_len + 7) / 8;
187
- frag->reassembly = (uint8_t *)OPENSSL_zalloc(bitmask_len);
188
- if (frag->reassembly == NULL) {
189
- return nullptr;
190
- }
301
+ if (!frag->reassembly.Init(msg_hdr->msg_len)) {
302
+ return nullptr;
191
303
  }
192
304
 
193
305
  return frag;
194
306
  }
195
307
 
196
- // bit_range returns a |uint8_t| with bits |start|, inclusive, to |end|,
197
- // exclusive, set.
198
- static uint8_t bit_range(size_t start, size_t end) {
199
- return (uint8_t)(~((1u << start) - 1) & ((1u << end) - 1));
200
- }
201
-
202
- // dtls1_hm_fragment_mark marks bytes |start|, inclusive, to |end|, exclusive,
203
- // as received in |frag|. If |frag| becomes complete, it clears
204
- // |frag->reassembly|. The range must be within the bounds of |frag|'s message
205
- // and |frag->reassembly| must not be NULL.
206
- static void dtls1_hm_fragment_mark(hm_fragment *frag, size_t start,
207
- size_t end) {
208
- size_t msg_len = frag->msg_len;
209
-
210
- if (frag->reassembly == NULL || start > end || end > msg_len) {
211
- assert(0);
212
- return;
213
- }
214
- // A zero-length message will never have a pending reassembly.
215
- assert(msg_len > 0);
216
-
217
- if (start == end) {
218
- return;
219
- }
220
-
221
- if ((start >> 3) == (end >> 3)) {
222
- frag->reassembly[start >> 3] |= bit_range(start & 7, end & 7);
223
- } else {
224
- frag->reassembly[start >> 3] |= bit_range(start & 7, 8);
225
- for (size_t i = (start >> 3) + 1; i < (end >> 3); i++) {
226
- frag->reassembly[i] = 0xff;
227
- }
228
- if ((end & 7) != 0) {
229
- frag->reassembly[end >> 3] |= bit_range(0, end & 7);
230
- }
231
- }
232
-
233
- // Check if the fragment is complete.
234
- for (size_t i = 0; i < (msg_len >> 3); i++) {
235
- if (frag->reassembly[i] != 0xff) {
236
- return;
237
- }
238
- }
239
- if ((msg_len & 7) != 0 &&
240
- frag->reassembly[msg_len >> 3] != bit_range(0, msg_len & 7)) {
241
- return;
242
- }
243
-
244
- OPENSSL_free(frag->reassembly);
245
- frag->reassembly = NULL;
246
- }
247
-
248
308
  // dtls1_is_current_message_complete returns whether the current handshake
249
309
  // message is complete.
250
310
  static bool dtls1_is_current_message_complete(const SSL *ssl) {
251
311
  size_t idx = ssl->d1->handshake_read_seq % SSL_MAX_HANDSHAKE_FLIGHT;
252
- hm_fragment *frag = ssl->d1->incoming_messages[idx].get();
253
- return frag != NULL && frag->reassembly == NULL;
312
+ DTLSIncomingMessage *frag = ssl->d1->incoming_messages[idx].get();
313
+ return frag != nullptr && frag->reassembly.IsComplete();
254
314
  }
255
315
 
256
316
  // dtls1_get_incoming_message returns the incoming message corresponding to
257
317
  // |msg_hdr|. If none exists, it creates a new one and inserts it in the
258
318
  // queue. Otherwise, it checks |msg_hdr| is consistent with the existing one. It
259
319
  // returns NULL on failure. The caller does not take ownership of the result.
260
- static hm_fragment *dtls1_get_incoming_message(
320
+ static DTLSIncomingMessage *dtls1_get_incoming_message(
261
321
  SSL *ssl, uint8_t *out_alert, const struct hm_header_st *msg_hdr) {
262
322
  if (msg_hdr->seq < ssl->d1->handshake_read_seq ||
263
323
  msg_hdr->seq - ssl->d1->handshake_read_seq >= SSL_MAX_HANDSHAKE_FLIGHT) {
@@ -266,13 +326,13 @@ static hm_fragment *dtls1_get_incoming_message(
266
326
  }
267
327
 
268
328
  size_t idx = msg_hdr->seq % SSL_MAX_HANDSHAKE_FLIGHT;
269
- hm_fragment *frag = ssl->d1->incoming_messages[idx].get();
329
+ DTLSIncomingMessage *frag = ssl->d1->incoming_messages[idx].get();
270
330
  if (frag != NULL) {
271
331
  assert(frag->seq == msg_hdr->seq);
272
332
  // The new fragment must be compatible with the previous fragments from this
273
333
  // message.
274
- if (frag->type != msg_hdr->type ||
275
- frag->msg_len != msg_hdr->msg_len) {
334
+ if (frag->type != msg_hdr->type || //
335
+ frag->msg_len() != msg_hdr->msg_len) {
276
336
  OPENSSL_PUT_ERROR(SSL, SSL_R_FRAGMENT_MISMATCH);
277
337
  *out_alert = SSL_AD_ILLEGAL_PARAMETER;
278
338
  return NULL;
@@ -281,7 +341,7 @@ static hm_fragment *dtls1_get_incoming_message(
281
341
  }
282
342
 
283
343
  // This is the first fragment from this message.
284
- ssl->d1->incoming_messages[idx] = dtls1_hm_fragment_new(msg_hdr);
344
+ ssl->d1->incoming_messages[idx] = dtls_new_incoming_message(msg_hdr);
285
345
  if (!ssl->d1->incoming_messages[idx]) {
286
346
  *out_alert = SSL_AD_INTERNAL_ERROR;
287
347
  return NULL;
@@ -289,115 +349,184 @@ static hm_fragment *dtls1_get_incoming_message(
289
349
  return ssl->d1->incoming_messages[idx].get();
290
350
  }
291
351
 
352
+ bool dtls1_process_handshake_fragments(SSL *ssl, uint8_t *out_alert,
353
+ DTLSRecordNumber record_number,
354
+ Span<const uint8_t> record) {
355
+ bool implicit_ack = false;
356
+ bool skipped_fragments = false;
357
+ CBS cbs = record;
358
+ while (CBS_len(&cbs) > 0) {
359
+ // Read a handshake fragment.
360
+ struct hm_header_st msg_hdr;
361
+ CBS body;
362
+ if (!dtls1_parse_fragment(&cbs, &msg_hdr, &body)) {
363
+ OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_HANDSHAKE_RECORD);
364
+ *out_alert = SSL_AD_DECODE_ERROR;
365
+ return false;
366
+ }
367
+
368
+ const size_t frag_off = msg_hdr.frag_off;
369
+ const size_t frag_len = msg_hdr.frag_len;
370
+ const size_t msg_len = msg_hdr.msg_len;
371
+ if (frag_off > msg_len || frag_len > msg_len - frag_off) {
372
+ OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_HANDSHAKE_RECORD);
373
+ *out_alert = SSL_AD_ILLEGAL_PARAMETER;
374
+ return false;
375
+ }
376
+
377
+ if (msg_hdr.seq < ssl->d1->handshake_read_seq ||
378
+ ssl->d1->handshake_read_overflow) {
379
+ // Ignore fragments from the past. This is a retransmit of data we already
380
+ // received.
381
+ //
382
+ // TODO(crbug.com/42290594): Use this to drive retransmits.
383
+ continue;
384
+ }
385
+
386
+ if (record_number.epoch() != ssl->d1->read_epoch.epoch ||
387
+ ssl->d1->next_read_epoch != nullptr) {
388
+ // New messages can only arrive in the latest epoch. This can fail if the
389
+ // record came from |prev_read_epoch|, or if it came from |read_epoch| but
390
+ // |next_read_epoch| exists. (It cannot come from |next_read_epoch|
391
+ // because |next_read_epoch| becomes |read_epoch| once it receives a
392
+ // record.)
393
+ OPENSSL_PUT_ERROR(SSL, SSL_R_EXCESS_HANDSHAKE_DATA);
394
+ *out_alert = SSL_AD_UNEXPECTED_MESSAGE;
395
+ return false;
396
+ }
397
+
398
+ if (msg_len > ssl_max_handshake_message_len(ssl)) {
399
+ OPENSSL_PUT_ERROR(SSL, SSL_R_EXCESSIVE_MESSAGE_SIZE);
400
+ *out_alert = SSL_AD_ILLEGAL_PARAMETER;
401
+ return false;
402
+ }
403
+
404
+ if (SSL_in_init(ssl) && ssl_has_final_version(ssl) &&
405
+ ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
406
+ // During the handshake, if we receive any portion of the next flight, the
407
+ // peer must have received our most recent flight. In DTLS 1.3, this is an
408
+ // implicit ACK. See RFC 9147, Section 7.1.
409
+ //
410
+ // This only applies during the handshake. After the handshake, the next
411
+ // message may be part of a post-handshake transaction. It also does not
412
+ // apply immediately after the handshake. As a client, receiving a
413
+ // KeyUpdate or NewSessionTicket does not imply the server has received
414
+ // our Finished. The server may have sent those messages in half-RTT.
415
+ implicit_ack = true;
416
+ }
417
+
418
+ if (msg_hdr.seq - ssl->d1->handshake_read_seq > SSL_MAX_HANDSHAKE_FLIGHT) {
419
+ // Ignore fragments too far in the future.
420
+ skipped_fragments = true;
421
+ continue;
422
+ }
423
+
424
+ DTLSIncomingMessage *frag =
425
+ dtls1_get_incoming_message(ssl, out_alert, &msg_hdr);
426
+ if (frag == nullptr) {
427
+ return false;
428
+ }
429
+ assert(frag->msg_len() == msg_len);
430
+
431
+ if (frag->reassembly.IsComplete()) {
432
+ // The message is already assembled.
433
+ continue;
434
+ }
435
+ assert(msg_len > 0);
436
+
437
+ // Copy the body into the fragment.
438
+ Span<uint8_t> dest = frag->msg().subspan(frag_off, CBS_len(&body));
439
+ OPENSSL_memcpy(dest.data(), CBS_data(&body), CBS_len(&body));
440
+ frag->reassembly.MarkRange(frag_off, frag_off + frag_len);
441
+ }
442
+
443
+ if (implicit_ack) {
444
+ dtls1_stop_timer(ssl);
445
+ dtls_clear_outgoing_messages(ssl);
446
+ }
447
+
448
+ if (!skipped_fragments) {
449
+ ssl->d1->records_to_ack.PushBack(record_number);
450
+
451
+ if (ssl_has_final_version(ssl) &&
452
+ ssl_protocol_version(ssl) >= TLS1_3_VERSION &&
453
+ !ssl->d1->ack_timer.IsSet() && !ssl->d1->sending_ack) {
454
+ // Schedule sending an ACK. The delay serves several purposes:
455
+ // - If there are more records to come, we send only one ACK.
456
+ // - If there are more records to come and the flight is now complete, we
457
+ // will send the reply (which implicitly ACKs the previous flight) and
458
+ // cancel the timer.
459
+ // - If there are more records to come, the flight is now complete, but
460
+ // generating the response is delayed (e.g. a slow, async private key),
461
+ // the timer will fire and we send an ACK anyway.
462
+ OPENSSL_timeval now = ssl_ctx_get_current_time(ssl->ctx.get());
463
+ ssl->d1->ack_timer.StartMicroseconds(
464
+ now, uint64_t{ssl->d1->timeout_duration_ms} * 1000 / 4);
465
+ }
466
+ }
467
+
468
+ return true;
469
+ }
470
+
292
471
  ssl_open_record_t dtls1_open_handshake(SSL *ssl, size_t *out_consumed,
293
472
  uint8_t *out_alert, Span<uint8_t> in) {
294
473
  uint8_t type;
474
+ DTLSRecordNumber record_number;
295
475
  Span<uint8_t> record;
296
- auto ret = dtls_open_record(ssl, &type, &record, out_consumed, out_alert, in);
476
+ auto ret = dtls_open_record(ssl, &type, &record_number, &record, out_consumed,
477
+ out_alert, in);
297
478
  if (ret != ssl_open_record_success) {
298
479
  return ret;
299
480
  }
300
481
 
301
482
  switch (type) {
302
483
  case SSL3_RT_APPLICATION_DATA:
303
- // Unencrypted application data records are always illegal.
304
- if (ssl->s3->aead_read_ctx->is_null_cipher()) {
305
- OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_RECORD);
306
- *out_alert = SSL_AD_UNEXPECTED_MESSAGE;
307
- return ssl_open_record_error;
308
- }
309
-
310
- // Out-of-order application data may be received between ChangeCipherSpec
311
- // and finished. Discard it.
484
+ // In DTLS 1.2, out-of-order application data may be received between
485
+ // ChangeCipherSpec and Finished. Discard it.
312
486
  return ssl_open_record_discard;
313
487
 
314
488
  case SSL3_RT_CHANGE_CIPHER_SPEC:
489
+ if (record.size() != 1u || record[0] != SSL3_MT_CCS) {
490
+ OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_CHANGE_CIPHER_SPEC);
491
+ *out_alert = SSL_AD_ILLEGAL_PARAMETER;
492
+ return ssl_open_record_error;
493
+ }
494
+
315
495
  // We do not support renegotiation, so encrypted ChangeCipherSpec records
316
496
  // are illegal.
317
- if (!ssl->s3->aead_read_ctx->is_null_cipher()) {
497
+ if (record_number.epoch() != 0) {
318
498
  OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_RECORD);
319
499
  *out_alert = SSL_AD_UNEXPECTED_MESSAGE;
320
500
  return ssl_open_record_error;
321
501
  }
322
502
 
323
- if (record.size() != 1u || record[0] != SSL3_MT_CCS) {
324
- OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_CHANGE_CIPHER_SPEC);
325
- *out_alert = SSL_AD_ILLEGAL_PARAMETER;
326
- return ssl_open_record_error;
503
+ // Ignore ChangeCipherSpec from a previous epoch.
504
+ if (record_number.epoch() != ssl->d1->read_epoch.epoch) {
505
+ return ssl_open_record_discard;
327
506
  }
328
507
 
329
508
  // Flag the ChangeCipherSpec for later.
509
+ // TODO(crbug.com/42290594): Should we reject this in DTLS 1.3?
330
510
  ssl->d1->has_change_cipher_spec = true;
331
511
  ssl_do_msg_callback(ssl, 0 /* read */, SSL3_RT_CHANGE_CIPHER_SPEC,
332
512
  record);
333
513
  return ssl_open_record_success;
334
514
 
515
+ case SSL3_RT_ACK:
516
+ return dtls1_process_ack(ssl, out_alert, record_number, record);
517
+
335
518
  case SSL3_RT_HANDSHAKE:
336
- // Break out to main processing.
337
- break;
519
+ if (!dtls1_process_handshake_fragments(ssl, out_alert, record_number,
520
+ record)) {
521
+ return ssl_open_record_error;
522
+ }
523
+ return ssl_open_record_success;
338
524
 
339
525
  default:
340
526
  OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_RECORD);
341
527
  *out_alert = SSL_AD_UNEXPECTED_MESSAGE;
342
528
  return ssl_open_record_error;
343
529
  }
344
-
345
- CBS cbs;
346
- CBS_init(&cbs, record.data(), record.size());
347
- while (CBS_len(&cbs) > 0) {
348
- // Read a handshake fragment.
349
- struct hm_header_st msg_hdr;
350
- CBS body;
351
- if (!dtls1_parse_fragment(&cbs, &msg_hdr, &body)) {
352
- OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_HANDSHAKE_RECORD);
353
- *out_alert = SSL_AD_DECODE_ERROR;
354
- return ssl_open_record_error;
355
- }
356
-
357
- const size_t frag_off = msg_hdr.frag_off;
358
- const size_t frag_len = msg_hdr.frag_len;
359
- const size_t msg_len = msg_hdr.msg_len;
360
- if (frag_off > msg_len || frag_off + frag_len < frag_off ||
361
- frag_off + frag_len > msg_len ||
362
- msg_len > ssl_max_handshake_message_len(ssl)) {
363
- OPENSSL_PUT_ERROR(SSL, SSL_R_EXCESSIVE_MESSAGE_SIZE);
364
- *out_alert = SSL_AD_ILLEGAL_PARAMETER;
365
- return ssl_open_record_error;
366
- }
367
-
368
- // The encrypted epoch in DTLS has only one handshake message.
369
- if (ssl->d1->r_epoch == 1 && msg_hdr.seq != ssl->d1->handshake_read_seq) {
370
- OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_RECORD);
371
- *out_alert = SSL_AD_UNEXPECTED_MESSAGE;
372
- return ssl_open_record_error;
373
- }
374
-
375
- if (msg_hdr.seq < ssl->d1->handshake_read_seq ||
376
- msg_hdr.seq >
377
- (unsigned)ssl->d1->handshake_read_seq + SSL_MAX_HANDSHAKE_FLIGHT) {
378
- // Ignore fragments from the past, or ones too far in the future.
379
- continue;
380
- }
381
-
382
- hm_fragment *frag = dtls1_get_incoming_message(ssl, out_alert, &msg_hdr);
383
- if (frag == NULL) {
384
- return ssl_open_record_error;
385
- }
386
- assert(frag->msg_len == msg_len);
387
-
388
- if (frag->reassembly == NULL) {
389
- // The message is already assembled.
390
- continue;
391
- }
392
- assert(msg_len > 0);
393
-
394
- // Copy the body into the fragment.
395
- OPENSSL_memcpy(frag->data + DTLS1_HM_HEADER_LENGTH + frag_off,
396
- CBS_data(&body), CBS_len(&body));
397
- dtls1_hm_fragment_mark(frag, frag_off, frag_off + frag_len);
398
- }
399
-
400
- return ssl_open_record_success;
401
530
  }
402
531
 
403
532
  bool dtls1_get_message(const SSL *ssl, SSLMessage *out) {
@@ -406,10 +535,10 @@ bool dtls1_get_message(const SSL *ssl, SSLMessage *out) {
406
535
  }
407
536
 
408
537
  size_t idx = ssl->d1->handshake_read_seq % SSL_MAX_HANDSHAKE_FLIGHT;
409
- hm_fragment *frag = ssl->d1->incoming_messages[idx].get();
538
+ const DTLSIncomingMessage *frag = ssl->d1->incoming_messages[idx].get();
410
539
  out->type = frag->type;
411
- CBS_init(&out->body, frag->data + DTLS1_HM_HEADER_LENGTH, frag->msg_len);
412
- CBS_init(&out->raw, frag->data, DTLS1_HM_HEADER_LENGTH + frag->msg_len);
540
+ out->raw = CBS(frag->data);
541
+ out->body = CBS(frag->msg());
413
542
  out->is_v2_hello = false;
414
543
  if (!ssl->s3->has_message) {
415
544
  ssl_do_msg_callback(ssl, 0 /* read */, SSL3_RT_HANDSHAKE, out->raw);
@@ -424,6 +553,9 @@ void dtls1_next_message(SSL *ssl) {
424
553
  size_t index = ssl->d1->handshake_read_seq % SSL_MAX_HANDSHAKE_FLIGHT;
425
554
  ssl->d1->incoming_messages[index].reset();
426
555
  ssl->d1->handshake_read_seq++;
556
+ if (ssl->d1->handshake_read_seq == 0) {
557
+ ssl->d1->handshake_read_overflow = true;
558
+ }
427
559
  ssl->s3->has_message = false;
428
560
  // If we previously sent a flight, mark it as having a reply, so
429
561
  // |on_handshake_complete| can manage post-handshake retransmission.
@@ -483,26 +615,41 @@ ssl_open_record_t dtls1_open_change_cipher_spec(SSL *ssl, size_t *out_consumed,
483
615
 
484
616
  // Sending handshake messages.
485
617
 
486
- void DTLS_OUTGOING_MESSAGE::Clear() { data.Reset(); }
487
-
488
618
  void dtls_clear_outgoing_messages(SSL *ssl) {
489
- for (size_t i = 0; i < ssl->d1->outgoing_messages_len; i++) {
490
- ssl->d1->outgoing_messages[i].Clear();
491
- }
492
- ssl->d1->outgoing_messages_len = 0;
619
+ ssl->d1->outgoing_messages.clear();
620
+ ssl->d1->sent_records = nullptr;
493
621
  ssl->d1->outgoing_written = 0;
494
622
  ssl->d1->outgoing_offset = 0;
495
623
  ssl->d1->outgoing_messages_complete = false;
496
624
  ssl->d1->flight_has_reply = false;
625
+ ssl->d1->sending_flight = false;
626
+ dtls_clear_unused_write_epochs(ssl);
627
+ }
628
+
629
+ void dtls_clear_unused_write_epochs(SSL *ssl) {
630
+ ssl->d1->extra_write_epochs.EraseIf(
631
+ [ssl](const UniquePtr<DTLSWriteEpoch> &write_epoch) -> bool {
632
+ // Non-current epochs may be discarded once there are no incomplete
633
+ // outgoing messages that reference them.
634
+ //
635
+ // TODO(crbug.com/42290594): Epoch 1 (0-RTT) should be retained until
636
+ // epoch 3 (app data) is available.
637
+ for (const auto &msg : ssl->d1->outgoing_messages) {
638
+ if (msg.epoch == write_epoch->epoch() && !msg.IsFullyAcked()) {
639
+ return false;
640
+ }
641
+ }
642
+ return true;
643
+ });
497
644
  }
498
645
 
499
646
  bool dtls1_init_message(const SSL *ssl, CBB *cbb, CBB *body, uint8_t type) {
500
647
  // Pick a modest size hint to save most of the |realloc| calls.
501
- if (!CBB_init(cbb, 64) ||
502
- !CBB_add_u8(cbb, type) ||
503
- !CBB_add_u24(cbb, 0 /* length (filled in later) */) ||
504
- !CBB_add_u16(cbb, ssl->d1->handshake_write_seq) ||
505
- !CBB_add_u24(cbb, 0 /* offset */) ||
648
+ if (!CBB_init(cbb, 64) || //
649
+ !CBB_add_u8(cbb, type) || //
650
+ !CBB_add_u24(cbb, 0 /* length (filled in later) */) || //
651
+ !CBB_add_u16(cbb, ssl->d1->handshake_write_seq) || //
652
+ !CBB_add_u24(cbb, 0 /* offset */) || //
506
653
  !CBB_add_u24_length_prefixed(cbb, body)) {
507
654
  return false;
508
655
  }
@@ -524,20 +671,6 @@ bool dtls1_finish_message(const SSL *ssl, CBB *cbb, Array<uint8_t> *out_msg) {
524
671
  return true;
525
672
  }
526
673
 
527
- // ssl_size_t_greater_than_32_bits returns whether |v| exceeds the bounds of a
528
- // 32-bit value. The obvious thing doesn't work because, in some 32-bit build
529
- // configurations, the compiler warns that the test is always false and breaks
530
- // the build.
531
- static bool ssl_size_t_greater_than_32_bits(size_t v) {
532
- #if defined(OPENSSL_64_BIT)
533
- return v > 0xffffffff;
534
- #elif defined(OPENSSL_32_BIT)
535
- return false;
536
- #else
537
- #error "Building for neither 32- nor 64-bits."
538
- #endif
539
- }
540
-
541
674
  // add_outgoing adds a new handshake message or ChangeCipherSpec to the current
542
675
  // outgoing flight. It returns true on success and false on error.
543
676
  static bool add_outgoing(SSL *ssl, bool is_ccs, Array<uint8_t> data) {
@@ -548,34 +681,46 @@ static bool add_outgoing(SSL *ssl, bool is_ccs, Array<uint8_t> data) {
548
681
  dtls_clear_outgoing_messages(ssl);
549
682
  }
550
683
 
551
- static_assert(SSL_MAX_HANDSHAKE_FLIGHT <
552
- (1 << 8 * sizeof(ssl->d1->outgoing_messages_len)),
553
- "outgoing_messages_len is too small");
554
- if (ssl->d1->outgoing_messages_len >= SSL_MAX_HANDSHAKE_FLIGHT ||
555
- ssl_size_t_greater_than_32_bits(data.size())) {
556
- assert(false);
557
- OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
558
- return false;
559
- }
560
-
561
684
  if (!is_ccs) {
685
+ if (ssl->d1->handshake_write_overflow) {
686
+ OPENSSL_PUT_ERROR(SSL, ERR_R_OVERFLOW);
687
+ return false;
688
+ }
562
689
  // TODO(svaldez): Move this up a layer to fix abstraction for SSLTranscript
563
690
  // on hs.
564
- if (ssl->s3->hs != NULL &&
565
- !ssl->s3->hs->transcript.Update(data)) {
691
+ if (ssl->s3->hs != NULL && !ssl->s3->hs->transcript.Update(data)) {
566
692
  OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
567
693
  return false;
568
694
  }
569
695
  ssl->d1->handshake_write_seq++;
696
+ if (ssl->d1->handshake_write_seq == 0) {
697
+ ssl->d1->handshake_write_overflow = true;
698
+ }
570
699
  }
571
700
 
572
- DTLS_OUTGOING_MESSAGE *msg =
573
- &ssl->d1->outgoing_messages[ssl->d1->outgoing_messages_len];
574
- msg->data = std::move(data);
575
- msg->epoch = ssl->d1->w_epoch;
576
- msg->is_ccs = is_ccs;
701
+ DTLSOutgoingMessage msg;
702
+ msg.data = std::move(data);
703
+ msg.epoch = ssl->d1->write_epoch.epoch();
704
+ msg.is_ccs = is_ccs;
705
+ // Zero-length messages need 1 bit to track whether the peer has received the
706
+ // message header. (Normally the message header is implicitly received when
707
+ // any fragment of the message is received at all.)
708
+ if (!is_ccs && !msg.acked.Init(std::max(msg.msg_len(), size_t{1}))) {
709
+ return false;
710
+ }
711
+
712
+ // This should not fail if |SSL_MAX_HANDSHAKE_FLIGHT| was sized correctly.
713
+ //
714
+ // TODO(crbug.com/42290594): This can currently fail in DTLS 1.3. The caller
715
+ // can configure how many tickets to send, up to kMaxTickets. Additionally, if
716
+ // we send 0.5-RTT tickets in 0-RTT, we may even have tickets queued up with
717
+ // the server flight.
718
+ if (!ssl->d1->outgoing_messages.TryPushBack(std::move(msg))) {
719
+ assert(false);
720
+ OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
721
+ return false;
722
+ }
577
723
 
578
- ssl->d1->outgoing_messages_len++;
579
724
  return true;
580
725
  }
581
726
 
@@ -615,139 +760,207 @@ static void dtls1_update_mtu(SSL *ssl) {
615
760
 
616
761
  enum seal_result_t {
617
762
  seal_error,
618
- seal_no_progress,
619
- seal_partial,
620
- seal_success,
763
+ seal_continue,
764
+ seal_flush,
621
765
  };
622
766
 
623
- // seal_next_message seals |msg|, which must be the next message, to |out|. If
624
- // progress was made, it returns |seal_partial| or |seal_success| and sets
767
+ // seal_next_record seals one record's worth of messages to |out| and advances
768
+ // |ssl|'s internal state past the data that was sealed. If progress was made,
769
+ // it returns |seal_flush| or |seal_continue| and sets
625
770
  // |*out_len| to the number of bytes written.
626
- static enum seal_result_t seal_next_message(SSL *ssl, uint8_t *out,
627
- size_t *out_len, size_t max_out,
628
- const DTLS_OUTGOING_MESSAGE *msg) {
629
- assert(ssl->d1->outgoing_written < ssl->d1->outgoing_messages_len);
630
- assert(msg == &ssl->d1->outgoing_messages[ssl->d1->outgoing_written]);
771
+ //
772
+ // If the function stopped because the next message could not be combined into
773
+ // this record, it returns |seal_continue| and the caller should loop again.
774
+ // Otherwise, it returns |seal_flush| and the packet is complete (either because
775
+ // there are no more messages or the packet is full).
776
+ static seal_result_t seal_next_record(SSL *ssl, Span<uint8_t> out,
777
+ size_t *out_len) {
778
+ *out_len = 0;
779
+
780
+ // Skip any fully acked messages.
781
+ while (ssl->d1->outgoing_written < ssl->d1->outgoing_messages.size() &&
782
+ ssl->d1->outgoing_messages[ssl->d1->outgoing_written].IsFullyAcked()) {
783
+ ssl->d1->outgoing_offset = 0;
784
+ ssl->d1->outgoing_written++;
785
+ }
631
786
 
632
- size_t overhead = dtls_max_seal_overhead(ssl, msg->epoch);
633
- size_t prefix = dtls_seal_prefix_len(ssl, msg->epoch);
787
+ // There was nothing left to write.
788
+ if (ssl->d1->outgoing_written >= ssl->d1->outgoing_messages.size()) {
789
+ return seal_flush;
790
+ }
634
791
 
635
- if (msg->is_ccs) {
636
- // Check there is room for the ChangeCipherSpec.
637
- static const uint8_t kChangeCipherSpec[1] = {SSL3_MT_CCS};
638
- if (max_out < sizeof(kChangeCipherSpec) + overhead) {
639
- return seal_no_progress;
640
- }
792
+ const auto &first_msg = ssl->d1->outgoing_messages[ssl->d1->outgoing_written];
793
+ size_t prefix_len = dtls_seal_prefix_len(ssl, first_msg.epoch);
794
+ size_t max_in_len = dtls_seal_max_input_len(ssl, first_msg.epoch, out.size());
795
+ if (max_in_len == 0) {
796
+ // There is no room for a single record.
797
+ return seal_flush;
798
+ }
641
799
 
642
- if (!dtls_seal_record(ssl, out, out_len, max_out,
800
+ if (first_msg.is_ccs) {
801
+ static const uint8_t kChangeCipherSpec[1] = {SSL3_MT_CCS};
802
+ DTLSRecordNumber record_number;
803
+ if (!dtls_seal_record(ssl, &record_number, out.data(), out_len, out.size(),
643
804
  SSL3_RT_CHANGE_CIPHER_SPEC, kChangeCipherSpec,
644
- sizeof(kChangeCipherSpec), msg->epoch)) {
805
+ sizeof(kChangeCipherSpec), first_msg.epoch)) {
645
806
  return seal_error;
646
807
  }
647
808
 
648
- ssl_do_msg_callback(ssl, 1 /* write */, SSL3_RT_CHANGE_CIPHER_SPEC,
809
+ ssl_do_msg_callback(ssl, /*is_write=*/1, SSL3_RT_CHANGE_CIPHER_SPEC,
649
810
  kChangeCipherSpec);
650
- return seal_success;
651
- }
652
-
653
- // DTLS messages are serialized as a single fragment in |msg|.
654
- CBS cbs, body;
655
- struct hm_header_st hdr;
656
- CBS_init(&cbs, msg->data.data(), msg->data.size());
657
- if (!dtls1_parse_fragment(&cbs, &hdr, &body) ||
658
- hdr.frag_off != 0 ||
659
- hdr.frag_len != CBS_len(&body) ||
660
- hdr.msg_len != CBS_len(&body) ||
661
- !CBS_skip(&body, ssl->d1->outgoing_offset) ||
662
- CBS_len(&cbs) != 0) {
663
- OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
664
- return seal_error;
811
+ ssl->d1->outgoing_offset = 0;
812
+ ssl->d1->outgoing_written++;
813
+ return seal_continue;
665
814
  }
666
815
 
667
- // Determine how much progress can be made.
668
- if (max_out < DTLS1_HM_HEADER_LENGTH + 1 + overhead || max_out < prefix) {
669
- return seal_no_progress;
670
- }
671
- size_t todo = CBS_len(&body);
672
- if (todo > max_out - DTLS1_HM_HEADER_LENGTH - overhead) {
673
- todo = max_out - DTLS1_HM_HEADER_LENGTH - overhead;
674
- }
816
+ // TODO(crbug.com/374991962): For now, only send one message per record in
817
+ // epoch 0. Sending multiple is allowed and more efficient, but breaks
818
+ // b/378742138.
819
+ const bool allow_multiple_messages = first_msg.epoch != 0;
820
+
821
+ // Pack as many handshake fragments into one record as we can. We stage the
822
+ // fragments in the output buffer, to be sealed in-place.
823
+ bool should_continue = false;
824
+ Span<uint8_t> fragments = out.subspan(prefix_len, max_in_len);
825
+ CBB cbb;
826
+ CBB_init_fixed(&cbb, fragments.data(), fragments.size());
827
+ DTLSSentRecord sent_record;
828
+ sent_record.first_msg = ssl->d1->outgoing_written;
829
+ sent_record.first_msg_start = ssl->d1->outgoing_offset;
830
+ while (ssl->d1->outgoing_written < ssl->d1->outgoing_messages.size()) {
831
+ const auto &msg = ssl->d1->outgoing_messages[ssl->d1->outgoing_written];
832
+ if (msg.epoch != first_msg.epoch || msg.is_ccs) {
833
+ // We can only pack messages if the epoch matches. There may be more room
834
+ // in the packet, so tell the caller to keep going.
835
+ should_continue = true;
836
+ break;
837
+ }
675
838
 
676
- // Assemble a fragment, to be sealed in-place.
677
- ScopedCBB cbb;
678
- CBB child;
679
- uint8_t *frag = out + prefix;
680
- size_t max_frag = max_out - prefix, frag_len;
681
- if (!CBB_init_fixed(cbb.get(), frag, max_frag) ||
682
- !CBB_add_u8(cbb.get(), hdr.type) ||
683
- !CBB_add_u24(cbb.get(), hdr.msg_len) ||
684
- !CBB_add_u16(cbb.get(), hdr.seq) ||
685
- !CBB_add_u24(cbb.get(), ssl->d1->outgoing_offset) ||
686
- !CBB_add_u24_length_prefixed(cbb.get(), &child) ||
687
- !CBB_add_bytes(&child, CBS_data(&body), todo) ||
688
- !CBB_finish(cbb.get(), NULL, &frag_len)) {
689
- OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
690
- return seal_error;
839
+ // Decode |msg|'s header.
840
+ CBS cbs(msg.data), body_cbs;
841
+ struct hm_header_st hdr;
842
+ if (!dtls1_parse_fragment(&cbs, &hdr, &body_cbs) || //
843
+ hdr.frag_off != 0 || //
844
+ hdr.frag_len != CBS_len(&body_cbs) || //
845
+ hdr.msg_len != CBS_len(&body_cbs) || //
846
+ CBS_len(&cbs) != 0) {
847
+ OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
848
+ return seal_error;
849
+ }
850
+
851
+ // Iterate over every un-acked range in the message, if any.
852
+ Span<const uint8_t> body = body_cbs;
853
+ for (;;) {
854
+ auto range = msg.acked.NextUnmarkedRange(ssl->d1->outgoing_offset);
855
+ if (range.empty()) {
856
+ // Advance to the next message.
857
+ ssl->d1->outgoing_offset = 0;
858
+ ssl->d1->outgoing_written++;
859
+ break;
860
+ }
861
+
862
+ // Determine how much progress can be made (minimum one byte of progress).
863
+ size_t capacity = fragments.size() - CBB_len(&cbb);
864
+ if (capacity < DTLS1_HM_HEADER_LENGTH + 1) {
865
+ goto packet_full;
866
+ }
867
+ size_t todo = std::min(range.size(), capacity - DTLS1_HM_HEADER_LENGTH);
868
+
869
+ // Empty messages are special-cased in ACK tracking. We act as if they
870
+ // have one byte, but in reality that byte is tracking the header.
871
+ Span<const uint8_t> frag;
872
+ if (!body.empty()) {
873
+ frag = body.subspan(range.start, todo);
874
+ }
875
+
876
+ // Assemble the fragment.
877
+ size_t frag_start = CBB_len(&cbb);
878
+ CBB child;
879
+ if (!CBB_add_u8(&cbb, hdr.type) || //
880
+ !CBB_add_u24(&cbb, hdr.msg_len) || //
881
+ !CBB_add_u16(&cbb, hdr.seq) || //
882
+ !CBB_add_u24(&cbb, range.start) || //
883
+ !CBB_add_u24_length_prefixed(&cbb, &child) || //
884
+ !CBB_add_bytes(&child, frag.data(), frag.size()) || //
885
+ !CBB_flush(&cbb)) {
886
+ OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
887
+ return seal_error;
888
+ }
889
+ size_t frag_end = CBB_len(&cbb);
890
+
891
+ // TODO(davidben): It is odd that, on output, we inform the caller of
892
+ // retransmits and individual fragments, but on input we only inform the
893
+ // caller of complete messages.
894
+ ssl_do_msg_callback(ssl, /*is_write=*/1, SSL3_RT_HANDSHAKE,
895
+ fragments.subspan(frag_start, frag_end - frag_start));
896
+
897
+ ssl->d1->outgoing_offset = range.start + todo;
898
+ if (todo < range.size()) {
899
+ // The packet was the limiting factor.
900
+ goto packet_full;
901
+ }
902
+ }
903
+
904
+ if (!allow_multiple_messages) {
905
+ should_continue = true;
906
+ break;
907
+ }
691
908
  }
692
909
 
693
- ssl_do_msg_callback(ssl, 1 /* write */, SSL3_RT_HANDSHAKE,
694
- MakeSpan(frag, frag_len));
910
+ packet_full:
911
+ sent_record.last_msg = ssl->d1->outgoing_written;
912
+ sent_record.last_msg_end = ssl->d1->outgoing_offset;
695
913
 
696
- if (!dtls_seal_record(ssl, out, out_len, max_out, SSL3_RT_HANDSHAKE,
697
- out + prefix, frag_len, msg->epoch)) {
914
+ // We could not fit anything. Don't try to make a record.
915
+ if (CBB_len(&cbb) == 0) {
916
+ assert(!should_continue);
917
+ return seal_flush;
918
+ }
919
+
920
+ if (!dtls_seal_record(ssl, &sent_record.number, out.data(), out_len,
921
+ out.size(), SSL3_RT_HANDSHAKE, CBB_data(&cbb),
922
+ CBB_len(&cbb), first_msg.epoch)) {
698
923
  return seal_error;
699
924
  }
700
925
 
701
- if (todo == CBS_len(&body)) {
702
- // The next message is complete.
703
- ssl->d1->outgoing_offset = 0;
704
- return seal_success;
926
+ // If DTLS 1.3 (or if the version is not yet known and it may be DTLS 1.3),
927
+ // save the record number to match against ACKs later.
928
+ if (ssl->s3->version == 0 || ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
929
+ if (ssl->d1->sent_records == nullptr) {
930
+ ssl->d1->sent_records =
931
+ MakeUnique<MRUQueue<DTLSSentRecord, DTLS_MAX_ACK_BUFFER>>();
932
+ if (ssl->d1->sent_records == nullptr) {
933
+ return seal_error;
934
+ }
935
+ }
936
+ ssl->d1->sent_records->PushBack(sent_record);
705
937
  }
706
938
 
707
- ssl->d1->outgoing_offset += todo;
708
- return seal_partial;
939
+ return should_continue ? seal_continue : seal_flush;
709
940
  }
710
941
 
711
942
  // seal_next_packet writes as much of the next flight as possible to |out| and
712
943
  // advances |ssl->d1->outgoing_written| and |ssl->d1->outgoing_offset| as
713
944
  // appropriate.
714
- static bool seal_next_packet(SSL *ssl, uint8_t *out, size_t *out_len,
715
- size_t max_out) {
716
- bool made_progress = false;
945
+ static bool seal_next_packet(SSL *ssl, Span<uint8_t> out, size_t *out_len) {
717
946
  size_t total = 0;
718
- assert(ssl->d1->outgoing_written < ssl->d1->outgoing_messages_len);
719
- for (; ssl->d1->outgoing_written < ssl->d1->outgoing_messages_len;
720
- ssl->d1->outgoing_written++) {
721
- const DTLS_OUTGOING_MESSAGE *msg =
722
- &ssl->d1->outgoing_messages[ssl->d1->outgoing_written];
947
+ for (;;) {
723
948
  size_t len;
724
- enum seal_result_t ret = seal_next_message(ssl, out, &len, max_out, msg);
949
+ seal_result_t ret = seal_next_record(ssl, out, &len);
725
950
  switch (ret) {
726
951
  case seal_error:
727
952
  return false;
728
953
 
729
- case seal_no_progress:
730
- goto packet_full;
731
-
732
- case seal_partial:
733
- case seal_success:
734
- out += len;
735
- max_out -= len;
954
+ case seal_flush:
955
+ case seal_continue:
956
+ out = out.subspan(len);
736
957
  total += len;
737
- made_progress = true;
738
-
739
- if (ret == seal_partial) {
740
- goto packet_full;
741
- }
742
958
  break;
743
959
  }
744
- }
745
960
 
746
- packet_full:
747
- // The MTU was too small to make any progress.
748
- if (!made_progress) {
749
- OPENSSL_PUT_ERROR(SSL, SSL_R_MTU_TOO_SMALL);
750
- return false;
961
+ if (ret == seal_flush) {
962
+ break;
963
+ }
751
964
  }
752
965
 
753
966
  *out_len = total;
@@ -765,29 +978,44 @@ static int send_flight(SSL *ssl) {
765
978
  return -1;
766
979
  }
767
980
 
981
+ if (ssl->d1->num_timeouts > DTLS1_MAX_TIMEOUTS) {
982
+ OPENSSL_PUT_ERROR(SSL, SSL_R_READ_TIMEOUT_EXPIRED);
983
+ return -1;
984
+ }
985
+
768
986
  dtls1_update_mtu(ssl);
769
987
 
770
988
  Array<uint8_t> packet;
771
- if (!packet.Init(ssl->d1->mtu)) {
989
+ if (!packet.InitForOverwrite(ssl->d1->mtu)) {
772
990
  return -1;
773
991
  }
774
992
 
775
- while (ssl->d1->outgoing_written < ssl->d1->outgoing_messages_len) {
993
+ while (ssl->d1->outgoing_written < ssl->d1->outgoing_messages.size()) {
776
994
  uint8_t old_written = ssl->d1->outgoing_written;
777
995
  uint32_t old_offset = ssl->d1->outgoing_offset;
778
996
 
779
997
  size_t packet_len;
780
- if (!seal_next_packet(ssl, packet.data(), &packet_len, packet.size())) {
998
+ if (!seal_next_packet(ssl, MakeSpan(packet), &packet_len)) {
781
999
  return -1;
782
1000
  }
783
1001
 
784
- int bio_ret = BIO_write(ssl->wbio.get(), packet.data(), packet_len);
785
- if (bio_ret <= 0) {
786
- // Retry this packet the next time around.
787
- ssl->d1->outgoing_written = old_written;
788
- ssl->d1->outgoing_offset = old_offset;
789
- ssl->s3->rwstate = SSL_ERROR_WANT_WRITE;
790
- return bio_ret;
1002
+ if (packet_len == 0 &&
1003
+ ssl->d1->outgoing_written < ssl->d1->outgoing_messages.size()) {
1004
+ // We made no progress with the packet size available, but did not reach
1005
+ // the end.
1006
+ OPENSSL_PUT_ERROR(SSL, SSL_R_MTU_TOO_SMALL);
1007
+ return false;
1008
+ }
1009
+
1010
+ if (packet_len != 0) {
1011
+ int bio_ret = BIO_write(ssl->wbio.get(), packet.data(), packet_len);
1012
+ if (bio_ret <= 0) {
1013
+ // Retry this packet the next time around.
1014
+ ssl->d1->outgoing_written = old_written;
1015
+ ssl->d1->outgoing_offset = old_offset;
1016
+ ssl->s3->rwstate = SSL_ERROR_WANT_WRITE;
1017
+ return bio_ret;
1018
+ }
791
1019
  }
792
1020
  }
793
1021
 
@@ -799,26 +1027,143 @@ static int send_flight(SSL *ssl) {
799
1027
  return 1;
800
1028
  }
801
1029
 
802
- int dtls1_flush_flight(SSL *ssl) {
1030
+ void dtls1_finish_flight(SSL *ssl) {
1031
+ if (ssl->d1->outgoing_messages.empty() ||
1032
+ ssl->d1->outgoing_messages_complete) {
1033
+ return; // Nothing to do.
1034
+ }
1035
+
1036
+ if (ssl->d1->outgoing_messages[0].epoch <= 2) {
1037
+ // DTLS 1.3 handshake messages (epoch 2 and below) implicitly ACK the
1038
+ // previous flight, so there is no need to ACK previous records. This
1039
+ // clears the ACK buffer slightly earlier than the specification suggests.
1040
+ // See the discussion in
1041
+ // https://mailarchive.ietf.org/arch/msg/tls/kjJnquJOVaWxu5hUCmNzB35eqY0/
1042
+ ssl->d1->records_to_ack.Clear();
1043
+ ssl->d1->ack_timer.Stop();
1044
+ ssl->d1->sending_ack = false;
1045
+ }
1046
+
803
1047
  ssl->d1->outgoing_messages_complete = true;
804
- // Start the retransmission timer for the next flight (if any).
805
- dtls1_start_timer(ssl);
806
- return send_flight(ssl);
1048
+ ssl->d1->sending_flight = true;
1049
+ // Stop retransmitting the previous flight. In DTLS 1.3, we'll have stopped
1050
+ // the timer already, but DTLS 1.2 keeps it running until the next flight is
1051
+ // ready.
1052
+ dtls1_stop_timer(ssl);
807
1053
  }
808
1054
 
809
- int dtls1_retransmit_outgoing_messages(SSL *ssl) {
810
- // Rewind to the start of the flight and write it again.
811
- //
812
- // TODO(davidben): This does not allow retransmits to be resumed on
813
- // non-blocking write.
814
- ssl->d1->outgoing_written = 0;
815
- ssl->d1->outgoing_offset = 0;
1055
+ void dtls1_schedule_ack(SSL *ssl) {
1056
+ ssl->d1->ack_timer.Stop();
1057
+ ssl->d1->sending_ack = !ssl->d1->records_to_ack.empty();
1058
+ }
1059
+
1060
+ static int send_ack(SSL *ssl) {
1061
+ assert(ssl_protocol_version(ssl) >= TLS1_3_VERSION);
1062
+
1063
+ // Ensure we don't send so many ACKs that we overflow the MTU. There is a
1064
+ // 2-byte length prefix and each ACK is 16 bytes.
1065
+ dtls1_update_mtu(ssl);
1066
+ size_t max_plaintext =
1067
+ dtls_seal_max_input_len(ssl, ssl->d1->write_epoch.epoch(), ssl->d1->mtu);
1068
+ if (max_plaintext < 2 + 16) {
1069
+ OPENSSL_PUT_ERROR(SSL, SSL_R_MTU_TOO_SMALL); // No room for even one ACK.
1070
+ return -1;
1071
+ }
1072
+ size_t num_acks =
1073
+ std::min((max_plaintext - 2) / 16, ssl->d1->records_to_ack.size());
1074
+
1075
+ // Assemble the ACK. RFC 9147 says to sort ACKs numerically. It is unclear if
1076
+ // other implementations do this, but go ahead and sort for now. See
1077
+ // https://mailarchive.ietf.org/arch/msg/tls/kjJnquJOVaWxu5hUCmNzB35eqY0/.
1078
+ // Remove this if rfc9147bis removes this requirement.
1079
+ InplaceVector<DTLSRecordNumber, DTLS_MAX_ACK_BUFFER> sorted;
1080
+ for (size_t i = ssl->d1->records_to_ack.size() - num_acks;
1081
+ i < ssl->d1->records_to_ack.size(); i++) {
1082
+ sorted.PushBack(ssl->d1->records_to_ack[i]);
1083
+ }
1084
+ std::sort(sorted.begin(), sorted.end());
1085
+
1086
+ uint8_t buf[2 + 16 * DTLS_MAX_ACK_BUFFER];
1087
+ CBB cbb, child;
1088
+ CBB_init_fixed(&cbb, buf, sizeof(buf));
1089
+ BSSL_CHECK(CBB_add_u16_length_prefixed(&cbb, &child));
1090
+ for (const auto &number : sorted) {
1091
+ BSSL_CHECK(CBB_add_u64(&child, number.epoch()));
1092
+ BSSL_CHECK(CBB_add_u64(&child, number.sequence()));
1093
+ }
1094
+ BSSL_CHECK(CBB_flush(&cbb));
1095
+
1096
+ // Encrypt it.
1097
+ uint8_t record[DTLS1_3_RECORD_HEADER_WRITE_LENGTH + sizeof(buf) +
1098
+ 1 /* record type */ + EVP_AEAD_MAX_OVERHEAD];
1099
+ size_t record_len;
1100
+ DTLSRecordNumber record_number;
1101
+ if (!dtls_seal_record(ssl, &record_number, record, &record_len,
1102
+ sizeof(record), SSL3_RT_ACK, CBB_data(&cbb),
1103
+ CBB_len(&cbb), ssl->d1->write_epoch.epoch())) {
1104
+ return -1;
1105
+ }
1106
+
1107
+ ssl_do_msg_callback(ssl, /*is_write=*/1, SSL3_RT_ACK,
1108
+ MakeConstSpan(CBB_data(&cbb), CBB_len(&cbb)));
1109
+
1110
+ int bio_ret =
1111
+ BIO_write(ssl->wbio.get(), record, static_cast<int>(record_len));
1112
+ if (bio_ret <= 0) {
1113
+ ssl->s3->rwstate = SSL_ERROR_WANT_WRITE;
1114
+ return bio_ret;
1115
+ }
1116
+
1117
+ if (BIO_flush(ssl->wbio.get()) <= 0) {
1118
+ ssl->s3->rwstate = SSL_ERROR_WANT_WRITE;
1119
+ return -1;
1120
+ }
816
1121
 
817
- return send_flight(ssl);
1122
+ return 1;
818
1123
  }
819
1124
 
820
- unsigned int dtls1_min_mtu(void) {
821
- return kMinMTU;
1125
+ int dtls1_flush(SSL *ssl) {
1126
+ // Send the pending ACK, if any.
1127
+ if (ssl->d1->sending_ack) {
1128
+ int ret = send_ack(ssl);
1129
+ if (ret <= 0) {
1130
+ return ret;
1131
+ }
1132
+ ssl->d1->sending_ack = false;
1133
+ }
1134
+
1135
+ // Send the pending flight, if any.
1136
+ if (ssl->d1->sending_flight) {
1137
+ int ret = send_flight(ssl);
1138
+ if (ret <= 0) {
1139
+ return ret;
1140
+ }
1141
+
1142
+ // Reset state for the next send.
1143
+ ssl->d1->outgoing_written = 0;
1144
+ ssl->d1->outgoing_offset = 0;
1145
+ ssl->d1->sending_flight = false;
1146
+
1147
+ // Schedule the next retransmit timer. In DTLS 1.3, we retransmit all
1148
+ // flights until ACKed. In DTLS 1.2, the final Finished flight is never
1149
+ // ACKed, so we do not keep the timer running after the handshake.
1150
+ if (SSL_in_init(ssl) || ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
1151
+ if (ssl->d1->num_timeouts == 0) {
1152
+ ssl->d1->timeout_duration_ms = ssl->initial_timeout_duration_ms;
1153
+ } else {
1154
+ ssl->d1->timeout_duration_ms =
1155
+ std::min(ssl->d1->timeout_duration_ms * 2, uint32_t{60000});
1156
+ }
1157
+
1158
+ OPENSSL_timeval now = ssl_ctx_get_current_time(ssl->ctx.get());
1159
+ ssl->d1->retransmit_timer.StartMicroseconds(
1160
+ now, uint64_t{ssl->d1->timeout_duration_ms} * 1000);
1161
+ }
1162
+ }
1163
+
1164
+ return 1;
822
1165
  }
823
1166
 
1167
+ unsigned int dtls1_min_mtu(void) { return kMinMTU; }
1168
+
824
1169
  BSSL_NAMESPACE_END