grpc 1.69.0 → 1.71.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (1235) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +249 -283
  3. data/include/grpc/event_engine/endpoint_config.h +5 -5
  4. data/include/grpc/event_engine/event_engine.h +44 -5
  5. data/include/grpc/status.h +1 -1
  6. data/include/grpc/support/atm.h +0 -13
  7. data/include/grpc/support/json.h +16 -16
  8. data/src/core/call/request_buffer.cc +224 -0
  9. data/src/core/call/request_buffer.h +192 -0
  10. data/src/core/channelz/channelz.cc +2 -2
  11. data/src/core/channelz/channelz.h +3 -22
  12. data/src/core/channelz/channelz_registry.cc +0 -7
  13. data/src/core/client_channel/client_channel.cc +18 -29
  14. data/src/core/client_channel/client_channel.h +2 -2
  15. data/src/core/client_channel/client_channel_args.h +21 -0
  16. data/src/core/client_channel/client_channel_filter.cc +54 -131
  17. data/src/core/client_channel/client_channel_filter.h +11 -9
  18. data/src/core/client_channel/client_channel_plugin.cc +2 -1
  19. data/src/core/client_channel/client_channel_service_config.cc +1 -1
  20. data/src/core/client_channel/client_channel_service_config.h +5 -5
  21. data/src/core/client_channel/direct_channel.cc +1 -1
  22. data/src/core/client_channel/direct_channel.h +1 -1
  23. data/src/core/client_channel/lb_metadata.cc +7 -8
  24. data/src/core/client_channel/lb_metadata.h +3 -3
  25. data/src/core/client_channel/load_balanced_call_destination.cc +4 -4
  26. data/src/core/client_channel/retry_filter.cc +1 -1
  27. data/src/core/client_channel/retry_filter.h +1 -1
  28. data/src/core/client_channel/retry_filter_legacy_call_data.cc +10 -12
  29. data/src/core/client_channel/retry_filter_legacy_call_data.h +7 -7
  30. data/src/core/client_channel/retry_interceptor.cc +408 -0
  31. data/src/core/client_channel/retry_interceptor.h +157 -0
  32. data/src/core/client_channel/retry_service_config.cc +1 -1
  33. data/src/core/client_channel/retry_service_config.h +16 -3
  34. data/src/core/client_channel/retry_throttle.cc +33 -18
  35. data/src/core/client_channel/retry_throttle.h +3 -3
  36. data/src/core/client_channel/subchannel.cc +43 -76
  37. data/src/core/client_channel/subchannel.h +4 -4
  38. data/src/core/client_channel/subchannel_stream_client.cc +0 -1
  39. data/src/core/client_channel/subchannel_stream_client.h +3 -3
  40. data/src/core/config/config_vars.cc +1 -0
  41. data/src/core/config/config_vars.h +1 -0
  42. data/src/core/config/load_config.cc +3 -2
  43. data/src/core/config/load_config.h +1 -1
  44. data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +4 -11
  45. data/src/core/ext/filters/backend_metrics/backend_metric_filter.h +7 -7
  46. data/src/core/ext/filters/channel_idle/legacy_channel_idle_filter.cc +1 -1
  47. data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +8 -15
  48. data/src/core/ext/filters/fault_injection/fault_injection_filter.h +6 -6
  49. data/src/core/ext/filters/fault_injection/fault_injection_service_config_parser.cc +1 -1
  50. data/src/core/ext/filters/gcp_authentication/gcp_authentication_filter.cc +0 -7
  51. data/src/core/ext/filters/gcp_authentication/gcp_authentication_filter.h +6 -6
  52. data/src/core/ext/filters/gcp_authentication/gcp_authentication_service_config_parser.cc +1 -1
  53. data/src/core/ext/filters/gcp_authentication/gcp_authentication_service_config_parser.h +1 -1
  54. data/src/core/ext/filters/http/client/http_client_filter.cc +1 -6
  55. data/src/core/ext/filters/http/client/http_client_filter.h +4 -4
  56. data/src/core/ext/filters/http/client_authority_filter.cc +6 -11
  57. data/src/core/ext/filters/http/client_authority_filter.h +6 -6
  58. data/src/core/ext/filters/http/message_compress/compression_filter.cc +18 -22
  59. data/src/core/ext/filters/http/message_compress/compression_filter.h +18 -13
  60. data/src/core/ext/filters/http/server/http_server_filter.cc +3 -8
  61. data/src/core/ext/filters/http/server/http_server_filter.h +4 -4
  62. data/src/core/ext/filters/message_size/message_size_filter.cc +13 -25
  63. data/src/core/ext/filters/message_size/message_size_filter.h +20 -21
  64. data/src/core/ext/filters/rbac/rbac_filter.cc +0 -7
  65. data/src/core/ext/filters/rbac/rbac_filter.h +6 -6
  66. data/src/core/ext/filters/rbac/rbac_service_config_parser.cc +3 -3
  67. data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +1 -6
  68. data/src/core/ext/filters/stateful_session/stateful_session_filter.h +4 -4
  69. data/src/core/ext/filters/stateful_session/stateful_session_service_config_parser.cc +1 -1
  70. data/src/core/ext/filters/stateful_session/stateful_session_service_config_parser.h +2 -2
  71. data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +1 -2
  72. data/src/core/ext/transport/chttp2/client/chttp2_connector.h +4 -3
  73. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +612 -100
  74. data/src/core/ext/transport/chttp2/server/chttp2_server.h +189 -13
  75. data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +1 -1
  76. data/src/core/ext/transport/chttp2/transport/call_tracer_wrapper.cc +2 -2
  77. data/src/core/ext/transport/chttp2/transport/call_tracer_wrapper.h +4 -4
  78. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +85 -59
  79. data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +7 -7
  80. data/src/core/ext/transport/chttp2/transport/flow_control.cc +1 -1
  81. data/src/core/ext/transport/chttp2/transport/flow_control.h +3 -3
  82. data/src/core/ext/transport/chttp2/transport/frame.cc +2 -2
  83. data/src/core/ext/transport/chttp2/transport/frame.h +5 -5
  84. data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +8 -8
  85. data/src/core/ext/transport/chttp2/transport/frame_security.cc +1 -3
  86. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +5 -5
  87. data/src/core/ext/transport/chttp2/transport/hpack_parse_result.h +2 -2
  88. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +32 -31
  89. data/src/core/ext/transport/chttp2/transport/hpack_parser.h +6 -7
  90. data/src/core/ext/transport/chttp2/transport/http2_settings.cc +3 -3
  91. data/src/core/ext/transport/chttp2/transport/http2_settings.h +2 -2
  92. data/src/core/ext/transport/chttp2/transport/internal.h +19 -8
  93. data/src/core/ext/transport/chttp2/transport/parsing.cc +14 -14
  94. data/src/core/ext/transport/chttp2/transport/ping_abuse_policy.cc +1 -1
  95. data/src/core/ext/transport/chttp2/transport/ping_callbacks.cc +2 -2
  96. data/src/core/ext/transport/chttp2/transport/ping_callbacks.h +2 -2
  97. data/src/core/ext/transport/chttp2/transport/ping_rate_policy.cc +2 -2
  98. data/src/core/ext/transport/chttp2/transport/ping_rate_policy.h +2 -2
  99. data/src/core/ext/transport/chttp2/transport/stream_lists.cc +1 -0
  100. data/src/core/ext/transport/chttp2/transport/varint.cc +4 -4
  101. data/src/core/ext/transport/chttp2/transport/writing.cc +16 -22
  102. data/src/core/ext/transport/inproc/inproc_transport.cc +1 -3
  103. data/src/core/ext/transport/inproc/legacy_inproc_transport.cc +15 -10
  104. data/src/core/ext/upb-gen/envoy/admin/v3/config_dump_shared.upb.h +3 -1
  105. data/src/core/ext/upb-gen/envoy/admin/v3/server_info.upb.h +16 -0
  106. data/src/core/ext/upb-gen/envoy/admin/v3/server_info.upb_minitable.c +3 -2
  107. data/src/core/ext/upb-gen/envoy/config/cluster/v3/cluster.upb.h +66 -36
  108. data/src/core/ext/upb-gen/envoy/config/cluster/v3/cluster.upb_minitable.c +19 -17
  109. data/src/core/ext/upb-gen/envoy/config/core/v3/base.upb.h +116 -0
  110. data/src/core/ext/upb-gen/envoy/config/core/v3/base.upb_minitable.c +31 -5
  111. data/src/core/ext/upb-gen/envoy/config/core/v3/base.upb_minitable.h +2 -0
  112. data/src/core/ext/upb-gen/envoy/config/core/v3/protocol.upb.h +97 -6
  113. data/src/core/ext/upb-gen/envoy/config/core/v3/protocol.upb_minitable.c +17 -11
  114. data/src/core/ext/upb-gen/envoy/config/core/v3/socket_cmsg_headers.upb.h +151 -0
  115. data/src/core/ext/upb-gen/envoy/config/core/v3/socket_cmsg_headers.upb_minitable.c +60 -0
  116. data/src/core/ext/upb-gen/envoy/config/core/v3/socket_cmsg_headers.upb_minitable.h +32 -0
  117. data/src/core/ext/upb-gen/envoy/config/core/v3/socket_option.upb.h +228 -21
  118. data/src/core/ext/upb-gen/envoy/config/core/v3/socket_option.upb_minitable.c +65 -17
  119. data/src/core/ext/upb-gen/envoy/config/core/v3/socket_option.upb_minitable.h +6 -0
  120. data/src/core/ext/upb-gen/envoy/config/listener/v3/listener_components.upb.h +7 -106
  121. data/src/core/ext/upb-gen/envoy/config/listener/v3/listener_components.upb_minitable.c +7 -28
  122. data/src/core/ext/upb-gen/envoy/config/listener/v3/listener_components.upb_minitable.h +0 -2
  123. data/src/core/ext/upb-gen/envoy/config/listener/v3/quic_config.upb.h +85 -0
  124. data/src/core/ext/upb-gen/envoy/config/listener/v3/quic_config.upb_minitable.c +25 -3
  125. data/src/core/ext/upb-gen/envoy/config/overload/v3/overload.upb.h +2 -1
  126. data/src/core/ext/upb-gen/envoy/config/rbac/v3/rbac.upb.h +152 -0
  127. data/src/core/ext/upb-gen/envoy/config/rbac/v3/rbac.upb_minitable.c +40 -10
  128. data/src/core/ext/upb-gen/envoy/config/rbac/v3/rbac.upb_minitable.h +2 -0
  129. data/src/core/ext/upb-gen/envoy/config/route/v3/route_components.upb.h +253 -4
  130. data/src/core/ext/upb-gen/envoy/config/route/v3/route_components.upb_minitable.c +70 -13
  131. data/src/core/ext/upb-gen/envoy/config/route/v3/route_components.upb_minitable.h +4 -0
  132. data/src/core/ext/upb-gen/envoy/config/trace/v3/trace.upb.h +0 -2
  133. data/src/core/ext/upb-gen/envoy/config/trace/v3/trace.upb_minitable.c +0 -1
  134. data/src/core/ext/upb-gen/envoy/config/trace/v3/trace.upb_minitable.h +0 -1
  135. data/src/core/ext/upb-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +16 -0
  136. data/src/core/ext/upb-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb_minitable.c +3 -2
  137. data/src/core/ext/upb-gen/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.h +60 -0
  138. data/src/core/ext/upb-gen/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb_minitable.c +13 -2
  139. data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/http_11_proxy/v3/upstream_http_11_connect.upb.h +0 -1
  140. data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/http_11_proxy/v3/upstream_http_11_connect.upb_minitable.c +0 -1
  141. data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +102 -24
  142. data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/tls.upb_minitable.c +28 -19
  143. data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.upb.h +37 -7
  144. data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.upb_minitable.c +7 -5
  145. data/src/core/ext/upb-gen/envoy/service/discovery/v3/discovery.upb.h +251 -18
  146. data/src/core/ext/upb-gen/envoy/service/discovery/v3/discovery.upb_minitable.c +41 -16
  147. data/src/core/ext/upb-gen/envoy/service/discovery/v3/discovery.upb_minitable.h +2 -0
  148. data/src/core/ext/upb-gen/envoy/service/status/v3/csds.upb.h +2 -1
  149. data/src/core/ext/upb-gen/envoy/type/matcher/v3/address.upb.h +142 -0
  150. data/src/core/ext/upb-gen/envoy/type/matcher/v3/address.upb_minitable.c +55 -0
  151. data/src/core/ext/upb-gen/envoy/type/matcher/v3/address.upb_minitable.h +32 -0
  152. data/src/core/ext/upb-gen/envoy/type/matcher/v3/filter_state.upb.h +33 -0
  153. data/src/core/ext/upb-gen/envoy/type/matcher/v3/filter_state.upb_minitable.c +7 -4
  154. data/src/core/ext/upbdefs-gen/envoy/admin/v3/config_dump_shared.upbdefs.c +11 -10
  155. data/src/core/ext/upbdefs-gen/envoy/admin/v3/server_info.upbdefs.c +6 -4
  156. data/src/core/ext/upbdefs-gen/envoy/config/cluster/v3/cluster.upbdefs.c +418 -413
  157. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/base.upbdefs.c +161 -153
  158. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/base.upbdefs.h +5 -0
  159. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/protocol.upbdefs.c +270 -261
  160. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/socket_cmsg_headers.upbdefs.c +46 -0
  161. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/socket_cmsg_headers.upbdefs.h +33 -0
  162. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/socket_option.upbdefs.c +29 -19
  163. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/socket_option.upbdefs.h +15 -0
  164. data/src/core/ext/upbdefs-gen/envoy/config/listener/v3/listener_components.upbdefs.c +58 -65
  165. data/src/core/ext/upbdefs-gen/envoy/config/listener/v3/listener_components.upbdefs.h +0 -5
  166. data/src/core/ext/upbdefs-gen/envoy/config/listener/v3/quic_config.upbdefs.c +73 -63
  167. data/src/core/ext/upbdefs-gen/envoy/config/overload/v3/overload.upbdefs.c +49 -48
  168. data/src/core/ext/upbdefs-gen/envoy/config/rbac/v3/rbac.upbdefs.c +117 -100
  169. data/src/core/ext/upbdefs-gen/envoy/config/rbac/v3/rbac.upbdefs.h +5 -0
  170. data/src/core/ext/upbdefs-gen/envoy/config/route/v3/route_components.upbdefs.c +917 -898
  171. data/src/core/ext/upbdefs-gen/envoy/config/route/v3/route_components.upbdefs.h +10 -0
  172. data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/trace.upbdefs.c +15 -18
  173. data/src/core/ext/upbdefs-gen/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.c +33 -33
  174. data/src/core/ext/upbdefs-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +460 -457
  175. data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/http_11_proxy/v3/upstream_http_11_connect.upbdefs.c +16 -19
  176. data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +95 -95
  177. data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +202 -191
  178. data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.upbdefs.c +19 -17
  179. data/src/core/ext/upbdefs-gen/envoy/service/discovery/v3/discovery.upbdefs.c +148 -135
  180. data/src/core/ext/upbdefs-gen/envoy/service/discovery/v3/discovery.upbdefs.h +5 -0
  181. data/src/core/ext/upbdefs-gen/envoy/service/status/v3/csds.upbdefs.c +23 -22
  182. data/src/core/ext/upbdefs-gen/envoy/type/matcher/v3/address.upbdefs.c +41 -0
  183. data/src/core/ext/upbdefs-gen/envoy/type/matcher/v3/address.upbdefs.h +33 -0
  184. data/src/core/ext/upbdefs-gen/envoy/type/matcher/v3/filter_state.upbdefs.c +26 -19
  185. data/src/core/filter/blackboard.cc +2 -2
  186. data/src/core/filter/filter_args.h +112 -0
  187. data/src/core/handshaker/handshaker.cc +0 -3
  188. data/src/core/handshaker/http_connect/http_connect_handshaker.cc +4 -6
  189. data/src/core/handshaker/http_connect/http_proxy_mapper.cc +31 -32
  190. data/src/core/handshaker/http_connect/http_proxy_mapper.h +4 -4
  191. data/src/core/handshaker/http_connect/xds_http_proxy_mapper.cc +5 -5
  192. data/src/core/handshaker/http_connect/xds_http_proxy_mapper.h +5 -5
  193. data/src/core/handshaker/proxy_mapper.h +4 -4
  194. data/src/core/handshaker/proxy_mapper_registry.cc +5 -6
  195. data/src/core/handshaker/proxy_mapper_registry.h +4 -4
  196. data/src/core/handshaker/security/secure_endpoint.cc +2 -2
  197. data/src/core/handshaker/security/security_handshaker.cc +3 -5
  198. data/src/core/handshaker/tcp_connect/tcp_connect_handshaker.cc +6 -4
  199. data/src/core/lib/channel/channel_args.cc +13 -13
  200. data/src/core/lib/channel/channel_args.h +8 -8
  201. data/src/core/lib/channel/connected_channel.cc +1 -1
  202. data/src/core/lib/channel/promise_based_filter.cc +9 -9
  203. data/src/core/lib/channel/promise_based_filter.h +84 -159
  204. data/src/core/lib/compression/compression.cc +3 -2
  205. data/src/core/lib/compression/compression_internal.cc +9 -9
  206. data/src/core/lib/compression/compression_internal.h +3 -3
  207. data/src/core/lib/debug/trace_flags.cc +5 -2
  208. data/src/core/lib/debug/trace_flags.h +2 -1
  209. data/src/core/lib/event_engine/ares_resolver.cc +9 -11
  210. data/src/core/lib/event_engine/ares_resolver.h +6 -10
  211. data/src/core/lib/event_engine/cf_engine/cf_engine.cc +2 -4
  212. data/src/core/lib/event_engine/cf_engine/cf_engine.h +2 -4
  213. data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.cc +6 -7
  214. data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.h +2 -4
  215. data/src/core/lib/event_engine/cf_engine/cftype_unique_ref.h +2 -4
  216. data/src/core/lib/event_engine/cf_engine/dns_service_resolver.cc +3 -7
  217. data/src/core/lib/event_engine/cf_engine/dns_service_resolver.h +2 -4
  218. data/src/core/lib/event_engine/channel_args_endpoint_config.cc +5 -7
  219. data/src/core/lib/event_engine/channel_args_endpoint_config.h +6 -7
  220. data/src/core/lib/event_engine/common_closures.h +2 -4
  221. data/src/core/lib/event_engine/default_event_engine.cc +62 -33
  222. data/src/core/lib/event_engine/default_event_engine.h +24 -33
  223. data/src/core/lib/event_engine/default_event_engine_factory.cc +6 -12
  224. data/src/core/lib/event_engine/default_event_engine_factory.h +2 -4
  225. data/src/core/lib/event_engine/event_engine.cc +2 -4
  226. data/src/core/lib/event_engine/extensions/can_track_errors.h +2 -4
  227. data/src/core/lib/event_engine/extensions/chaotic_good_extension.h +2 -4
  228. data/src/core/lib/event_engine/extensions/supports_fd.h +2 -4
  229. data/src/core/lib/event_engine/extensions/tcp_trace.h +2 -4
  230. data/src/core/lib/event_engine/forkable.cc +2 -4
  231. data/src/core/lib/event_engine/forkable.h +2 -4
  232. data/src/core/lib/event_engine/grpc_polled_fd.h +2 -4
  233. data/src/core/lib/event_engine/handle_containers.h +2 -4
  234. data/src/core/lib/event_engine/memory_allocator_factory.h +2 -4
  235. data/src/core/lib/event_engine/poller.h +2 -4
  236. data/src/core/lib/event_engine/posix.h +2 -4
  237. data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.cc +4 -50
  238. data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.h +2 -4
  239. data/src/core/lib/event_engine/posix_engine/ev_poll_posix.cc +4 -51
  240. data/src/core/lib/event_engine/posix_engine/ev_poll_posix.h +2 -4
  241. data/src/core/lib/event_engine/posix_engine/event_poller.h +2 -4
  242. data/src/core/lib/event_engine/posix_engine/event_poller_posix_default.cc +2 -4
  243. data/src/core/lib/event_engine/posix_engine/event_poller_posix_default.h +2 -4
  244. data/src/core/lib/event_engine/posix_engine/grpc_polled_fd_posix.h +2 -4
  245. data/src/core/lib/event_engine/posix_engine/internal_errqueue.cc +2 -4
  246. data/src/core/lib/event_engine/posix_engine/internal_errqueue.h +2 -4
  247. data/src/core/lib/event_engine/posix_engine/lockfree_event.cc +2 -4
  248. data/src/core/lib/event_engine/posix_engine/lockfree_event.h +2 -4
  249. data/src/core/lib/event_engine/posix_engine/native_posix_dns_resolver.cc +2 -4
  250. data/src/core/lib/event_engine/posix_engine/native_posix_dns_resolver.h +2 -4
  251. data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +20 -10
  252. data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +2 -4
  253. data/src/core/lib/event_engine/posix_engine/posix_engine.cc +9 -6
  254. data/src/core/lib/event_engine/posix_engine/posix_engine.h +2 -6
  255. data/src/core/lib/event_engine/posix_engine/posix_engine_closure.h +2 -4
  256. data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +3 -5
  257. data/src/core/lib/event_engine/posix_engine/posix_engine_listener.h +2 -4
  258. data/src/core/lib/event_engine/posix_engine/posix_engine_listener_utils.cc +2 -4
  259. data/src/core/lib/event_engine/posix_engine/posix_engine_listener_utils.h +2 -4
  260. data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +5 -6
  261. data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +2 -4
  262. data/src/core/lib/event_engine/posix_engine/timer.cc +4 -6
  263. data/src/core/lib/event_engine/posix_engine/timer.h +4 -6
  264. data/src/core/lib/event_engine/posix_engine/timer_heap.cc +2 -4
  265. data/src/core/lib/event_engine/posix_engine/timer_heap.h +2 -4
  266. data/src/core/lib/event_engine/posix_engine/timer_manager.cc +5 -7
  267. data/src/core/lib/event_engine/posix_engine/timer_manager.h +4 -6
  268. data/src/core/lib/event_engine/posix_engine/traced_buffer_list.cc +4 -8
  269. data/src/core/lib/event_engine/posix_engine/traced_buffer_list.h +24 -25
  270. data/src/core/lib/event_engine/posix_engine/wakeup_fd_eventfd.cc +2 -4
  271. data/src/core/lib/event_engine/posix_engine/wakeup_fd_eventfd.h +2 -4
  272. data/src/core/lib/event_engine/posix_engine/wakeup_fd_pipe.cc +2 -4
  273. data/src/core/lib/event_engine/posix_engine/wakeup_fd_pipe.h +2 -4
  274. data/src/core/lib/event_engine/posix_engine/wakeup_fd_posix.h +2 -4
  275. data/src/core/lib/event_engine/posix_engine/wakeup_fd_posix_default.cc +2 -4
  276. data/src/core/lib/event_engine/posix_engine/wakeup_fd_posix_default.h +2 -4
  277. data/src/core/lib/event_engine/query_extensions.h +2 -4
  278. data/src/core/lib/event_engine/ref_counted_dns_resolver_interface.h +2 -4
  279. data/src/core/lib/event_engine/resolved_address.cc +2 -4
  280. data/src/core/lib/event_engine/resolved_address_internal.h +2 -4
  281. data/src/core/lib/event_engine/shim.cc +2 -4
  282. data/src/core/lib/event_engine/shim.h +2 -4
  283. data/src/core/lib/event_engine/slice.cc +2 -4
  284. data/src/core/lib/event_engine/slice_buffer.cc +2 -4
  285. data/src/core/lib/event_engine/tcp_socket_utils.cc +6 -8
  286. data/src/core/lib/event_engine/tcp_socket_utils.h +5 -7
  287. data/src/core/lib/event_engine/thread_local.cc +2 -4
  288. data/src/core/lib/event_engine/thread_local.h +2 -4
  289. data/src/core/lib/event_engine/thread_pool/thread_count.cc +2 -4
  290. data/src/core/lib/event_engine/thread_pool/thread_count.h +4 -18
  291. data/src/core/lib/event_engine/thread_pool/thread_pool.h +2 -4
  292. data/src/core/lib/event_engine/thread_pool/thread_pool_factory.cc +2 -4
  293. data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.cc +3 -5
  294. data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.h +2 -4
  295. data/src/core/lib/event_engine/thready_event_engine/thready_event_engine.cc +2 -4
  296. data/src/core/lib/event_engine/thready_event_engine/thready_event_engine.h +2 -4
  297. data/src/core/lib/event_engine/time_util.cc +2 -4
  298. data/src/core/lib/event_engine/time_util.h +2 -4
  299. data/src/core/lib/event_engine/utils.cc +2 -4
  300. data/src/core/lib/event_engine/utils.h +2 -4
  301. data/src/core/lib/event_engine/windows/grpc_polled_fd_windows.cc +2 -4
  302. data/src/core/lib/event_engine/windows/grpc_polled_fd_windows.h +2 -4
  303. data/src/core/lib/event_engine/windows/iocp.cc +2 -4
  304. data/src/core/lib/event_engine/windows/iocp.h +2 -4
  305. data/src/core/lib/event_engine/windows/native_windows_dns_resolver.cc +2 -4
  306. data/src/core/lib/event_engine/windows/native_windows_dns_resolver.h +2 -4
  307. data/src/core/lib/event_engine/windows/win_socket.cc +2 -4
  308. data/src/core/lib/event_engine/windows/win_socket.h +2 -4
  309. data/src/core/lib/event_engine/windows/windows_endpoint.cc +2 -4
  310. data/src/core/lib/event_engine/windows/windows_endpoint.h +4 -6
  311. data/src/core/lib/event_engine/windows/windows_engine.cc +3 -4
  312. data/src/core/lib/event_engine/windows/windows_engine.h +2 -4
  313. data/src/core/lib/event_engine/windows/windows_listener.cc +2 -4
  314. data/src/core/lib/event_engine/windows/windows_listener.h +2 -4
  315. data/src/core/lib/event_engine/work_queue/basic_work_queue.cc +2 -4
  316. data/src/core/lib/event_engine/work_queue/basic_work_queue.h +2 -4
  317. data/src/core/lib/event_engine/work_queue/work_queue.h +2 -4
  318. data/src/core/lib/experiments/experiments.cc +147 -207
  319. data/src/core/lib/experiments/experiments.h +79 -96
  320. data/src/core/lib/iomgr/buffer_list.h +22 -21
  321. data/src/core/lib/iomgr/cfstream_handle.cc +0 -2
  322. data/src/core/lib/iomgr/closure.h +1 -4
  323. data/src/core/lib/iomgr/combiner.cc +0 -1
  324. data/src/core/lib/iomgr/error.cc +2 -2
  325. data/src/core/lib/iomgr/event_engine_shims/closure.cc +0 -1
  326. data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +1 -3
  327. data/src/core/lib/iomgr/event_engine_shims/tcp_client.cc +0 -1
  328. data/src/core/lib/iomgr/exec_ctx.cc +1 -7
  329. data/src/core/lib/iomgr/exec_ctx.h +1 -132
  330. data/src/core/lib/iomgr/executor.cc +0 -11
  331. data/src/core/lib/iomgr/resolve_address_posix.cc +0 -2
  332. data/src/core/lib/iomgr/resolve_address_windows.cc +0 -2
  333. data/src/core/lib/iomgr/socket_utils_posix.cc +3 -2
  334. data/src/core/lib/iomgr/tcp_posix.cc +3 -2
  335. data/src/core/lib/iomgr/tcp_server_posix.cc +1 -3
  336. data/src/core/lib/iomgr/tcp_server_windows.cc +0 -1
  337. data/src/core/lib/iomgr/timer_manager.cc +1 -9
  338. data/src/core/lib/promise/activity.cc +2 -0
  339. data/src/core/lib/promise/activity.h +33 -12
  340. data/src/core/lib/promise/detail/join_state.h +16 -68
  341. data/src/core/lib/promise/detail/promise_factory.h +85 -25
  342. data/src/core/lib/promise/detail/promise_like.h +16 -19
  343. data/src/core/lib/promise/detail/seq_state.h +102 -315
  344. data/src/core/lib/promise/for_each.h +14 -5
  345. data/src/core/lib/promise/if.h +48 -20
  346. data/src/core/lib/promise/interceptor_list.h +9 -9
  347. data/src/core/lib/promise/latch.h +14 -6
  348. data/src/core/lib/promise/loop.h +58 -18
  349. data/src/core/lib/promise/map.h +145 -49
  350. data/src/core/lib/promise/party.cc +84 -15
  351. data/src/core/lib/promise/party.h +229 -32
  352. data/src/core/lib/promise/pipe.h +12 -12
  353. data/src/core/lib/promise/poll.h +8 -5
  354. data/src/core/lib/promise/prioritized_race.h +16 -22
  355. data/src/core/lib/promise/promise.h +2 -3
  356. data/src/core/lib/promise/race.h +4 -12
  357. data/src/core/lib/promise/seq.h +41 -6
  358. data/src/core/lib/promise/sleep.cc +3 -3
  359. data/src/core/lib/promise/sleep.h +15 -1
  360. data/src/core/lib/promise/status_flag.h +19 -3
  361. data/src/core/lib/promise/try_join.h +119 -5
  362. data/src/core/lib/promise/try_seq.h +39 -12
  363. data/src/core/lib/resource_quota/arena.h +87 -0
  364. data/src/core/lib/resource_quota/connection_quota.h +4 -0
  365. data/src/core/lib/resource_quota/memory_quota.cc +53 -49
  366. data/src/core/lib/resource_quota/memory_quota.h +4 -4
  367. data/src/core/lib/security/authorization/evaluate_args.cc +3 -3
  368. data/src/core/lib/security/authorization/evaluate_args.h +3 -3
  369. data/src/core/lib/security/authorization/grpc_server_authz_filter.cc +0 -7
  370. data/src/core/lib/security/authorization/grpc_server_authz_filter.h +6 -6
  371. data/src/core/lib/security/authorization/matchers.h +3 -3
  372. data/src/core/lib/security/authorization/rbac_policy.cc +1 -1
  373. data/src/core/lib/security/authorization/rbac_policy.h +3 -3
  374. data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +1 -2
  375. data/src/core/lib/security/credentials/external/external_account_credentials.cc +1 -3
  376. data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +0 -1
  377. data/src/core/lib/security/credentials/google_default/credentials_generic.cc +1 -1
  378. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +2 -2
  379. data/src/core/lib/security/credentials/iam/iam_credentials.cc +1 -1
  380. data/src/core/lib/security/credentials/iam/iam_credentials.h +2 -2
  381. data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +1 -2
  382. data/src/core/lib/security/credentials/jwt/jwt_credentials.h +2 -2
  383. data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +0 -1
  384. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +4 -4
  385. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +3 -3
  386. data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +0 -1
  387. data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +2 -2
  388. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +12 -13
  389. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +14 -14
  390. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +23 -15
  391. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +3 -3
  392. data/src/core/lib/security/credentials/tls/grpc_tls_crl_provider.cc +0 -1
  393. data/src/core/lib/security/credentials/tls/grpc_tls_crl_provider.h +1 -2
  394. data/src/core/lib/security/credentials/tls/tls_credentials.cc +2 -2
  395. data/src/core/lib/security/credentials/token_fetcher/token_fetcher_credentials.cc +4 -5
  396. data/src/core/lib/security/credentials/token_fetcher/token_fetcher_credentials.h +4 -4
  397. data/src/core/lib/security/credentials/xds/xds_credentials.cc +2 -1
  398. data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +1 -1
  399. data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +3 -3
  400. data/src/core/lib/security/security_connector/local/local_security_connector.cc +1 -1
  401. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +9 -9
  402. data/src/core/lib/security/security_connector/tls/tls_security_connector.h +13 -13
  403. data/src/core/lib/security/transport/auth_filters.h +95 -7
  404. data/src/core/lib/security/transport/client_auth_filter.cc +96 -6
  405. data/src/core/lib/security/transport/server_auth_filter.cc +0 -8
  406. data/src/core/lib/slice/slice_buffer.cc +2 -2
  407. data/src/core/lib/slice/slice_buffer.h +2 -2
  408. data/src/core/lib/surface/call.cc +0 -4
  409. data/src/core/lib/surface/call.h +4 -3
  410. data/src/core/lib/surface/call_utils.cc +2 -2
  411. data/src/core/lib/surface/call_utils.h +10 -4
  412. data/src/core/lib/surface/channel.cc +6 -14
  413. data/src/core/lib/surface/channel.h +3 -3
  414. data/src/core/lib/surface/channel_init.cc +1 -1
  415. data/src/core/lib/surface/client_call.cc +56 -41
  416. data/src/core/lib/surface/client_call.h +7 -2
  417. data/src/core/lib/surface/completion_queue.cc +10 -49
  418. data/src/core/lib/surface/event_string.cc +7 -1
  419. data/src/core/lib/surface/filter_stack_call.cc +2 -4
  420. data/src/core/lib/surface/filter_stack_call.h +1 -1
  421. data/src/core/lib/surface/init.cc +17 -12
  422. data/src/core/lib/surface/init_internally.h +13 -2
  423. data/src/core/lib/surface/legacy_channel.cc +10 -8
  424. data/src/core/lib/surface/legacy_channel.h +2 -2
  425. data/src/core/lib/surface/server_call.cc +116 -84
  426. data/src/core/lib/surface/server_call.h +2 -0
  427. data/src/core/lib/surface/version.cc +2 -2
  428. data/src/core/lib/transport/call_filters.cc +10 -4
  429. data/src/core/lib/transport/call_filters.h +108 -59
  430. data/src/core/lib/transport/call_spine.cc +12 -49
  431. data/src/core/lib/transport/call_spine.h +174 -7
  432. data/src/core/lib/transport/call_state.h +140 -47
  433. data/src/core/lib/transport/connectivity_state.cc +8 -9
  434. data/src/core/lib/transport/connectivity_state.h +2 -4
  435. data/src/core/lib/transport/http2_errors.h +5 -3
  436. data/src/core/lib/transport/interception_chain.cc +8 -0
  437. data/src/core/lib/transport/interception_chain.h +36 -7
  438. data/src/core/lib/transport/metadata.h +88 -0
  439. data/src/core/lib/transport/metadata_batch.cc +2 -2
  440. data/src/core/lib/transport/metadata_batch.h +79 -18
  441. data/src/core/lib/transport/timeout_encoding.cc +15 -15
  442. data/src/core/lib/transport/timeout_encoding.h +3 -2
  443. data/src/core/lib/transport/transport.cc +0 -1
  444. data/src/core/lib/transport/transport.h +12 -7
  445. data/src/core/load_balancing/backend_metric_parser.cc +21 -28
  446. data/src/core/load_balancing/endpoint_list.cc +11 -1
  447. data/src/core/load_balancing/endpoint_list.h +20 -13
  448. data/src/core/load_balancing/grpclb/client_load_reporting_filter.cc +1 -6
  449. data/src/core/load_balancing/grpclb/client_load_reporting_filter.h +4 -4
  450. data/src/core/load_balancing/grpclb/grpclb.cc +21 -38
  451. data/src/core/load_balancing/health_check_client.cc +16 -48
  452. data/src/core/load_balancing/health_check_client_internal.h +7 -7
  453. data/src/core/load_balancing/lb_policy.cc +4 -6
  454. data/src/core/load_balancing/lb_policy.h +4 -12
  455. data/src/core/load_balancing/lb_policy_registry.cc +10 -8
  456. data/src/core/load_balancing/outlier_detection/outlier_detection.cc +57 -68
  457. data/src/core/load_balancing/outlier_detection/outlier_detection.h +4 -3
  458. data/src/core/load_balancing/pick_first/pick_first.cc +110 -77
  459. data/src/core/load_balancing/priority/priority.cc +8 -13
  460. data/src/core/load_balancing/ring_hash/ring_hash.cc +210 -158
  461. data/src/core/load_balancing/ring_hash/ring_hash.h +4 -11
  462. data/src/core/load_balancing/rls/rls.cc +105 -194
  463. data/src/core/load_balancing/rls/rls.h +97 -1
  464. data/src/core/load_balancing/round_robin/round_robin.cc +14 -19
  465. data/src/core/load_balancing/weighted_round_robin/static_stride_scheduler.cc +4 -4
  466. data/src/core/load_balancing/weighted_round_robin/static_stride_scheduler.h +2 -2
  467. data/src/core/load_balancing/weighted_round_robin/weighted_round_robin.cc +20 -29
  468. data/src/core/load_balancing/weighted_target/weighted_target.cc +7 -15
  469. data/src/core/load_balancing/xds/cds.cc +11 -15
  470. data/src/core/load_balancing/xds/xds_cluster_impl.cc +15 -18
  471. data/src/core/load_balancing/xds/xds_cluster_manager.cc +10 -18
  472. data/src/core/load_balancing/xds/xds_override_host.cc +45 -92
  473. data/src/core/load_balancing/xds/xds_wrr_locality.cc +10 -12
  474. data/src/core/resolver/dns/c_ares/dns_resolver_ares.cc +11 -11
  475. data/src/core/resolver/dns/event_engine/event_engine_client_channel_resolver.cc +10 -15
  476. data/src/core/resolver/dns/native/dns_resolver.cc +1 -1
  477. data/src/core/resolver/fake/fake_resolver.cc +10 -11
  478. data/src/core/resolver/fake/fake_resolver.h +2 -2
  479. data/src/core/resolver/google_c2p/google_c2p_resolver.cc +9 -12
  480. data/src/core/resolver/polling_resolver.cc +2 -5
  481. data/src/core/resolver/polling_resolver.h +3 -3
  482. data/src/core/resolver/resolver_registry.cc +4 -3
  483. data/src/core/resolver/xds/xds_config.cc +6 -6
  484. data/src/core/resolver/xds/xds_config.h +2 -2
  485. data/src/core/resolver/xds/xds_dependency_manager.cc +190 -183
  486. data/src/core/resolver/xds/xds_dependency_manager.h +28 -18
  487. data/src/core/resolver/xds/xds_resolver.cc +81 -122
  488. data/src/core/server/server.cc +353 -95
  489. data/src/core/server/server.h +214 -65
  490. data/src/core/server/server_call_tracer_filter.cc +3 -7
  491. data/src/core/server/server_config_selector_filter.cc +8 -15
  492. data/src/core/server/xds_server_config_fetcher.cc +93 -159
  493. data/src/core/service_config/service_config_channel_arg_filter.cc +7 -19
  494. data/src/core/service_config/service_config_impl.cc +3 -3
  495. data/src/core/telemetry/call_tracer.cc +8 -8
  496. data/src/core/telemetry/call_tracer.h +6 -5
  497. data/src/core/telemetry/metrics.cc +3 -3
  498. data/src/core/telemetry/metrics.h +2 -8
  499. data/src/core/telemetry/tcp_tracer.h +32 -32
  500. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +3 -3
  501. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +14 -14
  502. data/src/core/tsi/fake_transport_security.cc +5 -0
  503. data/src/core/util/backoff.cc +15 -4
  504. data/src/core/util/dump_args.h +1 -9
  505. data/src/core/util/env.h +3 -4
  506. data/src/core/util/examine_stack.cc +2 -2
  507. data/src/core/util/examine_stack.h +3 -4
  508. data/src/core/util/gpr_time.cc +0 -2
  509. data/src/core/util/http_client/httpcli.cc +69 -22
  510. data/src/core/util/http_client/httpcli.h +18 -8
  511. data/src/core/util/http_client/httpcli_security_connector.cc +2 -2
  512. data/src/core/util/json/json_channel_args.h +2 -1
  513. data/src/core/util/json/json_object_loader.cc +4 -4
  514. data/src/core/util/json/json_object_loader.h +12 -12
  515. data/src/core/util/json/json_reader.cc +4 -4
  516. data/src/core/util/json/json_writer.cc +3 -3
  517. data/src/core/util/latent_see.cc +3 -3
  518. data/src/core/util/latent_see.h +2 -2
  519. data/src/core/util/linux/env.cc +3 -4
  520. data/src/core/util/lru_cache.h +4 -4
  521. data/src/core/util/match.h +7 -7
  522. data/src/core/util/matchers.cc +1 -2
  523. data/src/core/util/matchers.h +7 -12
  524. data/src/core/util/posix/env.cc +2 -2
  525. data/src/core/util/posix/sync.cc +0 -1
  526. data/src/core/util/posix/time.cc +0 -1
  527. data/src/core/util/ref_counted.h +1 -0
  528. data/src/core/util/ref_counted_ptr.h +1 -1
  529. data/src/core/util/ring_buffer.h +4 -5
  530. data/src/core/util/status_helper.cc +16 -20
  531. data/src/core/util/status_helper.h +5 -5
  532. data/src/core/util/sync_abseil.cc +0 -1
  533. data/src/core/util/table.h +6 -21
  534. data/src/core/util/time.cc +1 -1
  535. data/src/core/util/time.h +3 -3
  536. data/src/core/util/time_precise.cc +0 -1
  537. data/src/core/util/type_list.h +56 -0
  538. data/src/core/util/uri.cc +6 -4
  539. data/src/core/util/uri.h +7 -0
  540. data/src/core/util/useful.h +13 -15
  541. data/src/core/util/validation_errors.cc +5 -5
  542. data/src/core/util/wait_for_single_owner.h +62 -0
  543. data/src/core/util/windows/env.cc +3 -3
  544. data/src/core/util/windows/sync.cc +0 -1
  545. data/src/core/util/windows/time.cc +0 -1
  546. data/src/core/util/work_serializer.cc +27 -267
  547. data/src/core/util/work_serializer.h +3 -27
  548. data/src/core/xds/grpc/certificate_provider_store.cc +12 -17
  549. data/src/core/xds/grpc/file_watcher_certificate_provider_factory.cc +2 -2
  550. data/src/core/xds/grpc/xds_audit_logger_registry.cc +1 -1
  551. data/src/core/xds/grpc/xds_bootstrap_grpc.cc +11 -14
  552. data/src/core/xds/grpc/xds_bootstrap_grpc.h +2 -2
  553. data/src/core/xds/grpc/xds_certificate_provider.cc +15 -15
  554. data/src/core/xds/grpc/xds_client_grpc.cc +7 -8
  555. data/src/core/xds/grpc/xds_cluster.h +4 -4
  556. data/src/core/xds/grpc/xds_cluster_parser.cc +26 -26
  557. data/src/core/xds/grpc/xds_cluster_specifier_plugin.cc +4 -4
  558. data/src/core/xds/grpc/xds_common_types.cc +2 -2
  559. data/src/core/xds/grpc/xds_common_types.h +4 -4
  560. data/src/core/xds/grpc/xds_common_types_parser.cc +29 -31
  561. data/src/core/xds/grpc/xds_common_types_parser.h +8 -7
  562. data/src/core/xds/grpc/xds_endpoint.cc +3 -4
  563. data/src/core/xds/grpc/xds_endpoint_parser.cc +68 -37
  564. data/src/core/xds/grpc/xds_health_status.cc +4 -4
  565. data/src/core/xds/grpc/xds_health_status.h +4 -3
  566. data/src/core/xds/grpc/xds_http_fault_filter.cc +18 -20
  567. data/src/core/xds/grpc/xds_http_fault_filter.h +4 -3
  568. data/src/core/xds/grpc/xds_http_filter.h +3 -3
  569. data/src/core/xds/grpc/xds_http_filter_registry.cc +7 -7
  570. data/src/core/xds/grpc/xds_http_filter_registry.h +3 -3
  571. data/src/core/xds/grpc/xds_http_gcp_authn_filter.cc +7 -7
  572. data/src/core/xds/grpc/xds_http_gcp_authn_filter.h +4 -3
  573. data/src/core/xds/grpc/xds_http_rbac_filter.cc +30 -23
  574. data/src/core/xds/grpc/xds_http_rbac_filter.h +4 -3
  575. data/src/core/xds/grpc/xds_http_stateful_session_filter.cc +10 -10
  576. data/src/core/xds/grpc/xds_http_stateful_session_filter.h +4 -3
  577. data/src/core/xds/grpc/xds_lb_policy_registry.cc +4 -4
  578. data/src/core/xds/grpc/xds_listener.cc +4 -6
  579. data/src/core/xds/grpc/xds_listener.h +10 -10
  580. data/src/core/xds/grpc/xds_listener_parser.cc +58 -51
  581. data/src/core/xds/grpc/xds_listener_parser.h +2 -1
  582. data/src/core/xds/grpc/xds_metadata.cc +5 -5
  583. data/src/core/xds/grpc/xds_metadata.h +8 -0
  584. data/src/core/xds/grpc/xds_metadata_parser.cc +65 -52
  585. data/src/core/xds/grpc/xds_route_config.cc +9 -15
  586. data/src/core/xds/grpc/xds_route_config.h +9 -9
  587. data/src/core/xds/grpc/xds_route_config_parser.cc +114 -116
  588. data/src/core/xds/grpc/xds_route_config_parser.h +4 -4
  589. data/src/core/xds/grpc/xds_routing.cc +6 -6
  590. data/src/core/xds/grpc/xds_routing.h +5 -5
  591. data/src/core/xds/grpc/xds_server_grpc.cc +22 -1
  592. data/src/core/xds/grpc/xds_server_grpc.h +5 -2
  593. data/src/core/xds/grpc/xds_server_grpc_interface.h +33 -0
  594. data/src/core/xds/grpc/xds_transport_grpc.cc +5 -6
  595. data/src/core/xds/xds_client/lrs_client.cc +71 -83
  596. data/src/core/xds/xds_client/lrs_client.h +8 -8
  597. data/src/core/xds/xds_client/xds_api.cc +5 -228
  598. data/src/core/xds/xds_client/xds_api.h +1 -133
  599. data/src/core/xds/xds_client/xds_bootstrap.cc +11 -1
  600. data/src/core/xds/xds_client/xds_bootstrap.h +7 -0
  601. data/src/core/xds/xds_client/xds_client.cc +1030 -704
  602. data/src/core/xds/xds_client/xds_client.h +135 -29
  603. data/src/core/xds/xds_client/xds_resource_type.h +2 -3
  604. data/src/core/xds/xds_client/xds_resource_type_impl.h +13 -8
  605. data/src/ruby/ext/grpc/extconf.rb +1 -0
  606. data/src/ruby/lib/grpc/version.rb +1 -1
  607. data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_bitstr.c → a_bitstr.cc} +16 -57
  608. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.cc +53 -0
  609. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_d2i_fp.cc +47 -0
  610. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_dup.cc +42 -0
  611. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.cc +109 -0
  612. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_i2d_fp.cc +43 -0
  613. data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_int.c → a_int.cc} +15 -56
  614. data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_mbstr.c → a_mbstr.cc} +22 -62
  615. data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_object.c → a_object.cc} +14 -56
  616. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.cc +32 -0
  617. data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_strex.c → a_strex.cc} +13 -55
  618. data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_strnid.c → a_strnid.cc} +20 -59
  619. data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_time.c → a_time.cc} +41 -76
  620. data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_type.c → a_type.cc} +17 -59
  621. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.cc +109 -0
  622. data/third_party/boringssl-with-bazel/src/crypto/asn1/{asn1_lib.c → asn1_lib.cc} +17 -59
  623. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_par.cc +61 -0
  624. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.cc +56 -0
  625. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.cc +63 -0
  626. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.cc +52 -0
  627. data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +13 -57
  628. data/third_party/boringssl-with-bazel/src/crypto/asn1/{posix_time.c → posix_time.cc} +14 -14
  629. data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_dec.c → tasn_dec.cc} +17 -58
  630. data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_enc.c → tasn_enc.cc} +22 -61
  631. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.cc +164 -0
  632. data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_new.c → tasn_new.cc} +20 -61
  633. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.cc +84 -0
  634. data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_utl.c → tasn_utl.cc} +26 -65
  635. data/third_party/boringssl-with-bazel/src/crypto/base64/{base64.c → base64.cc} +22 -67
  636. data/third_party/boringssl-with-bazel/src/crypto/bcm_support.h +19 -13
  637. data/third_party/boringssl-with-bazel/src/crypto/bio/{bio.c → bio.cc} +45 -113
  638. data/third_party/boringssl-with-bazel/src/crypto/bio/{bio_mem.c → bio_mem.cc} +21 -62
  639. data/third_party/boringssl-with-bazel/src/crypto/bio/{connect.c → connect.cc} +40 -73
  640. data/third_party/boringssl-with-bazel/src/crypto/bio/errno.cc +50 -0
  641. data/third_party/boringssl-with-bazel/src/crypto/bio/{fd.c → fd.cc} +14 -56
  642. data/third_party/boringssl-with-bazel/src/crypto/bio/{file.c → file.cc} +17 -59
  643. data/third_party/boringssl-with-bazel/src/crypto/bio/hexdump.cc +152 -0
  644. data/third_party/boringssl-with-bazel/src/crypto/bio/internal.h +13 -55
  645. data/third_party/boringssl-with-bazel/src/crypto/bio/{pair.c → pair.cc} +37 -71
  646. data/third_party/boringssl-with-bazel/src/crypto/bio/printf.cc +59 -0
  647. data/third_party/boringssl-with-bazel/src/crypto/bio/socket.cc +147 -0
  648. data/third_party/boringssl-with-bazel/src/crypto/bio/{socket_helper.c → socket_helper.cc} +13 -13
  649. data/third_party/boringssl-with-bazel/src/crypto/blake2/{blake2.c → blake2.cc} +14 -14
  650. data/third_party/boringssl-with-bazel/src/crypto/{bn_extra/bn_asn1.c → bn/bn_asn1.cc} +13 -13
  651. data/third_party/boringssl-with-bazel/src/crypto/{bn_extra/convert.c → bn/convert.cc} +34 -76
  652. data/third_party/boringssl-with-bazel/src/crypto/buf/buf.cc +118 -0
  653. data/third_party/boringssl-with-bazel/src/crypto/bytestring/asn1_compat.cc +53 -0
  654. data/third_party/boringssl-with-bazel/src/crypto/bytestring/{ber.c → ber.cc} +13 -13
  655. data/third_party/boringssl-with-bazel/src/crypto/bytestring/{cbb.c → cbb.cc} +45 -61
  656. data/third_party/boringssl-with-bazel/src/crypto/bytestring/{cbs.c → cbs.cc} +42 -41
  657. data/third_party/boringssl-with-bazel/src/crypto/bytestring/internal.h +13 -13
  658. data/third_party/boringssl-with-bazel/src/crypto/bytestring/{unicode.c → unicode.cc} +13 -13
  659. data/third_party/boringssl-with-bazel/src/crypto/chacha/{chacha.c → chacha.cc} +13 -13
  660. data/third_party/boringssl-with-bazel/src/crypto/chacha/internal.h +18 -18
  661. data/third_party/boringssl-with-bazel/src/crypto/cipher/derive_key.cc +110 -0
  662. data/third_party/boringssl-with-bazel/src/crypto/{cipher_extra/e_aesctrhmac.c → cipher/e_aesctrhmac.cc} +18 -23
  663. data/third_party/boringssl-with-bazel/src/crypto/{cipher_extra/e_aesgcmsiv.c → cipher/e_aesgcmsiv.cc} +42 -38
  664. data/third_party/boringssl-with-bazel/src/crypto/{cipher_extra/e_chacha20poly1305.c → cipher/e_chacha20poly1305.cc} +13 -20
  665. data/third_party/boringssl-with-bazel/src/crypto/cipher/e_des.cc +198 -0
  666. data/third_party/boringssl-with-bazel/src/crypto/cipher/e_null.cc +51 -0
  667. data/third_party/boringssl-with-bazel/src/crypto/{cipher_extra/e_rc2.c → cipher/e_rc2.cc} +50 -88
  668. data/third_party/boringssl-with-bazel/src/crypto/cipher/e_rc4.cc +54 -0
  669. data/third_party/boringssl-with-bazel/src/crypto/{cipher_extra/e_tls.c → cipher/e_tls.cc} +14 -13
  670. data/third_party/boringssl-with-bazel/src/crypto/cipher/get_cipher.cc +85 -0
  671. data/third_party/boringssl-with-bazel/src/crypto/{cipher_extra → cipher}/internal.h +29 -69
  672. data/third_party/boringssl-with-bazel/src/crypto/{cipher_extra/tls_cbc.c → cipher/tls_cbc.cc} +13 -51
  673. data/third_party/boringssl-with-bazel/src/crypto/conf/{conf.c → conf.cc} +31 -72
  674. data/third_party/boringssl-with-bazel/src/crypto/conf/internal.h +13 -13
  675. data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_apple.c → cpu_aarch64_apple.cc} +14 -14
  676. data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_fuchsia.c → cpu_aarch64_fuchsia.cc} +14 -14
  677. data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_linux.c → cpu_aarch64_linux.cc} +14 -14
  678. data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_openbsd.c → cpu_aarch64_openbsd.cc} +17 -17
  679. data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_sysreg.c → cpu_aarch64_sysreg.cc} +15 -14
  680. data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_win.cc +41 -0
  681. data/third_party/boringssl-with-bazel/src/crypto/{cpu_arm_freebsd.c → cpu_arm_freebsd.cc} +15 -15
  682. data/third_party/boringssl-with-bazel/src/crypto/{cpu_arm_linux.c → cpu_arm_linux.cc} +17 -17
  683. data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_linux.h +13 -13
  684. data/third_party/boringssl-with-bazel/src/crypto/{cpu_intel.c → cpu_intel.cc} +60 -99
  685. data/third_party/boringssl-with-bazel/src/crypto/{crypto.c → crypto.cc} +18 -23
  686. data/third_party/boringssl-with-bazel/src/crypto/curve25519/{curve25519.c → curve25519.cc} +40 -43
  687. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519_64_adx.cc +18 -0
  688. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519_tables.h +13 -13
  689. data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h +13 -13
  690. data/third_party/boringssl-with-bazel/src/crypto/curve25519/{spake25519.c → spake25519.cc} +34 -28
  691. data/third_party/boringssl-with-bazel/src/crypto/des/{des.c → des.cc} +13 -55
  692. data/third_party/boringssl-with-bazel/src/crypto/des/internal.h +27 -69
  693. data/third_party/boringssl-with-bazel/src/crypto/dh/dh_asn1.cc +124 -0
  694. data/third_party/boringssl-with-bazel/src/crypto/{dh_extra/params.c → dh/params.cc} +13 -51
  695. data/third_party/boringssl-with-bazel/src/crypto/{digest_extra/digest_extra.c → digest/digest_extra.cc} +126 -86
  696. data/third_party/boringssl-with-bazel/src/crypto/dsa/{dsa.c → dsa.cc} +166 -212
  697. data/third_party/boringssl-with-bazel/src/crypto/dsa/{dsa_asn1.c → dsa_asn1.cc} +13 -53
  698. data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +13 -15
  699. data/third_party/boringssl-with-bazel/src/crypto/{ec_extra/ec_asn1.c → ec/ec_asn1.cc} +59 -61
  700. data/third_party/boringssl-with-bazel/src/crypto/{ec_extra/ec_derive.c → ec/ec_derive.cc} +13 -13
  701. data/third_party/boringssl-with-bazel/src/crypto/{ec_extra/hash_to_curve.c → ec/hash_to_curve.cc} +79 -77
  702. data/third_party/boringssl-with-bazel/src/crypto/{ec_extra → ec}/internal.h +13 -13
  703. data/third_party/boringssl-with-bazel/src/crypto/ecdh/ecdh.cc +73 -0
  704. data/third_party/boringssl-with-bazel/src/crypto/{ecdsa_extra/ecdsa_asn1.c → ecdsa/ecdsa_asn1.cc} +32 -86
  705. data/third_party/boringssl-with-bazel/src/crypto/engine/{engine.c → engine.cc} +24 -20
  706. data/third_party/boringssl-with-bazel/src/crypto/err/{err.c → err.cc} +41 -134
  707. data/third_party/boringssl-with-bazel/src/crypto/err/internal.h +13 -13
  708. data/third_party/boringssl-with-bazel/src/crypto/evp/{evp.c → evp.cc} +37 -88
  709. data/third_party/boringssl-with-bazel/src/crypto/evp/{evp_asn1.c → evp_asn1.cc} +122 -198
  710. data/third_party/boringssl-with-bazel/src/crypto/evp/{evp_ctx.c → evp_ctx.cc} +20 -63
  711. data/third_party/boringssl-with-bazel/src/crypto/evp/internal.h +13 -55
  712. data/third_party/boringssl-with-bazel/src/crypto/evp/{p_dh.c → p_dh.cc} +38 -22
  713. data/third_party/boringssl-with-bazel/src/crypto/evp/{p_dh_asn1.c → p_dh_asn1.cc} +51 -29
  714. data/third_party/boringssl-with-bazel/src/crypto/evp/{p_dsa_asn1.c → p_dsa_asn1.cc} +75 -134
  715. data/third_party/boringssl-with-bazel/src/crypto/evp/{p_ec.c → p_ec.cc} +31 -75
  716. data/third_party/boringssl-with-bazel/src/crypto/evp/{p_ec_asn1.c → p_ec_asn1.cc} +36 -82
  717. data/third_party/boringssl-with-bazel/src/crypto/evp/{p_ed25519.c → p_ed25519.cc} +34 -31
  718. data/third_party/boringssl-with-bazel/src/crypto/evp/{p_ed25519_asn1.c → p_ed25519_asn1.cc} +26 -25
  719. data/third_party/boringssl-with-bazel/src/crypto/evp/{p_hkdf.c → p_hkdf.cc} +30 -26
  720. data/third_party/boringssl-with-bazel/src/crypto/evp/{p_rsa.c → p_rsa.cc} +54 -91
  721. data/third_party/boringssl-with-bazel/src/crypto/evp/{p_rsa_asn1.c → p_rsa_asn1.cc} +26 -69
  722. data/third_party/boringssl-with-bazel/src/crypto/evp/{p_x25519.c → p_x25519.cc} +34 -31
  723. data/third_party/boringssl-with-bazel/src/crypto/evp/{p_x25519_asn1.c → p_x25519_asn1.cc} +30 -29
  724. data/third_party/boringssl-with-bazel/src/crypto/evp/pbkdf.cc +98 -0
  725. data/third_party/boringssl-with-bazel/src/crypto/evp/{print.c → print.cc} +17 -56
  726. data/third_party/boringssl-with-bazel/src/crypto/evp/{scrypt.c → scrypt.cc} +20 -13
  727. data/third_party/boringssl-with-bazel/src/crypto/evp/sign.cc +114 -0
  728. data/third_party/boringssl-with-bazel/src/crypto/ex_data.cc +141 -0
  729. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes.cc.inc +191 -0
  730. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{aes_nohw.c.inc → aes_nohw.cc.inc} +13 -13
  731. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/{modes/cbc.c.inc → aes/cbc.cc.inc} +13 -47
  732. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/{modes/cfb.c.inc → aes/cfb.cc.inc} +13 -47
  733. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/ctr.cc.inc +100 -0
  734. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/{modes/gcm.c.inc → aes/gcm.cc.inc} +175 -314
  735. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/{modes/gcm_nohw.c.inc → aes/gcm_nohw.cc.inc} +13 -13
  736. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +419 -70
  737. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{key_wrap.c.inc → key_wrap.cc.inc} +14 -48
  738. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.cc.inc +84 -0
  739. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/ofb.cc.inc +53 -0
  740. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/{modes/polyval.c.inc → aes/polyval.cc.inc} +14 -15
  741. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/{bcm.c → bcm.cc} +116 -113
  742. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm_interface.h +665 -25
  743. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{add.c.inc → add.cc.inc} +14 -55
  744. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/asm/{x86_64-gcc.c.inc → x86_64-gcc.cc.inc} +19 -6
  745. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{bn.c.inc → bn.cc.inc} +25 -79
  746. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{bytes.c.inc → bytes.cc.inc} +13 -55
  747. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{cmp.c.inc → cmp.cc.inc} +13 -55
  748. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{ctx.c.inc → ctx.cc.inc} +20 -63
  749. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{div.c.inc → div.cc.inc} +42 -93
  750. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{div_extra.c.inc → div_extra.cc.inc} +13 -13
  751. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{exponentiation.c.inc → exponentiation.cc.inc} +38 -131
  752. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{gcd.c.inc → gcd.cc.inc} +16 -113
  753. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{gcd_extra.c.inc → gcd_extra.cc.inc} +45 -37
  754. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{generic.c.inc → generic.cc.inc} +13 -55
  755. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +25 -134
  756. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/jacobi.cc.inc +108 -0
  757. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{montgomery.c.inc → montgomery.cc.inc} +24 -126
  758. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{montgomery_inv.c.inc → montgomery_inv.cc.inc} +13 -13
  759. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{mul.c.inc → mul.cc.inc} +24 -70
  760. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{prime.c.inc → prime.cc.inc} +44 -141
  761. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{random.c.inc → random.cc.inc} +13 -107
  762. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{rsaz_exp.c.inc → rsaz_exp.cc.inc} +18 -13
  763. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.h +20 -17
  764. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{shift.c.inc → shift.cc.inc} +16 -59
  765. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{sqrt.c.inc → sqrt.cc.inc} +13 -53
  766. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{aead.c.inc → aead.cc.inc} +30 -22
  767. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{cipher.c.inc → cipher.cc.inc} +20 -65
  768. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{e_aes.c.inc → e_aes.cc.inc} +113 -335
  769. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{e_aesccm.c.inc → e_aesccm.cc.inc} +21 -58
  770. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/internal.h +14 -65
  771. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cmac/{cmac.c.inc → cmac.cc.inc} +19 -53
  772. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/delocate.h +26 -22
  773. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/{check.c.inc → check.cc.inc} +13 -55
  774. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/{dh.c.inc → dh.cc.inc} +28 -74
  775. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/internal.h +13 -15
  776. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/{digest.c.inc → digest.cc.inc} +30 -68
  777. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.cc.inc +178 -0
  778. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/internal.h +13 -55
  779. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/md32_common.h +13 -47
  780. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digestsign/{digestsign.c.inc → digestsign.cc.inc} +14 -55
  781. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/builtin_curves.h +91 -91
  782. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec.c.inc → ec.cc.inc} +24 -81
  783. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec_key.c.inc → ec_key.cc.inc} +26 -86
  784. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec_montgomery.c.inc → ec_montgomery.cc.inc} +14 -66
  785. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{felem.c.inc → felem.cc.inc} +13 -13
  786. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +19 -66
  787. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{oct.c.inc → oct.cc.inc} +19 -72
  788. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p224-64.c.inc → p224-64.cc.inc} +13 -13
  789. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-nistz-table.h +15 -10
  790. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-nistz.c.inc → p256-nistz.cc.inc} +37 -30
  791. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-nistz.h +22 -17
  792. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256.c.inc → p256.cc.inc} +13 -13
  793. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +13 -13
  794. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{scalar.c.inc → scalar.cc.inc} +21 -15
  795. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{simple.c.inc → simple.cc.inc} +14 -66
  796. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{simple_mul.c.inc → simple_mul.cc.inc} +13 -13
  797. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{util.c.inc → util.cc.inc} +13 -13
  798. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{wnaf.c.inc → wnaf.cc.inc} +38 -81
  799. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.cc.inc +88 -0
  800. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/{ecdsa.c.inc → ecdsa.cc.inc} +19 -58
  801. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +13 -13
  802. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/fips_shared_support.cc +28 -0
  803. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hkdf/{hkdf.c.inc → hkdf.cc.inc} +13 -13
  804. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hmac/{hmac.c.inc → hmac.cc.inc} +16 -57
  805. data/third_party/boringssl-with-bazel/src/crypto/{keccak → fipsmodule/keccak}/internal.h +13 -13
  806. data/third_party/boringssl-with-bazel/src/crypto/{keccak/keccak.c → fipsmodule/keccak/keccak.cc.inc} +14 -14
  807. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/mldsa/mldsa.cc.inc +1993 -0
  808. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/mlkem/mlkem.cc.inc +1165 -0
  809. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/{ctrdrbg.c.inc → ctrdrbg.cc.inc} +22 -28
  810. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +18 -24
  811. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/{rand.c.inc → rand.cc.inc} +34 -30
  812. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.cc.inc +147 -0
  813. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +13 -56
  814. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{padding.c.inc → padding.cc.inc} +32 -73
  815. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{rsa.c.inc → rsa.cc.inc} +93 -148
  816. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{rsa_impl.c.inc → rsa_impl.cc.inc} +82 -137
  817. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/{fips.c.inc → fips.cc.inc} +26 -18
  818. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/{self_check.c.inc → self_check.cc.inc} +68 -64
  819. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/internal.h +34 -34
  820. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/{service_indicator.c.inc → service_indicator.cc.inc} +23 -24
  821. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +43 -57
  822. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha1.c.inc → sha1.cc.inc} +39 -88
  823. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha256.c.inc → sha256.cc.inc} +50 -110
  824. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha512.c.inc → sha512.cc.inc} +61 -131
  825. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/slhdsa/address.h +119 -0
  826. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/slhdsa/fors.cc.inc +169 -0
  827. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/slhdsa/fors.h +58 -0
  828. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/slhdsa/merkle.cc.inc +161 -0
  829. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/slhdsa/merkle.h +70 -0
  830. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/slhdsa/params.h +78 -0
  831. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/slhdsa/slhdsa.cc.inc +329 -0
  832. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/slhdsa/thash.cc.inc +173 -0
  833. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/slhdsa/thash.h +85 -0
  834. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/slhdsa/wots.cc.inc +171 -0
  835. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/slhdsa/wots.h +50 -0
  836. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/internal.h +13 -13
  837. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/{kdf.c.inc → kdf.cc.inc} +13 -51
  838. data/third_party/boringssl-with-bazel/src/crypto/hpke/{hpke.c → hpke.cc} +19 -16
  839. data/third_party/boringssl-with-bazel/src/crypto/hrss/{hrss.c → hrss.cc} +73 -122
  840. data/third_party/boringssl-with-bazel/src/crypto/hrss/internal.h +13 -13
  841. data/third_party/boringssl-with-bazel/src/crypto/internal.h +242 -442
  842. data/third_party/boringssl-with-bazel/src/crypto/kyber/internal.h +13 -13
  843. data/third_party/boringssl-with-bazel/src/crypto/kyber/{kyber.c → kyber.cc} +52 -28
  844. data/third_party/boringssl-with-bazel/src/crypto/lhash/internal.h +31 -75
  845. data/third_party/boringssl-with-bazel/src/crypto/lhash/{lhash.c → lhash.cc} +21 -62
  846. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/md4/md4.c.inc → md4/md4.cc} +21 -67
  847. data/third_party/boringssl-with-bazel/src/crypto/md5/internal.h +37 -0
  848. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/md5/md5.c.inc → md5/md5.cc} +17 -58
  849. data/third_party/boringssl-with-bazel/src/crypto/{mem.c → mem.cc} +47 -77
  850. data/third_party/boringssl-with-bazel/src/crypto/mldsa/mldsa.cc +90 -0
  851. data/third_party/boringssl-with-bazel/src/crypto/mlkem/mlkem.cc +97 -1042
  852. data/third_party/boringssl-with-bazel/src/crypto/obj/{obj.c → obj.cc} +40 -85
  853. data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +14 -56
  854. data/third_party/boringssl-with-bazel/src/crypto/obj/obj_xref.cc +80 -0
  855. data/third_party/boringssl-with-bazel/src/crypto/pem/internal.h +44 -0
  856. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_all.cc +149 -0
  857. data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_info.c → pem_info.cc} +20 -60
  858. data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_lib.c → pem_lib.cc} +59 -107
  859. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_oth.cc +45 -0
  860. data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_pk8.c → pem_pk8.cc} +13 -55
  861. data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_pkey.c → pem_pkey.cc} +13 -55
  862. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_x509.cc +22 -0
  863. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_xaux.cc +22 -0
  864. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/internal.h +13 -13
  865. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/{pkcs7.c → pkcs7.cc} +17 -17
  866. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/{pkcs7_x509.c → pkcs7_x509.cc} +40 -37
  867. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/internal.h +13 -54
  868. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/{p5_pbev2.c → p5_pbev2.cc} +13 -54
  869. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/{pkcs8.c → pkcs8.cc} +170 -210
  870. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/{pkcs8_x509.c → pkcs8_x509.cc} +101 -149
  871. data/third_party/boringssl-with-bazel/src/crypto/poly1305/internal.h +13 -13
  872. data/third_party/boringssl-with-bazel/src/crypto/poly1305/{poly1305.c → poly1305.cc} +15 -15
  873. data/third_party/boringssl-with-bazel/src/crypto/poly1305/{poly1305_arm.c → poly1305_arm.cc} +16 -14
  874. data/third_party/boringssl-with-bazel/src/crypto/poly1305/{poly1305_vec.c → poly1305_vec.cc} +26 -23
  875. data/third_party/boringssl-with-bazel/src/crypto/pool/internal.h +13 -13
  876. data/third_party/boringssl-with-bazel/src/crypto/pool/{pool.c → pool.cc} +24 -23
  877. data/third_party/boringssl-with-bazel/src/crypto/{rand_extra/deterministic.c → rand/deterministic.cc} +14 -14
  878. data/third_party/boringssl-with-bazel/src/crypto/{rand_extra/fork_detect.c → rand/fork_detect.cc} +23 -24
  879. data/third_party/boringssl-with-bazel/src/crypto/rand/forkunsafe.cc +44 -0
  880. data/third_party/boringssl-with-bazel/src/crypto/{rand_extra/getentropy.c → rand/getentropy.cc} +13 -13
  881. data/third_party/boringssl-with-bazel/src/crypto/{rand_extra → rand}/getrandom_fillin.h +13 -13
  882. data/third_party/boringssl-with-bazel/src/crypto/rand/ios.cc +42 -0
  883. data/third_party/boringssl-with-bazel/src/crypto/{rand_extra/passive.c → rand/passive.cc} +34 -30
  884. data/third_party/boringssl-with-bazel/src/crypto/{rand_extra/rand_extra.c → rand/rand.cc} +13 -13
  885. data/third_party/boringssl-with-bazel/src/crypto/rand/sysrand_internal.h +37 -0
  886. data/third_party/boringssl-with-bazel/src/crypto/rand/trusty.cc +46 -0
  887. data/third_party/boringssl-with-bazel/src/crypto/{rand_extra/urandom.c → rand/urandom.cc} +19 -19
  888. data/third_party/boringssl-with-bazel/src/crypto/{rand_extra/windows.c → rand/windows.cc} +13 -13
  889. data/third_party/boringssl-with-bazel/src/crypto/rc4/rc4.cc +56 -0
  890. data/third_party/boringssl-with-bazel/src/crypto/{refcount.c → refcount.cc} +13 -13
  891. data/third_party/boringssl-with-bazel/src/crypto/rsa/internal.h +36 -0
  892. data/third_party/boringssl-with-bazel/src/crypto/{rsa_extra/rsa_asn1.c → rsa/rsa_asn1.cc} +13 -54
  893. data/third_party/boringssl-with-bazel/src/crypto/{rsa_extra/rsa_crypt.c → rsa/rsa_crypt.cc} +94 -133
  894. data/third_party/boringssl-with-bazel/src/crypto/rsa/rsa_extra.cc +19 -0
  895. data/third_party/boringssl-with-bazel/src/crypto/rsa/rsa_print.cc +27 -0
  896. data/third_party/boringssl-with-bazel/src/crypto/sha/sha1.cc +52 -0
  897. data/third_party/boringssl-with-bazel/src/crypto/sha/sha256.cc +87 -0
  898. data/third_party/boringssl-with-bazel/src/crypto/sha/sha512.cc +104 -0
  899. data/third_party/boringssl-with-bazel/src/crypto/siphash/{siphash.c → siphash.cc} +13 -13
  900. data/third_party/boringssl-with-bazel/src/crypto/slhdsa/slhdsa.cc +113 -0
  901. data/third_party/boringssl-with-bazel/src/crypto/spake2plus/internal.h +204 -0
  902. data/third_party/boringssl-with-bazel/src/crypto/spake2plus/spake2plus.cc +501 -0
  903. data/third_party/boringssl-with-bazel/src/crypto/stack/{stack.c → stack.cc} +23 -61
  904. data/third_party/boringssl-with-bazel/src/crypto/thread.cc +68 -0
  905. data/third_party/boringssl-with-bazel/src/crypto/{thread_none.c → thread_none.cc} +13 -13
  906. data/third_party/boringssl-with-bazel/src/crypto/{thread_pthread.c → thread_pthread.cc} +21 -20
  907. data/third_party/boringssl-with-bazel/src/crypto/{thread_win.c → thread_win.cc} +33 -29
  908. data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +13 -13
  909. data/third_party/boringssl-with-bazel/src/crypto/trust_token/{pmbtoken.c → pmbtoken.cc} +159 -171
  910. data/third_party/boringssl-with-bazel/src/crypto/trust_token/{trust_token.c → trust_token.cc} +32 -34
  911. data/third_party/boringssl-with-bazel/src/crypto/trust_token/{voprf.c → voprf.cc} +178 -182
  912. data/third_party/boringssl-with-bazel/src/crypto/x509/a_digest.cc +52 -0
  913. data/third_party/boringssl-with-bazel/src/crypto/x509/a_sign.cc +97 -0
  914. data/third_party/boringssl-with-bazel/src/crypto/x509/a_verify.cc +74 -0
  915. data/third_party/boringssl-with-bazel/src/crypto/x509/{algorithm.c → algorithm.cc} +14 -56
  916. data/third_party/boringssl-with-bazel/src/crypto/x509/{asn1_gen.c → asn1_gen.cc} +19 -62
  917. data/third_party/boringssl-with-bazel/src/crypto/x509/{by_dir.c → by_dir.cc} +32 -77
  918. data/third_party/boringssl-with-bazel/src/crypto/x509/{by_file.c → by_file.cc} +13 -55
  919. data/third_party/boringssl-with-bazel/src/crypto/x509/ext_dat.h +13 -55
  920. data/third_party/boringssl-with-bazel/src/crypto/x509/i2d_pr.cc +37 -0
  921. data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +13 -57
  922. data/third_party/boringssl-with-bazel/src/crypto/x509/{name_print.c → name_print.cc} +13 -55
  923. data/third_party/boringssl-with-bazel/src/crypto/x509/{policy.c → policy.cc} +200 -190
  924. data/third_party/boringssl-with-bazel/src/crypto/x509/{rsa_pss.c → rsa_pss.cc} +59 -96
  925. data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.cc +103 -0
  926. data/third_party/boringssl-with-bazel/src/crypto/x509/{t_req.c → t_req.cc} +13 -55
  927. data/third_party/boringssl-with-bazel/src/crypto/x509/{t_x509.c → t_x509.cc} +13 -55
  928. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509a.cc +79 -0
  929. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_akey.c → v3_akey.cc} +17 -57
  930. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_akeya.cc +31 -0
  931. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_alt.c → v3_alt.cc} +17 -58
  932. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_bcons.cc +95 -0
  933. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_bitst.cc +102 -0
  934. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_conf.c → v3_conf.cc} +18 -60
  935. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_cpols.c → v3_cpols.cc} +60 -98
  936. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_crld.c → v3_crld.cc} +16 -57
  937. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_enum.cc +73 -0
  938. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_extku.cc +114 -0
  939. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_genn.c → v3_genn.cc} +20 -62
  940. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_ia5.cc +79 -0
  941. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_info.c → v3_info.cc} +20 -67
  942. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_int.cc +81 -0
  943. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_lib.c → v3_lib.cc} +23 -63
  944. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_ncons.c → v3_ncons.cc} +15 -56
  945. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_ocsp.c → v3_ocsp.cc} +17 -9
  946. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_pcons.cc +101 -0
  947. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_pmaps.c → v3_pmaps.cc} +15 -56
  948. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_prn.c → v3_prn.cc} +15 -56
  949. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_purp.c → v3_purp.cc} +29 -63
  950. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_skey.cc +131 -0
  951. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_utl.c → v3_utl.cc} +30 -78
  952. data/third_party/boringssl-with-bazel/src/crypto/x509/x509.cc +47 -0
  953. data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_att.c → x509_att.cc} +16 -57
  954. data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_cmp.c → x509_cmp.cc} +13 -55
  955. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_d2.cc +66 -0
  956. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_def.cc +44 -0
  957. data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_ext.c → x509_ext.cc} +13 -55
  958. data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_lu.c → x509_lu.cc} +20 -65
  959. data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_obj.c → x509_obj.cc} +13 -55
  960. data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_req.c → x509_req.cc} +13 -55
  961. data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_set.c → x509_set.cc} +13 -55
  962. data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_trs.c → x509_trs.cc} +13 -55
  963. data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_txt.c → x509_txt.cc} +13 -55
  964. data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_v3.c → x509_v3.cc} +15 -57
  965. data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_vfy.c → x509_vfy.cc} +229 -267
  966. data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_vpm.c → x509_vpm.cc} +68 -68
  967. data/third_party/boringssl-with-bazel/src/crypto/x509/{x509cset.c → x509cset.cc} +13 -55
  968. data/third_party/boringssl-with-bazel/src/crypto/x509/{x509name.c → x509name.cc} +13 -55
  969. data/third_party/boringssl-with-bazel/src/crypto/x509/x509rset.cc +67 -0
  970. data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.cc +91 -0
  971. data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.cc +107 -0
  972. data/third_party/boringssl-with-bazel/src/crypto/x509/{x_all.c → x_all.cc} +23 -61
  973. data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.cc +55 -0
  974. data/third_party/boringssl-with-bazel/src/crypto/x509/{x_crl.c → x_crl.cc} +19 -61
  975. data/third_party/boringssl-with-bazel/src/crypto/x509/x_exten.cc +36 -0
  976. data/third_party/boringssl-with-bazel/src/crypto/x509/{x_name.c → x_name.cc} +52 -87
  977. data/third_party/boringssl-with-bazel/src/crypto/x509/{x_pubkey.c → x_pubkey.cc} +17 -57
  978. data/third_party/boringssl-with-bazel/src/crypto/x509/x_req.cc +74 -0
  979. data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.cc +51 -0
  980. data/third_party/boringssl-with-bazel/src/crypto/x509/x_spki.cc +34 -0
  981. data/third_party/boringssl-with-bazel/src/crypto/x509/x_val.cc +28 -0
  982. data/third_party/boringssl-with-bazel/src/crypto/x509/{x_x509.c → x_x509.cc} +61 -99
  983. data/third_party/boringssl-with-bazel/src/crypto/x509/{x_x509a.c → x_x509a.cc} +17 -57
  984. data/third_party/boringssl-with-bazel/src/gen/crypto/{err_data.c → err_data.cc} +468 -453
  985. data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +13 -13
  986. data/third_party/boringssl-with-bazel/src/include/openssl/aes.h +13 -47
  987. data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +13 -51
  988. data/third_party/boringssl-with-bazel/src/include/openssl/asm_base.h +14 -14
  989. data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +23 -62
  990. data/third_party/boringssl-with-bazel/src/include/openssl/asn1_mac.h +13 -13
  991. data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +248 -328
  992. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +24 -55
  993. data/third_party/boringssl-with-bazel/src/include/openssl/base64.h +13 -55
  994. data/third_party/boringssl-with-bazel/src/include/openssl/bcm_public.h +82 -0
  995. data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +13 -55
  996. data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +13 -13
  997. data/third_party/boringssl-with-bazel/src/include/openssl/blowfish.h +13 -55
  998. data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +14 -121
  999. data/third_party/boringssl-with-bazel/src/include/openssl/buf.h +13 -55
  1000. data/third_party/boringssl-with-bazel/src/include/openssl/buffer.h +13 -13
  1001. data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +31 -16
  1002. data/third_party/boringssl-with-bazel/src/include/openssl/cast.h +13 -55
  1003. data/third_party/boringssl-with-bazel/src/include/openssl/chacha.h +13 -13
  1004. data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +31 -59
  1005. data/third_party/boringssl-with-bazel/src/include/openssl/cmac.h +13 -13
  1006. data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +13 -55
  1007. data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +13 -13
  1008. data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +25 -14
  1009. data/third_party/boringssl-with-bazel/src/include/openssl/ctrdrbg.h +13 -13
  1010. data/third_party/boringssl-with-bazel/src/include/openssl/curve25519.h +13 -13
  1011. data/third_party/boringssl-with-bazel/src/include/openssl/des.h +13 -55
  1012. data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +17 -55
  1013. data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +19 -56
  1014. data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +17 -58
  1015. data/third_party/boringssl-with-bazel/src/include/openssl/dtls1.h +13 -13
  1016. data/third_party/boringssl-with-bazel/src/include/openssl/e_os2.h +13 -13
  1017. data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +14 -66
  1018. data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h +31 -72
  1019. data/third_party/boringssl-with-bazel/src/include/openssl/ecdh.h +14 -65
  1020. data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +13 -51
  1021. data/third_party/boringssl-with-bazel/src/include/openssl/engine.h +13 -13
  1022. data/third_party/boringssl-with-bazel/src/include/openssl/err.h +13 -107
  1023. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +14 -56
  1024. data/third_party/boringssl-with-bazel/src/include/openssl/evp_errors.h +13 -55
  1025. data/third_party/boringssl-with-bazel/src/include/openssl/ex_data.h +13 -107
  1026. data/third_party/boringssl-with-bazel/src/include/openssl/experimental/kyber.h +13 -13
  1027. data/third_party/boringssl-with-bazel/src/include/openssl/hkdf.h +13 -13
  1028. data/third_party/boringssl-with-bazel/src/include/openssl/hmac.h +13 -55
  1029. data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +13 -13
  1030. data/third_party/boringssl-with-bazel/src/include/openssl/hrss.h +13 -13
  1031. data/third_party/boringssl-with-bazel/src/include/openssl/is_boringssl.h +13 -13
  1032. data/third_party/boringssl-with-bazel/src/include/openssl/kdf.h +13 -13
  1033. data/third_party/boringssl-with-bazel/src/include/openssl/lhash.h +13 -55
  1034. data/third_party/boringssl-with-bazel/src/include/openssl/md4.h +13 -55
  1035. data/third_party/boringssl-with-bazel/src/include/openssl/md5.h +13 -55
  1036. data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +13 -55
  1037. data/third_party/boringssl-with-bazel/src/include/openssl/mldsa.h +20 -26
  1038. data/third_party/boringssl-with-bazel/src/include/openssl/mlkem.h +13 -37
  1039. data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +27 -69
  1040. data/third_party/boringssl-with-bazel/src/include/openssl/obj.h +13 -55
  1041. data/third_party/boringssl-with-bazel/src/include/openssl/obj_mac.h +13 -13
  1042. data/third_party/boringssl-with-bazel/src/include/openssl/objects.h +13 -13
  1043. data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +13 -13
  1044. data/third_party/boringssl-with-bazel/src/include/openssl/opensslv.h +13 -13
  1045. data/third_party/boringssl-with-bazel/src/include/openssl/ossl_typ.h +13 -13
  1046. data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +22 -60
  1047. data/third_party/boringssl-with-bazel/src/include/openssl/pkcs12.h +13 -13
  1048. data/third_party/boringssl-with-bazel/src/include/openssl/pkcs7.h +13 -13
  1049. data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +13 -55
  1050. data/third_party/boringssl-with-bazel/src/include/openssl/poly1305.h +13 -13
  1051. data/third_party/boringssl-with-bazel/src/include/openssl/pool.h +13 -13
  1052. data/third_party/boringssl-with-bazel/src/include/openssl/posix_time.h +13 -13
  1053. data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +13 -13
  1054. data/third_party/boringssl-with-bazel/src/include/openssl/rc4.h +13 -55
  1055. data/third_party/boringssl-with-bazel/src/include/openssl/ripemd.h +13 -55
  1056. data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +23 -63
  1057. data/third_party/boringssl-with-bazel/src/include/openssl/safestack.h +13 -13
  1058. data/third_party/boringssl-with-bazel/src/include/openssl/service_indicator.h +13 -13
  1059. data/third_party/boringssl-with-bazel/src/include/openssl/sha.h +15 -95
  1060. data/third_party/boringssl-with-bazel/src/include/openssl/siphash.h +13 -13
  1061. data/third_party/boringssl-with-bazel/src/include/openssl/slhdsa.h +174 -0
  1062. data/third_party/boringssl-with-bazel/src/include/openssl/span.h +24 -32
  1063. data/third_party/boringssl-with-bazel/src/include/openssl/srtp.h +13 -13
  1064. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +358 -290
  1065. data/third_party/boringssl-with-bazel/src/include/openssl/ssl3.h +15 -114
  1066. data/third_party/boringssl-with-bazel/src/include/openssl/stack.h +13 -55
  1067. data/third_party/boringssl-with-bazel/src/include/openssl/target.h +23 -13
  1068. data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +15 -57
  1069. data/third_party/boringssl-with-bazel/src/include/openssl/time.h +13 -13
  1070. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +27 -156
  1071. data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +15 -15
  1072. data/third_party/boringssl-with-bazel/src/include/openssl/type_check.h +13 -55
  1073. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +14 -61
  1074. data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +13 -13
  1075. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +13 -13
  1076. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3_errors.h +13 -53
  1077. data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +15 -14
  1078. data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +680 -434
  1079. data/third_party/boringssl-with-bazel/src/ssl/d1_lib.cc +129 -174
  1080. data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +176 -131
  1081. data/third_party/boringssl-with-bazel/src/ssl/d1_srtp.cc +21 -127
  1082. data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +107 -104
  1083. data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +311 -312
  1084. data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +54 -47
  1085. data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +677 -475
  1086. data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +66 -73
  1087. data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +61 -153
  1088. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +198 -331
  1089. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +88 -212
  1090. data/third_party/boringssl-with-bazel/src/ssl/internal.h +949 -531
  1091. data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +47 -157
  1092. data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +29 -159
  1093. data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +18 -112
  1094. data/third_party/boringssl-with-bazel/src/ssl/ssl_aead_ctx.cc +103 -196
  1095. data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +52 -145
  1096. data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +15 -20
  1097. data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +117 -157
  1098. data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +229 -365
  1099. data/third_party/boringssl-with-bazel/src/ssl/ssl_credential.cc +216 -31
  1100. data/third_party/boringssl-with-bazel/src/ssl/ssl_file.cc +13 -109
  1101. data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +34 -33
  1102. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +194 -350
  1103. data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +38 -83
  1104. data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +101 -236
  1105. data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +17 -91
  1106. data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +109 -157
  1107. data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +44 -30
  1108. data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +66 -195
  1109. data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +45 -176
  1110. data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +58 -42
  1111. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +146 -94
  1112. data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +251 -180
  1113. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +236 -107
  1114. data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +64 -117
  1115. data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +52 -134
  1116. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +6 -0
  1117. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +6 -0
  1118. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64_adx.h +4 -1
  1119. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +1 -1
  1120. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +3 -0
  1121. metadata +357 -348
  1122. data/src/core/ext/upb-gen/envoy/config/trace/v3/opencensus.upb.h +0 -426
  1123. data/src/core/ext/upb-gen/envoy/config/trace/v3/opencensus.upb_minitable.c +0 -87
  1124. data/src/core/ext/upb-gen/envoy/config/trace/v3/opencensus.upb_minitable.h +0 -32
  1125. data/src/core/ext/upb-gen/opencensus/proto/trace/v1/trace_config.upb.h +0 -408
  1126. data/src/core/ext/upb-gen/opencensus/proto/trace/v1/trace_config.upb_minitable.c +0 -124
  1127. data/src/core/ext/upb-gen/opencensus/proto/trace/v1/trace_config.upb_minitable.h +0 -38
  1128. data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/opencensus.upbdefs.c +0 -108
  1129. data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/opencensus.upbdefs.h +0 -33
  1130. data/src/core/ext/upbdefs-gen/opencensus/proto/trace/v1/trace_config.upbdefs.c +0 -67
  1131. data/src/core/ext/upbdefs-gen/opencensus/proto/trace/v1/trace_config.upbdefs.h +0 -48
  1132. data/src/core/util/atm.cc +0 -34
  1133. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +0 -95
  1134. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_d2i_fp.c +0 -89
  1135. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_dup.c +0 -84
  1136. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.c +0 -151
  1137. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_i2d_fp.c +0 -85
  1138. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +0 -74
  1139. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +0 -183
  1140. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_par.c +0 -103
  1141. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +0 -98
  1142. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +0 -105
  1143. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +0 -94
  1144. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +0 -212
  1145. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +0 -126
  1146. data/third_party/boringssl-with-bazel/src/crypto/bio/errno.c +0 -92
  1147. data/third_party/boringssl-with-bazel/src/crypto/bio/hexdump.c +0 -192
  1148. data/third_party/boringssl-with-bazel/src/crypto/bio/printf.c +0 -102
  1149. data/third_party/boringssl-with-bazel/src/crypto/bio/socket.c +0 -189
  1150. data/third_party/boringssl-with-bazel/src/crypto/buf/buf.c +0 -158
  1151. data/third_party/boringssl-with-bazel/src/crypto/bytestring/asn1_compat.c +0 -53
  1152. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/cipher_extra.c +0 -127
  1153. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +0 -152
  1154. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_des.c +0 -228
  1155. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_null.c +0 -90
  1156. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc4.c +0 -94
  1157. data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_win.c +0 -41
  1158. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519_64_adx.c +0 -18
  1159. data/third_party/boringssl-with-bazel/src/crypto/dh_extra/dh_asn1.c +0 -165
  1160. data/third_party/boringssl-with-bazel/src/crypto/dilithium/dilithium.c +0 -1539
  1161. data/third_party/boringssl-with-bazel/src/crypto/dilithium/internal.h +0 -58
  1162. data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/ecdh_extra.c +0 -124
  1163. data/third_party/boringssl-with-bazel/src/crypto/evp/pbkdf.c +0 -146
  1164. data/third_party/boringssl-with-bazel/src/crypto/evp/sign.c +0 -156
  1165. data/third_party/boringssl-with-bazel/src/crypto/ex_data.c +0 -236
  1166. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes.c.inc +0 -127
  1167. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c.inc +0 -124
  1168. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/jacobi.c.inc +0 -146
  1169. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.c.inc +0 -304
  1170. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c.inc +0 -130
  1171. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/fips_shared_support.c +0 -29
  1172. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md5/internal.h +0 -37
  1173. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c.inc +0 -196
  1174. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +0 -428
  1175. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c.inc +0 -87
  1176. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c.inc +0 -241
  1177. data/third_party/boringssl-with-bazel/src/crypto/mldsa/internal.h +0 -73
  1178. data/third_party/boringssl-with-bazel/src/crypto/mldsa/mldsa.c +0 -1687
  1179. data/third_party/boringssl-with-bazel/src/crypto/mlkem/internal.h +0 -90
  1180. data/third_party/boringssl-with-bazel/src/crypto/obj/obj_xref.c +0 -122
  1181. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_all.c +0 -243
  1182. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_oth.c +0 -87
  1183. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_x509.c +0 -64
  1184. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_xaux.c +0 -64
  1185. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/forkunsafe.c +0 -44
  1186. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/ios.c +0 -42
  1187. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/sysrand_internal.h +0 -37
  1188. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/trusty.c +0 -46
  1189. data/third_party/boringssl-with-bazel/src/crypto/rc4/rc4.c +0 -98
  1190. data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/internal.h +0 -79
  1191. data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_print.c +0 -22
  1192. data/third_party/boringssl-with-bazel/src/crypto/spx/address.c +0 -101
  1193. data/third_party/boringssl-with-bazel/src/crypto/spx/address.h +0 -50
  1194. data/third_party/boringssl-with-bazel/src/crypto/spx/fors.c +0 -133
  1195. data/third_party/boringssl-with-bazel/src/crypto/spx/fors.h +0 -54
  1196. data/third_party/boringssl-with-bazel/src/crypto/spx/merkle.c +0 -150
  1197. data/third_party/boringssl-with-bazel/src/crypto/spx/merkle.h +0 -61
  1198. data/third_party/boringssl-with-bazel/src/crypto/spx/params.h +0 -71
  1199. data/third_party/boringssl-with-bazel/src/crypto/spx/spx.c +0 -140
  1200. data/third_party/boringssl-with-bazel/src/crypto/spx/spx_util.c +0 -53
  1201. data/third_party/boringssl-with-bazel/src/crypto/spx/spx_util.h +0 -44
  1202. data/third_party/boringssl-with-bazel/src/crypto/spx/thash.c +0 -136
  1203. data/third_party/boringssl-with-bazel/src/crypto/spx/thash.h +0 -70
  1204. data/third_party/boringssl-with-bazel/src/crypto/spx/wots.c +0 -135
  1205. data/third_party/boringssl-with-bazel/src/crypto/spx/wots.h +0 -45
  1206. data/third_party/boringssl-with-bazel/src/crypto/thread.c +0 -110
  1207. data/third_party/boringssl-with-bazel/src/crypto/x509/a_digest.c +0 -94
  1208. data/third_party/boringssl-with-bazel/src/crypto/x509/a_sign.c +0 -136
  1209. data/third_party/boringssl-with-bazel/src/crypto/x509/a_verify.c +0 -116
  1210. data/third_party/boringssl-with-bazel/src/crypto/x509/i2d_pr.c +0 -79
  1211. data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +0 -145
  1212. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509a.c +0 -121
  1213. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_akeya.c +0 -73
  1214. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_bcons.c +0 -135
  1215. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_bitst.c +0 -141
  1216. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_enum.c +0 -112
  1217. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_extku.c +0 -154
  1218. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_ia5.c +0 -122
  1219. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_int.c +0 -121
  1220. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_pcons.c +0 -142
  1221. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_skey.c +0 -170
  1222. data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +0 -89
  1223. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_d2.c +0 -108
  1224. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_def.c +0 -86
  1225. data/third_party/boringssl-with-bazel/src/crypto/x509/x509rset.c +0 -109
  1226. data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.c +0 -133
  1227. data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +0 -149
  1228. data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +0 -97
  1229. data/third_party/boringssl-with-bazel/src/crypto/x509/x_exten.c +0 -78
  1230. data/third_party/boringssl-with-bazel/src/crypto/x509/x_req.c +0 -116
  1231. data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +0 -93
  1232. data/third_party/boringssl-with-bazel/src/crypto/x509/x_spki.c +0 -79
  1233. data/third_party/boringssl-with-bazel/src/crypto/x509/x_val.c +0 -70
  1234. data/third_party/boringssl-with-bazel/src/include/openssl/experimental/dilithium.h +0 -129
  1235. data/third_party/boringssl-with-bazel/src/include/openssl/experimental/spx.h +0 -90
data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc CHANGED
@@ -1,151 +1,18 @@
1
- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2
- * All rights reserved.
3
- *
4
- * This package is an SSL implementation written
5
- * by Eric Young (eay@cryptsoft.com).
6
- * The implementation was written so as to conform with Netscapes SSL.
7
- *
8
- * This library is free for commercial and non-commercial use as long as
9
- * the following conditions are aheared to. The following conditions
10
- * apply to all code found in this distribution, be it the RC4, RSA,
11
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12
- * included with this distribution is covered by the same copyright terms
13
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14
- *
15
- * Copyright remains Eric Young's, and as such any Copyright notices in
16
- * the code are not to be removed.
17
- * If this package is used in a product, Eric Young should be given attribution
18
- * as the author of the parts of the library used.
19
- * This can be in the form of a textual message at program startup or
20
- * in documentation (online or textual) provided with the package.
21
- *
22
- * Redistribution and use in source and binary forms, with or without
23
- * modification, are permitted provided that the following conditions
24
- * are met:
25
- * 1. Redistributions of source code must retain the copyright
26
- * notice, this list of conditions and the following disclaimer.
27
- * 2. Redistributions in binary form must reproduce the above copyright
28
- * notice, this list of conditions and the following disclaimer in the
29
- * documentation and/or other materials provided with the distribution.
30
- * 3. All advertising materials mentioning features or use of this software
31
- * must display the following acknowledgement:
32
- * "This product includes cryptographic software written by
33
- * Eric Young (eay@cryptsoft.com)"
34
- * The word 'cryptographic' can be left out if the rouines from the library
35
- * being used are not cryptographic related :-).
36
- * 4. If you include any Windows specific code (or a derivative thereof) from
37
- * the apps directory (application code) you must include an acknowledgement:
38
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39
- *
40
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50
- * SUCH DAMAGE.
51
- *
52
- * The licence and distribution terms for any publically available version or
53
- * derivative of this code cannot be changed. i.e. this code cannot simply be
54
- * copied and put under another distribution licence
55
- * [including the GNU Public Licence.]
56
- */
57
- /* ====================================================================
58
- * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
59
- *
60
- * Redistribution and use in source and binary forms, with or without
61
- * modification, are permitted provided that the following conditions
62
- * are met:
63
- *
64
- * 1. Redistributions of source code must retain the above copyright
65
- * notice, this list of conditions and the following disclaimer.
66
- *
67
- * 2. Redistributions in binary form must reproduce the above copyright
68
- * notice, this list of conditions and the following disclaimer in
69
- * the documentation and/or other materials provided with the
70
- * distribution.
71
- *
72
- * 3. All advertising materials mentioning features or use of this
73
- * software must display the following acknowledgment:
74
- * "This product includes software developed by the OpenSSL Project
75
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
76
- *
77
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
78
- * endorse or promote products derived from this software without
79
- * prior written permission. For written permission, please contact
80
- * openssl-core@openssl.org.
81
- *
82
- * 5. Products derived from this software may not be called "OpenSSL"
83
- * nor may "OpenSSL" appear in their names without prior written
84
- * permission of the OpenSSL Project.
85
- *
86
- * 6. Redistributions of any form whatsoever must retain the following
87
- * acknowledgment:
88
- * "This product includes software developed by the OpenSSL Project
89
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
90
- *
91
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
92
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
93
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
94
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
95
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
96
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
97
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
98
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
99
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
100
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
101
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
102
- * OF THE POSSIBILITY OF SUCH DAMAGE.
103
- * ====================================================================
104
- *
105
- * This product includes cryptographic software written by Eric Young
106
- * (eay@cryptsoft.com). This product includes software written by Tim
107
- * Hudson (tjh@cryptsoft.com).
108
- *
109
- */
110
- /* ====================================================================
111
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
112
- *
113
- * Portions of the attached software ("Contribution") are developed by
114
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
115
- *
116
- * The Contribution is licensed pursuant to the OpenSSL open source
117
- * license provided above.
118
- *
119
- * ECC cipher suite support in OpenSSL originally written by
120
- * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
121
- *
122
- */
123
- /* ====================================================================
124
- * Copyright 2005 Nokia. All rights reserved.
125
- *
126
- * The portions of the attached software ("Contribution") is developed by
127
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
128
- * license.
129
- *
130
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
131
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
132
- * support (see RFC 4279) to OpenSSL.
133
- *
134
- * No patent licenses or other rights except those expressly stated in
135
- * the OpenSSL open source license shall be deemed granted or received
136
- * expressly, by implication, estoppel, or otherwise.
137
- *
138
- * No assurances are provided by Nokia that the Contribution does not
139
- * infringe the patent or other intellectual property rights of any third
140
- * party or that the license provides you with all the necessary rights
141
- * to make use of the Contribution.
142
- *
143
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
144
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
145
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
146
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
147
- * OTHERWISE.
148
- */
1
+ // Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
2
+ // Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved.
3
+ // Copyright 2005 Nokia. All rights reserved.
4
+ //
5
+ // Licensed under the Apache License, Version 2.0 (the "License");
6
+ // you may not use this file except in compliance with the License.
7
+ // You may obtain a copy of the License at
8
+ //
9
+ // https://www.apache.org/licenses/LICENSE-2.0
10
+ //
11
+ // Unless required by applicable law or agreed to in writing, software
12
+ // distributed under the License is distributed on an "AS IS" BASIS,
13
+ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ // See the License for the specific language governing permissions and
15
+ // limitations under the License.
149
16
 
150
17
  #include <openssl/ssl.h>
151
18
 
@@ -179,7 +46,6 @@ enum ssl_client_hs_state_t {
179
46
  state_start_connect = 0,
180
47
  state_enter_early_data,
181
48
  state_early_reverify_server_certificate,
182
- state_read_hello_verify_request,
183
49
  state_read_server_hello,
184
50
  state_tls13,
185
51
  state_read_server_certificate,
@@ -264,14 +130,14 @@ static bool ssl_write_client_cipher_list(const SSL_HANDSHAKE *hs, CBB *out,
264
130
  ? ssl->config->aes_hw_override_value
265
131
  : EVP_has_aes_hardware();
266
132
  const bssl::Span<const uint16_t> ciphers =
267
- ssl->config->tls13_cipher_policy == ssl_compliance_policy_cnsa_202407
133
+ ssl->config->compliance_policy == ssl_compliance_policy_cnsa_202407
268
134
  ? bssl::Span<const uint16_t>(kCiphersCNSA)
269
135
  : (has_aes_hw ? bssl::Span<const uint16_t>(kCiphersAESHardware)
270
136
  : bssl::Span<const uint16_t>(kCiphersNoAESHardware));
271
137
 
272
138
  for (auto cipher : ciphers) {
273
139
  if (!ssl_add_tls13_cipher(&child, cipher,
274
- ssl->config->tls13_cipher_policy)) {
140
+ ssl->config->compliance_policy)) {
275
141
  return false;
276
142
  }
277
143
  }
@@ -327,9 +193,9 @@ bool ssl_write_client_hello_without_extensions(const SSL_HANDSHAKE *hs,
327
193
  }
328
194
 
329
195
  // Do not send a session ID on renegotiation.
330
- if (!ssl->s3->initial_handshake_complete &&
331
- !empty_session_id &&
332
- !CBB_add_bytes(&child, hs->session_id, hs->session_id_len)) {
196
+ if (!ssl->s3->initial_handshake_complete && //
197
+ !empty_session_id && //
198
+ !CBB_add_bytes(&child, hs->session_id.data(), hs->session_id.size())) {
333
199
  return false;
334
200
  }
335
201
 
@@ -373,7 +239,7 @@ bool ssl_add_client_hello(SSL_HANDSHAKE *hs) {
373
239
  // ClientHelloOuter cannot have a PSK binder. Otherwise the
374
240
  // ClientHellOuterAAD computation would break.
375
241
  assert(type != ssl_client_hello_outer);
376
- if (!tls13_write_psk_binder(hs, hs->transcript, MakeSpan(msg),
242
+ if (!tls13_write_psk_binder(hs, hs->transcript, Span(msg),
377
243
  /*out_binder_len=*/0)) {
378
244
  return false;
379
245
  }
@@ -408,8 +274,8 @@ static bool parse_server_version(const SSL_HANDSHAKE *hs, uint16_t *out_version,
408
274
  return true;
409
275
  }
410
276
 
411
- if (!CBS_get_u16(&supported_versions.data, out_version) ||
412
- CBS_len(&supported_versions.data) != 0) {
277
+ if (!CBS_get_u16(&supported_versions.data, out_version) || //
278
+ CBS_len(&supported_versions.data) != 0) {
413
279
  *out_alert = SSL_AD_DECODE_ERROR;
414
280
  return false;
415
281
  }
@@ -427,9 +293,11 @@ static ssl_early_data_reason_t should_offer_early_data(
427
293
  return ssl_early_data_disabled;
428
294
  }
429
295
 
430
- if (hs->max_version < TLS1_3_VERSION) {
296
+ if (hs->max_version < TLS1_3_VERSION || SSL_is_dtls(ssl)) {
431
297
  // We discard inapplicable sessions, so this is redundant with the session
432
298
  // checks below, but reporting that TLS 1.3 was disabled is more useful.
299
+ //
300
+ // TODO(crbug.com/381113363): Support early data in DTLS 1.3.
433
301
  return ssl_early_data_protocol_version;
434
302
  }
435
303
 
@@ -469,6 +337,7 @@ void ssl_done_writing_client_hello(SSL_HANDSHAKE *hs) {
469
337
  hs->ech_client_outer.Reset();
470
338
  hs->cookie.Reset();
471
339
  hs->key_share_bytes.Reset();
340
+ hs->pake_share_bytes.Reset();
472
341
  }
473
342
 
474
343
  static enum ssl_hs_wait_t do_start_connect(SSL_HANDSHAKE *hs) {
@@ -500,9 +369,15 @@ static enum ssl_hs_wait_t do_start_connect(SSL_HANDSHAKE *hs) {
500
369
  hs->max_version >= TLS1_2_VERSION ? TLS1_2_VERSION : hs->max_version;
501
370
  }
502
371
 
372
+ if (!ssl_setup_pake_shares(hs)) {
373
+ return ssl_hs_error;
374
+ }
375
+
503
376
  // If the configured session has expired or is not usable, drop it. We also do
504
377
  // not offer sessions on renegotiation.
378
+ SSLSessionType session_type = SSLSessionType::kNotResumable;
505
379
  if (ssl->session != nullptr) {
380
+ session_type = ssl_session_get_type(ssl->session.get());
506
381
  if (ssl->session->is_server ||
507
382
  !ssl_supports_version(hs, ssl->session->ssl_version) ||
508
383
  // Do not offer TLS 1.2 sessions with ECH. ClientHelloInner does not
@@ -510,11 +385,19 @@ static enum ssl_hs_wait_t do_start_connect(SSL_HANDSHAKE *hs) {
510
385
  // identity.
511
386
  (hs->selected_ech_config &&
512
387
  ssl_session_protocol_version(ssl->session.get()) < TLS1_3_VERSION) ||
513
- !SSL_SESSION_is_resumable(ssl->session.get()) ||
388
+ session_type == SSLSessionType::kNotResumable ||
389
+ // Don't offer TLS 1.2 tickets if disabled.
390
+ (session_type == SSLSessionType::kTicket &&
391
+ (SSL_get_options(ssl) & SSL_OP_NO_TICKET)) ||
392
+ // Don't offer sessions and PAKEs at the same time. We do not currently
393
+ // support resumption with PAKEs. (Offering both together would need
394
+ // more logic to conditionally send the key_share extension.)
395
+ hs->pake_prover != nullptr ||
514
396
  !ssl_session_is_time_valid(ssl, ssl->session.get()) ||
515
- (ssl->quic_method != nullptr) != ssl->session->is_quic ||
397
+ SSL_is_quic(ssl) != int{ssl->session->is_quic} ||
516
398
  ssl->s3->initial_handshake_complete) {
517
399
  ssl_set_session(ssl, nullptr);
400
+ session_type = SSLSessionType::kNotResumable;
518
401
  }
519
402
  }
520
403
 
@@ -526,27 +409,17 @@ static enum ssl_hs_wait_t do_start_connect(SSL_HANDSHAKE *hs) {
526
409
  return ssl_hs_error;
527
410
  }
528
411
 
529
- const bool has_id_session = ssl->session != nullptr &&
530
- ssl->session->session_id_length > 0 &&
531
- ssl->session->ticket.empty();
532
- const bool has_ticket_session =
533
- ssl->session != nullptr && !ssl->session->ticket.empty();
534
- // TLS 1.2 session tickets require a placeholder value to signal resumption.
535
- const bool ticket_session_requires_random_id =
536
- has_ticket_session &&
537
- ssl_session_protocol_version(ssl->session.get()) < TLS1_3_VERSION;
538
412
  // Compatibility mode sends a random session ID. Compatibility mode is
539
413
  // enabled for TLS 1.3, but not when it's run over QUIC or DTLS.
540
414
  const bool enable_compatibility_mode = hs->max_version >= TLS1_3_VERSION &&
541
- ssl->quic_method == nullptr &&
542
- !SSL_is_dtls(hs->ssl);
543
- if (has_id_session) {
544
- hs->session_id_len = ssl->session->session_id_length;
545
- OPENSSL_memcpy(hs->session_id, ssl->session->session_id,
546
- hs->session_id_len);
547
- } else if (ticket_session_requires_random_id || enable_compatibility_mode) {
548
- hs->session_id_len = sizeof(hs->session_id);
549
- if (!RAND_bytes(hs->session_id, hs->session_id_len)) {
415
+ !SSL_is_quic(ssl) && !SSL_is_dtls(ssl);
416
+ if (session_type == SSLSessionType::kID) {
417
+ hs->session_id = ssl->session->session_id;
418
+ } else if (session_type == SSLSessionType::kTicket ||
419
+ enable_compatibility_mode) {
420
+ // TLS 1.2 session tickets require a placeholder value to signal resumption.
421
+ hs->session_id.ResizeForOverwrite(SSL_MAX_SSL_SESSION_ID_LENGTH);
422
+ if (!RAND_bytes(hs->session_id.data(), hs->session_id.size())) {
550
423
  return ssl_hs_error;
551
424
  }
552
425
  }
@@ -560,7 +433,7 @@ static enum ssl_hs_wait_t do_start_connect(SSL_HANDSHAKE *hs) {
560
433
 
561
434
  if (!ssl_setup_key_shares(hs, /*override_group_id=*/0) ||
562
435
  !ssl_setup_extension_permutation(hs) ||
563
- !ssl_encrypt_client_hello(hs, MakeConstSpan(ech_enc, ech_enc_len)) ||
436
+ !ssl_encrypt_client_hello(hs, Span(ech_enc, ech_enc_len)) ||
564
437
  !ssl_add_client_hello(hs)) {
565
438
  return ssl_hs_error;
566
439
  }
@@ -571,39 +444,29 @@ static enum ssl_hs_wait_t do_start_connect(SSL_HANDSHAKE *hs) {
571
444
 
572
445
  static enum ssl_hs_wait_t do_enter_early_data(SSL_HANDSHAKE *hs) {
573
446
  SSL *const ssl = hs->ssl;
574
-
575
- if (SSL_is_dtls(ssl)) {
576
- hs->state = state_read_hello_verify_request;
577
- return ssl_hs_ok;
578
- }
579
-
580
447
  if (!hs->early_data_offered) {
581
448
  hs->state = state_read_server_hello;
582
449
  return ssl_hs_ok;
583
450
  }
584
451
 
585
- ssl->s3->aead_write_ctx->SetVersionIfNullCipher(ssl->session->ssl_version);
586
- if (!ssl->method->add_change_cipher_spec(ssl)) {
587
- return ssl_hs_error;
588
- }
589
-
590
- if (!tls13_init_early_key_schedule(hs, ssl->session.get()) ||
591
- !tls13_derive_early_secret(hs)) {
592
- return ssl_hs_error;
593
- }
594
-
595
- // Stash the early data session, so connection properties may be queried out
596
- // of it.
452
+ // Stash the early data session and activate the early version. This must
453
+ // happen before |do_early_reverify_server_certificate|, so early connection
454
+ // properties are available to the callback. Note the early version may be
455
+ // overwritten later by the final version.
597
456
  hs->early_session = UpRef(ssl->session);
457
+ ssl->s3->version = hs->early_session->ssl_version;
458
+ hs->is_early_version = true;
598
459
  hs->state = state_early_reverify_server_certificate;
599
460
  return ssl_hs_ok;
600
461
  }
601
462
 
602
- static enum ssl_hs_wait_t do_early_reverify_server_certificate(SSL_HANDSHAKE *hs) {
603
- if (hs->ssl->ctx->reverify_on_resume) {
604
- // Don't send an alert on error. The alert be in early data, which the
605
- // server may not accept anyway. It would also be a mismatch between QUIC
606
- // and TCP because the QUIC early keys are deferred below.
463
+ static enum ssl_hs_wait_t do_early_reverify_server_certificate(
464
+ SSL_HANDSHAKE *hs) {
465
+ SSL *const ssl = hs->ssl;
466
+ if (ssl->ctx->reverify_on_resume) {
467
+ // Don't send an alert on error. The alert would be in the clear, which the
468
+ // server is not expecting anyway. Alerts in between ClientHello and
469
+ // ServerHello cannot usefully be delivered in TLS 1.3.
607
470
  //
608
471
  // TODO(davidben): The client behavior should be to verify the certificate
609
472
  // before deciding whether to offer the session and, if invalid, decline to
@@ -619,11 +482,17 @@ static enum ssl_hs_wait_t do_early_reverify_server_certificate(SSL_HANDSHAKE *hs
619
482
  }
620
483
  }
621
484
 
485
+ if (!ssl->method->add_change_cipher_spec(ssl)) {
486
+ return ssl_hs_error;
487
+ }
488
+
622
489
  // Defer releasing the 0-RTT key to after certificate reverification, so the
623
490
  // QUIC implementation does not accidentally write data too early.
624
- if (!tls13_set_traffic_key(hs->ssl, ssl_encryption_early_data, evp_aead_seal,
491
+ if (!tls13_init_early_key_schedule(hs, hs->early_session.get()) ||
492
+ !tls13_derive_early_secret(hs) ||
493
+ !tls13_set_traffic_key(hs->ssl, ssl_encryption_early_data, evp_aead_seal,
625
494
  hs->early_session.get(),
626
- hs->early_traffic_secret())) {
495
+ hs->early_traffic_secret)) {
627
496
  return ssl_hs_error;
628
497
  }
629
498
 
@@ -633,26 +502,12 @@ static enum ssl_hs_wait_t do_early_reverify_server_certificate(SSL_HANDSHAKE *hs
633
502
  return ssl_hs_early_return;
634
503
  }
635
504
 
636
- static enum ssl_hs_wait_t do_read_hello_verify_request(SSL_HANDSHAKE *hs) {
505
+ static bool handle_hello_verify_request(SSL_HANDSHAKE *hs,
506
+ const SSLMessage &msg) {
637
507
  SSL *const ssl = hs->ssl;
638
-
639
508
  assert(SSL_is_dtls(ssl));
640
-
641
- SSLMessage msg;
642
- if (!ssl->method->get_message(ssl, &msg)) {
643
- return ssl_hs_read_message;
644
- }
645
-
646
- if (msg.type != DTLS1_MT_HELLO_VERIFY_REQUEST) {
647
- hs->state = state_read_server_hello;
648
- return ssl_hs_ok;
649
- }
650
-
651
- // TODO(crbug.com/boringssl/715): At the point when we read an HVR, we don't
652
- // know whether the connection is DTLS 1.2 (or earlier) or DTLS 1.3 - that's
653
- // determined when we read the supported_versions in the ServerHello. If we
654
- // receive HVR and then the ServerHello selects DTLS 1.3, that is an error and
655
- // we should close the connection.
509
+ assert(msg.type == DTLS1_MT_HELLO_VERIFY_REQUEST);
510
+ assert(!hs->received_hello_verify_request);
656
511
 
657
512
  CBS hello_verify_request = msg.body, cookie;
658
513
  uint16_t server_version;
@@ -661,27 +516,23 @@ static enum ssl_hs_wait_t do_read_hello_verify_request(SSL_HANDSHAKE *hs) {
661
516
  CBS_len(&hello_verify_request) != 0) {
662
517
  OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
663
518
  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
664
- return ssl_hs_error;
519
+ return false;
665
520
  }
666
521
 
667
522
  if (!hs->dtls_cookie.CopyFrom(cookie)) {
668
523
  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
669
- return ssl_hs_error;
524
+ return false;
670
525
  }
526
+ hs->received_hello_verify_request = true;
671
527
 
672
528
  ssl->method->next_message(ssl);
673
529
 
674
530
  // DTLS resets the handshake buffer after HelloVerifyRequest.
675
531
  if (!hs->transcript.Init()) {
676
- return ssl_hs_error;
677
- }
678
-
679
- if (!ssl_add_client_hello(hs)) {
680
- return ssl_hs_error;
532
+ return false;
681
533
  }
682
534
 
683
- hs->state = state_read_server_hello;
684
- return ssl_hs_flush;
535
+ return ssl_add_client_hello(hs);
685
536
  }
686
537
 
687
538
  bool ssl_parse_server_hello(ParsedServerHello *out, uint8_t *out_alert,
@@ -723,6 +574,16 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
723
574
  return ssl_hs_read_server_hello;
724
575
  }
725
576
 
577
+ if (SSL_is_dtls(ssl) && !hs->received_hello_verify_request &&
578
+ msg.type == DTLS1_MT_HELLO_VERIFY_REQUEST) {
579
+ if (!handle_hello_verify_request(hs, msg)) {
580
+ return ssl_hs_error;
581
+ }
582
+ hs->received_hello_verify_request = true;
583
+ hs->state = state_read_server_hello;
584
+ return ssl_hs_flush;
585
+ }
586
+
726
587
  ParsedServerHello server_hello;
727
588
  uint16_t server_version;
728
589
  uint8_t alert = SSL_AD_DECODE_ERROR;
@@ -738,53 +599,76 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
738
599
  return ssl_hs_error;
739
600
  }
740
601
 
741
- // TODO(crbug.com/boringssl/715): Check that if the server picked DTLS 1.3,
742
- // that it didn't also previously send an HVR, as that is not allowed by RFC
743
- // 9147. (DTLS 1.25 still uses HVR instead of HRR.) Also add a runner test to
744
- // test that we handle that case properly.
745
- //
746
- // See
747
- // https://boringssl-review.googlesource.com/c/boringssl/+/68027/3/ssl/handshake_client.cc
748
- // for an example of what this check might look like.
749
-
750
- assert(ssl->s3->have_version == ssl->s3->initial_handshake_complete);
751
- if (!ssl->s3->have_version) {
752
- ssl->version = server_version;
753
- // At this point, the connection's version is known and ssl->version is
754
- // fixed. Begin enforcing the record-layer version.
755
- ssl->s3->have_version = true;
756
- ssl->s3->aead_write_ctx->SetVersionIfNullCipher(ssl->version);
757
- } else if (server_version != ssl->version) {
602
+ if (!ssl->s3->initial_handshake_complete) {
603
+ // |ssl->s3->version| may be set due to 0-RTT. If it was to a different
604
+ // value, the check below will fire.
605
+ assert(ssl->s3->version == 0 ||
606
+ (hs->is_early_version &&
607
+ ssl->s3->version == hs->early_session->ssl_version));
608
+ ssl->s3->version = server_version;
609
+ hs->is_early_version = false;
610
+ } else if (server_version != ssl->s3->version) {
758
611
  OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_SSL_VERSION);
759
612
  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_PROTOCOL_VERSION);
760
613
  return ssl_hs_error;
761
614
  }
762
615
 
763
- if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
764
- hs->state = state_tls13;
765
- return ssl_hs_ok;
766
- }
767
-
768
- // Clear some TLS 1.3 state that no longer needs to be retained.
769
- hs->key_shares[0].reset();
770
- hs->key_shares[1].reset();
771
- ssl_done_writing_client_hello(hs);
772
-
773
- // A TLS 1.2 server would not know to skip the early data we offered. Report
774
- // an error code sooner. The caller may use this error code to implement the
775
- // fallback described in RFC 8446 appendix D.3.
776
- if (hs->early_data_offered) {
616
+ // If the version did not match, stop sending 0-RTT data.
617
+ if (hs->early_data_offered &&
618
+ ssl->s3->version != hs->early_session->ssl_version) {
619
+ // This is currently only possible by reading a TLS 1.2 (or earlier)
620
+ // ServerHello in response to TLS 1.3. If there is ever a TLS 1.4, or
621
+ // another variant of TLS 1.3, the fatal error below will need to be a clean
622
+ // 0-RTT reject.
623
+ assert(ssl_protocol_version(ssl) < TLS1_3_VERSION);
624
+ assert(ssl_session_protocol_version(hs->early_session.get()) >=
625
+ TLS1_3_VERSION);
626
+
627
+ // A TLS 1.2 server would not know to skip the early data we offered, so
628
+ // there is no point in continuing the handshake. Report an error code as
629
+ // soon as we detect this. The caller may use this error code to implement
630
+ // the fallback described in RFC 8446 appendix D.3.
631
+ //
777
632
  // Disconnect early writes. This ensures subsequent |SSL_write| calls query
778
633
  // the handshake which, in turn, will replay the error code rather than fail
779
634
  // at the |write_shutdown| check. See https://crbug.com/1078515.
780
635
  // TODO(davidben): Should all handshake errors do this? What about record
781
636
  // decryption failures?
637
+ //
638
+ // TODO(crbug.com/381113363): Although missing from the spec, a DTLS 1.2
639
+ // server will already naturally skip 0-RTT data. If we implement DTLS 1.3
640
+ // 0-RTT, we may want a clean reject.
641
+ assert(!SSL_is_dtls(ssl));
782
642
  hs->can_early_write = false;
783
643
  OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_VERSION_ON_EARLY_DATA);
784
644
  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_PROTOCOL_VERSION);
785
645
  return ssl_hs_error;
786
646
  }
787
647
 
648
+ if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
649
+ if (hs->received_hello_verify_request) {
650
+ OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_MESSAGE);
651
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_PROTOCOL_VERSION);
652
+ return ssl_hs_error;
653
+ }
654
+
655
+ hs->state = state_tls13;
656
+ return ssl_hs_ok;
657
+ }
658
+
659
+ // If this client is configured to use a PAKE, then the server must support
660
+ // TLS 1.3.
661
+ if (hs->pake_prover) {
662
+ OPENSSL_PUT_ERROR(SSL, SSL_R_UNSUPPORTED_PROTOCOL);
663
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_PROTOCOL_VERSION);
664
+ return ssl_hs_error;
665
+ }
666
+
667
+ // Clear some TLS 1.3 state that no longer needs to be retained.
668
+ hs->key_shares[0].reset();
669
+ hs->key_shares[1].reset();
670
+ ssl_done_writing_client_hello(hs);
671
+
788
672
  // TLS 1.2 handshakes cannot accept ECH.
789
673
  if (hs->selected_ech_config) {
790
674
  ssl->s3->ech_status = ssl_ech_rejected;
@@ -796,7 +680,7 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
796
680
 
797
681
  // Enforce the TLS 1.3 anti-downgrade feature.
798
682
  if (!ssl->s3->initial_handshake_complete &&
799
- ssl_supports_version(hs, TLS1_3_VERSION)) {
683
+ hs->max_version >= TLS1_3_VERSION) {
800
684
  static_assert(
801
685
  sizeof(kTLS12DowngradeRandom) == sizeof(kTLS13DowngradeRandom),
802
686
  "downgrade signals have different size");
@@ -804,8 +688,7 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
804
688
  sizeof(kJDK11DowngradeRandom) == sizeof(kTLS13DowngradeRandom),
805
689
  "downgrade signals have different size");
806
690
  auto suffix =
807
- MakeConstSpan(ssl->s3->server_random, sizeof(ssl->s3->server_random))
808
- .subspan(SSL3_RANDOM_SIZE - sizeof(kTLS13DowngradeRandom));
691
+ Span(ssl->s3->server_random).last(sizeof(kTLS13DowngradeRandom));
809
692
  if (suffix == kTLS12DowngradeRandom || suffix == kTLS13DowngradeRandom ||
810
693
  suffix == kJDK11DowngradeRandom) {
811
694
  OPENSSL_PUT_ERROR(SSL, SSL_R_TLS13_DOWNGRADE);
@@ -818,11 +701,11 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
818
701
  const SSL_CIPHER *cipher = SSL_get_cipher_by_value(server_hello.cipher_suite);
819
702
  uint32_t mask_a, mask_k;
820
703
  ssl_get_client_disabled(hs, &mask_a, &mask_k);
821
- if (cipher == nullptr ||
822
- (cipher->algorithm_mkey & mask_k) ||
823
- (cipher->algorithm_auth & mask_a) ||
824
- SSL_CIPHER_get_min_version(cipher) > ssl_protocol_version(ssl) ||
825
- SSL_CIPHER_get_max_version(cipher) < ssl_protocol_version(ssl) ||
704
+ if (cipher == nullptr || //
705
+ (cipher->algorithm_mkey & mask_k) || //
706
+ (cipher->algorithm_auth & mask_a) || //
707
+ SSL_CIPHER_get_min_version(cipher) > ssl_protocol_version(ssl) || //
708
+ SSL_CIPHER_get_max_version(cipher) < ssl_protocol_version(ssl) || //
826
709
  !sk_SSL_CIPHER_find(SSL_get_ciphers(ssl), nullptr, cipher)) {
827
710
  OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CIPHER_RETURNED);
828
711
  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
@@ -831,9 +714,8 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
831
714
 
832
715
  hs->new_cipher = cipher;
833
716
 
834
- if (hs->session_id_len != 0 &&
835
- CBS_mem_equal(&server_hello.session_id, hs->session_id,
836
- hs->session_id_len)) {
717
+ if (!hs->session_id.empty() &&
718
+ Span<const uint8_t>(server_hello.session_id) == hs->session_id) {
837
719
  // Echoing the ClientHello session ID in TLS 1.2, whether from the session
838
720
  // or a synthetic one, indicates resumption. If there was no session (or if
839
721
  // the session was only offered in ECH ClientHelloInner), this was the
@@ -846,7 +728,7 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
846
728
  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
847
729
  return ssl_hs_error;
848
730
  }
849
- if (ssl->session->ssl_version != ssl->version) {
731
+ if (ssl->session->ssl_version != ssl->s3->version) {
850
732
  OPENSSL_PUT_ERROR(SSL, SSL_R_OLD_SESSION_VERSION_NOT_RETURNED);
851
733
  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
852
734
  return ssl_hs_error;
@@ -875,16 +757,9 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
875
757
  }
876
758
 
877
759
  // Save the session ID from the server. This may be empty if the session
878
- // isn't resumable, or if we'll receive a session ticket later.
879
- assert(CBS_len(&server_hello.session_id) <= SSL3_SESSION_ID_SIZE);
880
- static_assert(SSL3_SESSION_ID_SIZE <= UINT8_MAX,
881
- "max session ID is too large");
882
- hs->new_session->session_id_length =
883
- static_cast<uint8_t>(CBS_len(&server_hello.session_id));
884
- OPENSSL_memcpy(hs->new_session->session_id,
885
- CBS_data(&server_hello.session_id),
886
- CBS_len(&server_hello.session_id));
887
-
760
+ // isn't resumable, or if we'll receive a session ticket later. The
761
+ // ServerHello parser ensures |server_hello.session_id| is within bounds.
762
+ hs->new_session->session_id.CopyFrom(server_hello.session_id);
888
763
  hs->new_session->cipher = hs->new_cipher;
889
764
  }
890
765
 
@@ -1026,10 +901,10 @@ static enum ssl_hs_wait_t do_read_certificate_status(SSL_HANDSHAKE *hs) {
1026
901
 
1027
902
  CBS certificate_status = msg.body, ocsp_response;
1028
903
  uint8_t status_type;
1029
- if (!CBS_get_u8(&certificate_status, &status_type) ||
1030
- status_type != TLSEXT_STATUSTYPE_ocsp ||
1031
- !CBS_get_u24_length_prefixed(&certificate_status, &ocsp_response) ||
1032
- CBS_len(&ocsp_response) == 0 ||
904
+ if (!CBS_get_u8(&certificate_status, &status_type) || //
905
+ status_type != TLSEXT_STATUSTYPE_ocsp || //
906
+ !CBS_get_u24_length_prefixed(&certificate_status, &ocsp_response) || //
907
+ CBS_len(&ocsp_response) == 0 || //
1033
908
  CBS_len(&certificate_status) != 0) {
1034
909
  OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
1035
910
  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
@@ -1312,7 +1187,7 @@ static enum ssl_hs_wait_t do_read_certificate_request(SSL_HANDSHAKE *hs) {
1312
1187
 
1313
1188
  uint8_t alert = SSL_AD_DECODE_ERROR;
1314
1189
  UniquePtr<STACK_OF(CRYPTO_BUFFER)> ca_names =
1315
- ssl_parse_client_CA_list(ssl, &alert, &body);
1190
+ SSL_parse_CA_list(ssl, &alert, &body);
1316
1191
  if (!ca_names) {
1317
1192
  ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
1318
1193
  return ssl_hs_error;
@@ -1371,26 +1246,24 @@ static bool check_credential(SSL_HANDSHAKE *hs, const SSL_CREDENTIAL *cred,
1371
1246
  return false;
1372
1247
  }
1373
1248
 
1374
- if (hs->config->check_client_certificate_type) {
1375
- // Check the certificate types advertised by the peer.
1376
- uint8_t cert_type;
1377
- switch (EVP_PKEY_id(cred->pubkey.get())) {
1378
- case EVP_PKEY_RSA:
1379
- cert_type = SSL3_CT_RSA_SIGN;
1380
- break;
1381
- case EVP_PKEY_EC:
1382
- case EVP_PKEY_ED25519:
1383
- cert_type = TLS_CT_ECDSA_SIGN;
1384
- break;
1385
- default:
1386
- OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
1387
- return false;
1388
- }
1389
- if (std::find(hs->certificate_types.begin(), hs->certificate_types.end(),
1390
- cert_type) == hs->certificate_types.end()) {
1249
+ // Check the certificate types advertised by the peer.
1250
+ uint8_t cert_type;
1251
+ switch (EVP_PKEY_id(cred->pubkey.get())) {
1252
+ case EVP_PKEY_RSA:
1253
+ cert_type = SSL3_CT_RSA_SIGN;
1254
+ break;
1255
+ case EVP_PKEY_EC:
1256
+ case EVP_PKEY_ED25519:
1257
+ cert_type = TLS_CT_ECDSA_SIGN;
1258
+ break;
1259
+ default:
1391
1260
  OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
1392
1261
  return false;
1393
- }
1262
+ }
1263
+ if (std::find(hs->certificate_types.begin(), hs->certificate_types.end(),
1264
+ cert_type) == hs->certificate_types.end()) {
1265
+ OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
1266
+ return false;
1394
1267
  }
1395
1268
 
1396
1269
  // All currently supported credentials require a signature. Note this does not
@@ -1449,6 +1322,7 @@ static enum ssl_hs_wait_t do_send_client_certificate(SSL_HANDSHAKE *hs) {
1449
1322
  }
1450
1323
  if (hs->credential == nullptr) {
1451
1324
  // The error from the last attempt is in the error queue.
1325
+ assert(ERR_peek_error() != 0);
1452
1326
  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
1453
1327
  return ssl_hs_error;
1454
1328
  }
@@ -1539,16 +1413,15 @@ static enum ssl_hs_wait_t do_send_client_key_exchange(SSL_HANDSHAKE *hs) {
1539
1413
 
1540
1414
  // Depending on the key exchange method, compute |pms|.
1541
1415
  if (alg_k & SSL_kRSA) {
1542
- if (!pms.Init(SSL_MAX_MASTER_KEY_LENGTH)) {
1543
- return ssl_hs_error;
1544
- }
1545
-
1546
1416
  RSA *rsa = EVP_PKEY_get0_RSA(hs->peer_pubkey.get());
1547
1417
  if (rsa == NULL) {
1548
1418
  OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
1549
1419
  return ssl_hs_error;
1550
1420
  }
1551
1421
 
1422
+ if (!pms.InitForOverwrite(SSL_MAX_MASTER_KEY_LENGTH)) {
1423
+ return ssl_hs_error;
1424
+ }
1552
1425
  pms[0] = hs->client_version >> 8;
1553
1426
  pms[1] = hs->client_version & 0xff;
1554
1427
  if (!RAND_bytes(&pms[2], SSL_MAX_MASTER_KEY_LENGTH - 2)) {
@@ -1558,11 +1431,11 @@ static enum ssl_hs_wait_t do_send_client_key_exchange(SSL_HANDSHAKE *hs) {
1558
1431
  CBB enc_pms;
1559
1432
  uint8_t *ptr;
1560
1433
  size_t enc_pms_len;
1561
- if (!CBB_add_u16_length_prefixed(&body, &enc_pms) ||
1562
- !CBB_reserve(&enc_pms, &ptr, RSA_size(rsa)) ||
1434
+ if (!CBB_add_u16_length_prefixed(&body, &enc_pms) || //
1435
+ !CBB_reserve(&enc_pms, &ptr, RSA_size(rsa)) || //
1563
1436
  !RSA_encrypt(rsa, &enc_pms_len, ptr, RSA_size(rsa), pms.data(),
1564
- pms.size(), RSA_PKCS1_PADDING) ||
1565
- !CBB_did_write(&enc_pms, enc_pms_len) ||
1437
+ pms.size(), RSA_PKCS1_PADDING) || //
1438
+ !CBB_did_write(&enc_pms, enc_pms_len) || //
1566
1439
  !CBB_flush(&body)) {
1567
1440
  return ssl_hs_error;
1568
1441
  }
@@ -1592,7 +1465,6 @@ static enum ssl_hs_wait_t do_send_client_key_exchange(SSL_HANDSHAKE *hs) {
1592
1465
  if (!pms.Init(psk_len)) {
1593
1466
  return ssl_hs_error;
1594
1467
  }
1595
- OPENSSL_memset(pms.data(), 0, pms.size());
1596
1468
  } else {
1597
1469
  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
1598
1470
  OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
@@ -1620,13 +1492,12 @@ static enum ssl_hs_wait_t do_send_client_key_exchange(SSL_HANDSHAKE *hs) {
1620
1492
  return ssl_hs_error;
1621
1493
  }
1622
1494
 
1623
- hs->new_session->secret_length =
1624
- tls1_generate_master_secret(hs, hs->new_session->secret, pms);
1625
- if (hs->new_session->secret_length == 0) {
1495
+ hs->new_session->secret.ResizeForOverwrite(SSL3_MASTER_SECRET_SIZE);
1496
+ if (!tls1_generate_master_secret(hs, Span(hs->new_session->secret), pms)) {
1626
1497
  return ssl_hs_error;
1627
1498
  }
1628
- hs->new_session->extended_master_secret = hs->extended_master_secret;
1629
1499
 
1500
+ hs->new_session->extended_master_secret = hs->extended_master_secret;
1630
1501
  hs->state = state_send_client_certificate_verify;
1631
1502
  return ssl_hs_ok;
1632
1503
  }
@@ -1676,7 +1547,7 @@ static enum ssl_hs_wait_t do_send_client_certificate_verify(SSL_HANDSHAKE *hs) {
1676
1547
  return ssl_hs_private_key_operation;
1677
1548
  }
1678
1549
 
1679
- if (!CBB_did_write(&child, sig_len) ||
1550
+ if (!CBB_did_write(&child, sig_len) || //
1680
1551
  !ssl_add_message_cbb(ssl, cbb.get())) {
1681
1552
  return ssl_hs_error;
1682
1553
  }
@@ -1746,9 +1617,9 @@ static bool can_false_start(const SSL_HANDSHAKE *hs) {
1746
1617
  // TLS 1.2 and TLS 1.3, but there are too many TLS 1.2 deployments to
1747
1618
  // sacrifice False Start on them. Instead, we rely on the ServerHello.random
1748
1619
  // downgrade signal, which we unconditionally enforce.
1749
- if (SSL_is_dtls(ssl) ||
1750
- SSL_version(ssl) != TLS1_2_VERSION ||
1751
- hs->new_cipher->algorithm_mkey != SSL_kECDHE ||
1620
+ if (SSL_is_dtls(ssl) || //
1621
+ SSL_version(ssl) != TLS1_2_VERSION || //
1622
+ hs->new_cipher->algorithm_mkey != SSL_kECDHE || //
1752
1623
  hs->new_cipher->algorithm_mac != SSL_AEAD) {
1753
1624
  return false;
1754
1625
  }
@@ -1861,8 +1732,9 @@ static enum ssl_hs_wait_t do_read_session_ticket(SSL_HANDSHAKE *hs) {
1861
1732
 
1862
1733
  // Historically, OpenSSL filled in fake session IDs for ticket-based sessions.
1863
1734
  // TODO(davidben): Are external callers relying on this? Try removing this.
1864
- SHA256(CBS_data(&ticket), CBS_len(&ticket), hs->new_session->session_id);
1865
- hs->new_session->session_id_length = SHA256_DIGEST_LENGTH;
1735
+ hs->new_session->session_id.ResizeForOverwrite(SHA256_DIGEST_LENGTH);
1736
+ SHA256(CBS_data(&ticket), CBS_len(&ticket),
1737
+ hs->new_session->session_id.data());
1866
1738
 
1867
1739
  ssl->method->next_message(ssl);
1868
1740
  hs->state = state_process_change_cipher_spec;
@@ -1956,9 +1828,6 @@ enum ssl_hs_wait_t ssl_client_handshake(SSL_HANDSHAKE *hs) {
1956
1828
  case state_early_reverify_server_certificate:
1957
1829
  ret = do_early_reverify_server_certificate(hs);
1958
1830
  break;
1959
- case state_read_hello_verify_request:
1960
- ret = do_read_hello_verify_request(hs);
1961
- break;
1962
1831
  case state_read_server_hello:
1963
1832
  ret = do_read_server_hello(hs);
1964
1833
  break;
@@ -2041,8 +1910,6 @@ const char *ssl_client_handshake_state(SSL_HANDSHAKE *hs) {
2041
1910
  return "TLS client enter_early_data";
2042
1911
  case state_early_reverify_server_certificate:
2043
1912
  return "TLS client early_reverify_server_certificate";
2044
- case state_read_hello_verify_request:
2045
- return "TLS client read_hello_verify_request";
2046
1913
  case state_read_server_hello:
2047
1914
  return "TLS client read_server_hello";
2048
1915
  case state_tls13: