grpc 1.69.0 → 1.71.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (1235) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +249 -283
  3. data/include/grpc/event_engine/endpoint_config.h +5 -5
  4. data/include/grpc/event_engine/event_engine.h +44 -5
  5. data/include/grpc/status.h +1 -1
  6. data/include/grpc/support/atm.h +0 -13
  7. data/include/grpc/support/json.h +16 -16
  8. data/src/core/call/request_buffer.cc +224 -0
  9. data/src/core/call/request_buffer.h +192 -0
  10. data/src/core/channelz/channelz.cc +2 -2
  11. data/src/core/channelz/channelz.h +3 -22
  12. data/src/core/channelz/channelz_registry.cc +0 -7
  13. data/src/core/client_channel/client_channel.cc +18 -29
  14. data/src/core/client_channel/client_channel.h +2 -2
  15. data/src/core/client_channel/client_channel_args.h +21 -0
  16. data/src/core/client_channel/client_channel_filter.cc +54 -131
  17. data/src/core/client_channel/client_channel_filter.h +11 -9
  18. data/src/core/client_channel/client_channel_plugin.cc +2 -1
  19. data/src/core/client_channel/client_channel_service_config.cc +1 -1
  20. data/src/core/client_channel/client_channel_service_config.h +5 -5
  21. data/src/core/client_channel/direct_channel.cc +1 -1
  22. data/src/core/client_channel/direct_channel.h +1 -1
  23. data/src/core/client_channel/lb_metadata.cc +7 -8
  24. data/src/core/client_channel/lb_metadata.h +3 -3
  25. data/src/core/client_channel/load_balanced_call_destination.cc +4 -4
  26. data/src/core/client_channel/retry_filter.cc +1 -1
  27. data/src/core/client_channel/retry_filter.h +1 -1
  28. data/src/core/client_channel/retry_filter_legacy_call_data.cc +10 -12
  29. data/src/core/client_channel/retry_filter_legacy_call_data.h +7 -7
  30. data/src/core/client_channel/retry_interceptor.cc +408 -0
  31. data/src/core/client_channel/retry_interceptor.h +157 -0
  32. data/src/core/client_channel/retry_service_config.cc +1 -1
  33. data/src/core/client_channel/retry_service_config.h +16 -3
  34. data/src/core/client_channel/retry_throttle.cc +33 -18
  35. data/src/core/client_channel/retry_throttle.h +3 -3
  36. data/src/core/client_channel/subchannel.cc +43 -76
  37. data/src/core/client_channel/subchannel.h +4 -4
  38. data/src/core/client_channel/subchannel_stream_client.cc +0 -1
  39. data/src/core/client_channel/subchannel_stream_client.h +3 -3
  40. data/src/core/config/config_vars.cc +1 -0
  41. data/src/core/config/config_vars.h +1 -0
  42. data/src/core/config/load_config.cc +3 -2
  43. data/src/core/config/load_config.h +1 -1
  44. data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +4 -11
  45. data/src/core/ext/filters/backend_metrics/backend_metric_filter.h +7 -7
  46. data/src/core/ext/filters/channel_idle/legacy_channel_idle_filter.cc +1 -1
  47. data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +8 -15
  48. data/src/core/ext/filters/fault_injection/fault_injection_filter.h +6 -6
  49. data/src/core/ext/filters/fault_injection/fault_injection_service_config_parser.cc +1 -1
  50. data/src/core/ext/filters/gcp_authentication/gcp_authentication_filter.cc +0 -7
  51. data/src/core/ext/filters/gcp_authentication/gcp_authentication_filter.h +6 -6
  52. data/src/core/ext/filters/gcp_authentication/gcp_authentication_service_config_parser.cc +1 -1
  53. data/src/core/ext/filters/gcp_authentication/gcp_authentication_service_config_parser.h +1 -1
  54. data/src/core/ext/filters/http/client/http_client_filter.cc +1 -6
  55. data/src/core/ext/filters/http/client/http_client_filter.h +4 -4
  56. data/src/core/ext/filters/http/client_authority_filter.cc +6 -11
  57. data/src/core/ext/filters/http/client_authority_filter.h +6 -6
  58. data/src/core/ext/filters/http/message_compress/compression_filter.cc +18 -22
  59. data/src/core/ext/filters/http/message_compress/compression_filter.h +18 -13
  60. data/src/core/ext/filters/http/server/http_server_filter.cc +3 -8
  61. data/src/core/ext/filters/http/server/http_server_filter.h +4 -4
  62. data/src/core/ext/filters/message_size/message_size_filter.cc +13 -25
  63. data/src/core/ext/filters/message_size/message_size_filter.h +20 -21
  64. data/src/core/ext/filters/rbac/rbac_filter.cc +0 -7
  65. data/src/core/ext/filters/rbac/rbac_filter.h +6 -6
  66. data/src/core/ext/filters/rbac/rbac_service_config_parser.cc +3 -3
  67. data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +1 -6
  68. data/src/core/ext/filters/stateful_session/stateful_session_filter.h +4 -4
  69. data/src/core/ext/filters/stateful_session/stateful_session_service_config_parser.cc +1 -1
  70. data/src/core/ext/filters/stateful_session/stateful_session_service_config_parser.h +2 -2
  71. data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +1 -2
  72. data/src/core/ext/transport/chttp2/client/chttp2_connector.h +4 -3
  73. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +612 -100
  74. data/src/core/ext/transport/chttp2/server/chttp2_server.h +189 -13
  75. data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +1 -1
  76. data/src/core/ext/transport/chttp2/transport/call_tracer_wrapper.cc +2 -2
  77. data/src/core/ext/transport/chttp2/transport/call_tracer_wrapper.h +4 -4
  78. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +85 -59
  79. data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +7 -7
  80. data/src/core/ext/transport/chttp2/transport/flow_control.cc +1 -1
  81. data/src/core/ext/transport/chttp2/transport/flow_control.h +3 -3
  82. data/src/core/ext/transport/chttp2/transport/frame.cc +2 -2
  83. data/src/core/ext/transport/chttp2/transport/frame.h +5 -5
  84. data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +8 -8
  85. data/src/core/ext/transport/chttp2/transport/frame_security.cc +1 -3
  86. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +5 -5
  87. data/src/core/ext/transport/chttp2/transport/hpack_parse_result.h +2 -2
  88. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +32 -31
  89. data/src/core/ext/transport/chttp2/transport/hpack_parser.h +6 -7
  90. data/src/core/ext/transport/chttp2/transport/http2_settings.cc +3 -3
  91. data/src/core/ext/transport/chttp2/transport/http2_settings.h +2 -2
  92. data/src/core/ext/transport/chttp2/transport/internal.h +19 -8
  93. data/src/core/ext/transport/chttp2/transport/parsing.cc +14 -14
  94. data/src/core/ext/transport/chttp2/transport/ping_abuse_policy.cc +1 -1
  95. data/src/core/ext/transport/chttp2/transport/ping_callbacks.cc +2 -2
  96. data/src/core/ext/transport/chttp2/transport/ping_callbacks.h +2 -2
  97. data/src/core/ext/transport/chttp2/transport/ping_rate_policy.cc +2 -2
  98. data/src/core/ext/transport/chttp2/transport/ping_rate_policy.h +2 -2
  99. data/src/core/ext/transport/chttp2/transport/stream_lists.cc +1 -0
  100. data/src/core/ext/transport/chttp2/transport/varint.cc +4 -4
  101. data/src/core/ext/transport/chttp2/transport/writing.cc +16 -22
  102. data/src/core/ext/transport/inproc/inproc_transport.cc +1 -3
  103. data/src/core/ext/transport/inproc/legacy_inproc_transport.cc +15 -10
  104. data/src/core/ext/upb-gen/envoy/admin/v3/config_dump_shared.upb.h +3 -1
  105. data/src/core/ext/upb-gen/envoy/admin/v3/server_info.upb.h +16 -0
  106. data/src/core/ext/upb-gen/envoy/admin/v3/server_info.upb_minitable.c +3 -2
  107. data/src/core/ext/upb-gen/envoy/config/cluster/v3/cluster.upb.h +66 -36
  108. data/src/core/ext/upb-gen/envoy/config/cluster/v3/cluster.upb_minitable.c +19 -17
  109. data/src/core/ext/upb-gen/envoy/config/core/v3/base.upb.h +116 -0
  110. data/src/core/ext/upb-gen/envoy/config/core/v3/base.upb_minitable.c +31 -5
  111. data/src/core/ext/upb-gen/envoy/config/core/v3/base.upb_minitable.h +2 -0
  112. data/src/core/ext/upb-gen/envoy/config/core/v3/protocol.upb.h +97 -6
  113. data/src/core/ext/upb-gen/envoy/config/core/v3/protocol.upb_minitable.c +17 -11
  114. data/src/core/ext/upb-gen/envoy/config/core/v3/socket_cmsg_headers.upb.h +151 -0
  115. data/src/core/ext/upb-gen/envoy/config/core/v3/socket_cmsg_headers.upb_minitable.c +60 -0
  116. data/src/core/ext/upb-gen/envoy/config/core/v3/socket_cmsg_headers.upb_minitable.h +32 -0
  117. data/src/core/ext/upb-gen/envoy/config/core/v3/socket_option.upb.h +228 -21
  118. data/src/core/ext/upb-gen/envoy/config/core/v3/socket_option.upb_minitable.c +65 -17
  119. data/src/core/ext/upb-gen/envoy/config/core/v3/socket_option.upb_minitable.h +6 -0
  120. data/src/core/ext/upb-gen/envoy/config/listener/v3/listener_components.upb.h +7 -106
  121. data/src/core/ext/upb-gen/envoy/config/listener/v3/listener_components.upb_minitable.c +7 -28
  122. data/src/core/ext/upb-gen/envoy/config/listener/v3/listener_components.upb_minitable.h +0 -2
  123. data/src/core/ext/upb-gen/envoy/config/listener/v3/quic_config.upb.h +85 -0
  124. data/src/core/ext/upb-gen/envoy/config/listener/v3/quic_config.upb_minitable.c +25 -3
  125. data/src/core/ext/upb-gen/envoy/config/overload/v3/overload.upb.h +2 -1
  126. data/src/core/ext/upb-gen/envoy/config/rbac/v3/rbac.upb.h +152 -0
  127. data/src/core/ext/upb-gen/envoy/config/rbac/v3/rbac.upb_minitable.c +40 -10
  128. data/src/core/ext/upb-gen/envoy/config/rbac/v3/rbac.upb_minitable.h +2 -0
  129. data/src/core/ext/upb-gen/envoy/config/route/v3/route_components.upb.h +253 -4
  130. data/src/core/ext/upb-gen/envoy/config/route/v3/route_components.upb_minitable.c +70 -13
  131. data/src/core/ext/upb-gen/envoy/config/route/v3/route_components.upb_minitable.h +4 -0
  132. data/src/core/ext/upb-gen/envoy/config/trace/v3/trace.upb.h +0 -2
  133. data/src/core/ext/upb-gen/envoy/config/trace/v3/trace.upb_minitable.c +0 -1
  134. data/src/core/ext/upb-gen/envoy/config/trace/v3/trace.upb_minitable.h +0 -1
  135. data/src/core/ext/upb-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +16 -0
  136. data/src/core/ext/upb-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb_minitable.c +3 -2
  137. data/src/core/ext/upb-gen/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.h +60 -0
  138. data/src/core/ext/upb-gen/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb_minitable.c +13 -2
  139. data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/http_11_proxy/v3/upstream_http_11_connect.upb.h +0 -1
  140. data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/http_11_proxy/v3/upstream_http_11_connect.upb_minitable.c +0 -1
  141. data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +102 -24
  142. data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/tls.upb_minitable.c +28 -19
  143. data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.upb.h +37 -7
  144. data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.upb_minitable.c +7 -5
  145. data/src/core/ext/upb-gen/envoy/service/discovery/v3/discovery.upb.h +251 -18
  146. data/src/core/ext/upb-gen/envoy/service/discovery/v3/discovery.upb_minitable.c +41 -16
  147. data/src/core/ext/upb-gen/envoy/service/discovery/v3/discovery.upb_minitable.h +2 -0
  148. data/src/core/ext/upb-gen/envoy/service/status/v3/csds.upb.h +2 -1
  149. data/src/core/ext/upb-gen/envoy/type/matcher/v3/address.upb.h +142 -0
  150. data/src/core/ext/upb-gen/envoy/type/matcher/v3/address.upb_minitable.c +55 -0
  151. data/src/core/ext/upb-gen/envoy/type/matcher/v3/address.upb_minitable.h +32 -0
  152. data/src/core/ext/upb-gen/envoy/type/matcher/v3/filter_state.upb.h +33 -0
  153. data/src/core/ext/upb-gen/envoy/type/matcher/v3/filter_state.upb_minitable.c +7 -4
  154. data/src/core/ext/upbdefs-gen/envoy/admin/v3/config_dump_shared.upbdefs.c +11 -10
  155. data/src/core/ext/upbdefs-gen/envoy/admin/v3/server_info.upbdefs.c +6 -4
  156. data/src/core/ext/upbdefs-gen/envoy/config/cluster/v3/cluster.upbdefs.c +418 -413
  157. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/base.upbdefs.c +161 -153
  158. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/base.upbdefs.h +5 -0
  159. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/protocol.upbdefs.c +270 -261
  160. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/socket_cmsg_headers.upbdefs.c +46 -0
  161. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/socket_cmsg_headers.upbdefs.h +33 -0
  162. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/socket_option.upbdefs.c +29 -19
  163. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/socket_option.upbdefs.h +15 -0
  164. data/src/core/ext/upbdefs-gen/envoy/config/listener/v3/listener_components.upbdefs.c +58 -65
  165. data/src/core/ext/upbdefs-gen/envoy/config/listener/v3/listener_components.upbdefs.h +0 -5
  166. data/src/core/ext/upbdefs-gen/envoy/config/listener/v3/quic_config.upbdefs.c +73 -63
  167. data/src/core/ext/upbdefs-gen/envoy/config/overload/v3/overload.upbdefs.c +49 -48
  168. data/src/core/ext/upbdefs-gen/envoy/config/rbac/v3/rbac.upbdefs.c +117 -100
  169. data/src/core/ext/upbdefs-gen/envoy/config/rbac/v3/rbac.upbdefs.h +5 -0
  170. data/src/core/ext/upbdefs-gen/envoy/config/route/v3/route_components.upbdefs.c +917 -898
  171. data/src/core/ext/upbdefs-gen/envoy/config/route/v3/route_components.upbdefs.h +10 -0
  172. data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/trace.upbdefs.c +15 -18
  173. data/src/core/ext/upbdefs-gen/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.c +33 -33
  174. data/src/core/ext/upbdefs-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +460 -457
  175. data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/http_11_proxy/v3/upstream_http_11_connect.upbdefs.c +16 -19
  176. data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +95 -95
  177. data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +202 -191
  178. data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.upbdefs.c +19 -17
  179. data/src/core/ext/upbdefs-gen/envoy/service/discovery/v3/discovery.upbdefs.c +148 -135
  180. data/src/core/ext/upbdefs-gen/envoy/service/discovery/v3/discovery.upbdefs.h +5 -0
  181. data/src/core/ext/upbdefs-gen/envoy/service/status/v3/csds.upbdefs.c +23 -22
  182. data/src/core/ext/upbdefs-gen/envoy/type/matcher/v3/address.upbdefs.c +41 -0
  183. data/src/core/ext/upbdefs-gen/envoy/type/matcher/v3/address.upbdefs.h +33 -0
  184. data/src/core/ext/upbdefs-gen/envoy/type/matcher/v3/filter_state.upbdefs.c +26 -19
  185. data/src/core/filter/blackboard.cc +2 -2
  186. data/src/core/filter/filter_args.h +112 -0
  187. data/src/core/handshaker/handshaker.cc +0 -3
  188. data/src/core/handshaker/http_connect/http_connect_handshaker.cc +4 -6
  189. data/src/core/handshaker/http_connect/http_proxy_mapper.cc +31 -32
  190. data/src/core/handshaker/http_connect/http_proxy_mapper.h +4 -4
  191. data/src/core/handshaker/http_connect/xds_http_proxy_mapper.cc +5 -5
  192. data/src/core/handshaker/http_connect/xds_http_proxy_mapper.h +5 -5
  193. data/src/core/handshaker/proxy_mapper.h +4 -4
  194. data/src/core/handshaker/proxy_mapper_registry.cc +5 -6
  195. data/src/core/handshaker/proxy_mapper_registry.h +4 -4
  196. data/src/core/handshaker/security/secure_endpoint.cc +2 -2
  197. data/src/core/handshaker/security/security_handshaker.cc +3 -5
  198. data/src/core/handshaker/tcp_connect/tcp_connect_handshaker.cc +6 -4
  199. data/src/core/lib/channel/channel_args.cc +13 -13
  200. data/src/core/lib/channel/channel_args.h +8 -8
  201. data/src/core/lib/channel/connected_channel.cc +1 -1
  202. data/src/core/lib/channel/promise_based_filter.cc +9 -9
  203. data/src/core/lib/channel/promise_based_filter.h +84 -159
  204. data/src/core/lib/compression/compression.cc +3 -2
  205. data/src/core/lib/compression/compression_internal.cc +9 -9
  206. data/src/core/lib/compression/compression_internal.h +3 -3
  207. data/src/core/lib/debug/trace_flags.cc +5 -2
  208. data/src/core/lib/debug/trace_flags.h +2 -1
  209. data/src/core/lib/event_engine/ares_resolver.cc +9 -11
  210. data/src/core/lib/event_engine/ares_resolver.h +6 -10
  211. data/src/core/lib/event_engine/cf_engine/cf_engine.cc +2 -4
  212. data/src/core/lib/event_engine/cf_engine/cf_engine.h +2 -4
  213. data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.cc +6 -7
  214. data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.h +2 -4
  215. data/src/core/lib/event_engine/cf_engine/cftype_unique_ref.h +2 -4
  216. data/src/core/lib/event_engine/cf_engine/dns_service_resolver.cc +3 -7
  217. data/src/core/lib/event_engine/cf_engine/dns_service_resolver.h +2 -4
  218. data/src/core/lib/event_engine/channel_args_endpoint_config.cc +5 -7
  219. data/src/core/lib/event_engine/channel_args_endpoint_config.h +6 -7
  220. data/src/core/lib/event_engine/common_closures.h +2 -4
  221. data/src/core/lib/event_engine/default_event_engine.cc +62 -33
  222. data/src/core/lib/event_engine/default_event_engine.h +24 -33
  223. data/src/core/lib/event_engine/default_event_engine_factory.cc +6 -12
  224. data/src/core/lib/event_engine/default_event_engine_factory.h +2 -4
  225. data/src/core/lib/event_engine/event_engine.cc +2 -4
  226. data/src/core/lib/event_engine/extensions/can_track_errors.h +2 -4
  227. data/src/core/lib/event_engine/extensions/chaotic_good_extension.h +2 -4
  228. data/src/core/lib/event_engine/extensions/supports_fd.h +2 -4
  229. data/src/core/lib/event_engine/extensions/tcp_trace.h +2 -4
  230. data/src/core/lib/event_engine/forkable.cc +2 -4
  231. data/src/core/lib/event_engine/forkable.h +2 -4
  232. data/src/core/lib/event_engine/grpc_polled_fd.h +2 -4
  233. data/src/core/lib/event_engine/handle_containers.h +2 -4
  234. data/src/core/lib/event_engine/memory_allocator_factory.h +2 -4
  235. data/src/core/lib/event_engine/poller.h +2 -4
  236. data/src/core/lib/event_engine/posix.h +2 -4
  237. data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.cc +4 -50
  238. data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.h +2 -4
  239. data/src/core/lib/event_engine/posix_engine/ev_poll_posix.cc +4 -51
  240. data/src/core/lib/event_engine/posix_engine/ev_poll_posix.h +2 -4
  241. data/src/core/lib/event_engine/posix_engine/event_poller.h +2 -4
  242. data/src/core/lib/event_engine/posix_engine/event_poller_posix_default.cc +2 -4
  243. data/src/core/lib/event_engine/posix_engine/event_poller_posix_default.h +2 -4
  244. data/src/core/lib/event_engine/posix_engine/grpc_polled_fd_posix.h +2 -4
  245. data/src/core/lib/event_engine/posix_engine/internal_errqueue.cc +2 -4
  246. data/src/core/lib/event_engine/posix_engine/internal_errqueue.h +2 -4
  247. data/src/core/lib/event_engine/posix_engine/lockfree_event.cc +2 -4
  248. data/src/core/lib/event_engine/posix_engine/lockfree_event.h +2 -4
  249. data/src/core/lib/event_engine/posix_engine/native_posix_dns_resolver.cc +2 -4
  250. data/src/core/lib/event_engine/posix_engine/native_posix_dns_resolver.h +2 -4
  251. data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +20 -10
  252. data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +2 -4
  253. data/src/core/lib/event_engine/posix_engine/posix_engine.cc +9 -6
  254. data/src/core/lib/event_engine/posix_engine/posix_engine.h +2 -6
  255. data/src/core/lib/event_engine/posix_engine/posix_engine_closure.h +2 -4
  256. data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +3 -5
  257. data/src/core/lib/event_engine/posix_engine/posix_engine_listener.h +2 -4
  258. data/src/core/lib/event_engine/posix_engine/posix_engine_listener_utils.cc +2 -4
  259. data/src/core/lib/event_engine/posix_engine/posix_engine_listener_utils.h +2 -4
  260. data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +5 -6
  261. data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +2 -4
  262. data/src/core/lib/event_engine/posix_engine/timer.cc +4 -6
  263. data/src/core/lib/event_engine/posix_engine/timer.h +4 -6
  264. data/src/core/lib/event_engine/posix_engine/timer_heap.cc +2 -4
  265. data/src/core/lib/event_engine/posix_engine/timer_heap.h +2 -4
  266. data/src/core/lib/event_engine/posix_engine/timer_manager.cc +5 -7
  267. data/src/core/lib/event_engine/posix_engine/timer_manager.h +4 -6
  268. data/src/core/lib/event_engine/posix_engine/traced_buffer_list.cc +4 -8
  269. data/src/core/lib/event_engine/posix_engine/traced_buffer_list.h +24 -25
  270. data/src/core/lib/event_engine/posix_engine/wakeup_fd_eventfd.cc +2 -4
  271. data/src/core/lib/event_engine/posix_engine/wakeup_fd_eventfd.h +2 -4
  272. data/src/core/lib/event_engine/posix_engine/wakeup_fd_pipe.cc +2 -4
  273. data/src/core/lib/event_engine/posix_engine/wakeup_fd_pipe.h +2 -4
  274. data/src/core/lib/event_engine/posix_engine/wakeup_fd_posix.h +2 -4
  275. data/src/core/lib/event_engine/posix_engine/wakeup_fd_posix_default.cc +2 -4
  276. data/src/core/lib/event_engine/posix_engine/wakeup_fd_posix_default.h +2 -4
  277. data/src/core/lib/event_engine/query_extensions.h +2 -4
  278. data/src/core/lib/event_engine/ref_counted_dns_resolver_interface.h +2 -4
  279. data/src/core/lib/event_engine/resolved_address.cc +2 -4
  280. data/src/core/lib/event_engine/resolved_address_internal.h +2 -4
  281. data/src/core/lib/event_engine/shim.cc +2 -4
  282. data/src/core/lib/event_engine/shim.h +2 -4
  283. data/src/core/lib/event_engine/slice.cc +2 -4
  284. data/src/core/lib/event_engine/slice_buffer.cc +2 -4
  285. data/src/core/lib/event_engine/tcp_socket_utils.cc +6 -8
  286. data/src/core/lib/event_engine/tcp_socket_utils.h +5 -7
  287. data/src/core/lib/event_engine/thread_local.cc +2 -4
  288. data/src/core/lib/event_engine/thread_local.h +2 -4
  289. data/src/core/lib/event_engine/thread_pool/thread_count.cc +2 -4
  290. data/src/core/lib/event_engine/thread_pool/thread_count.h +4 -18
  291. data/src/core/lib/event_engine/thread_pool/thread_pool.h +2 -4
  292. data/src/core/lib/event_engine/thread_pool/thread_pool_factory.cc +2 -4
  293. data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.cc +3 -5
  294. data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.h +2 -4
  295. data/src/core/lib/event_engine/thready_event_engine/thready_event_engine.cc +2 -4
  296. data/src/core/lib/event_engine/thready_event_engine/thready_event_engine.h +2 -4
  297. data/src/core/lib/event_engine/time_util.cc +2 -4
  298. data/src/core/lib/event_engine/time_util.h +2 -4
  299. data/src/core/lib/event_engine/utils.cc +2 -4
  300. data/src/core/lib/event_engine/utils.h +2 -4
  301. data/src/core/lib/event_engine/windows/grpc_polled_fd_windows.cc +2 -4
  302. data/src/core/lib/event_engine/windows/grpc_polled_fd_windows.h +2 -4
  303. data/src/core/lib/event_engine/windows/iocp.cc +2 -4
  304. data/src/core/lib/event_engine/windows/iocp.h +2 -4
  305. data/src/core/lib/event_engine/windows/native_windows_dns_resolver.cc +2 -4
  306. data/src/core/lib/event_engine/windows/native_windows_dns_resolver.h +2 -4
  307. data/src/core/lib/event_engine/windows/win_socket.cc +2 -4
  308. data/src/core/lib/event_engine/windows/win_socket.h +2 -4
  309. data/src/core/lib/event_engine/windows/windows_endpoint.cc +2 -4
  310. data/src/core/lib/event_engine/windows/windows_endpoint.h +4 -6
  311. data/src/core/lib/event_engine/windows/windows_engine.cc +3 -4
  312. data/src/core/lib/event_engine/windows/windows_engine.h +2 -4
  313. data/src/core/lib/event_engine/windows/windows_listener.cc +2 -4
  314. data/src/core/lib/event_engine/windows/windows_listener.h +2 -4
  315. data/src/core/lib/event_engine/work_queue/basic_work_queue.cc +2 -4
  316. data/src/core/lib/event_engine/work_queue/basic_work_queue.h +2 -4
  317. data/src/core/lib/event_engine/work_queue/work_queue.h +2 -4
  318. data/src/core/lib/experiments/experiments.cc +147 -207
  319. data/src/core/lib/experiments/experiments.h +79 -96
  320. data/src/core/lib/iomgr/buffer_list.h +22 -21
  321. data/src/core/lib/iomgr/cfstream_handle.cc +0 -2
  322. data/src/core/lib/iomgr/closure.h +1 -4
  323. data/src/core/lib/iomgr/combiner.cc +0 -1
  324. data/src/core/lib/iomgr/error.cc +2 -2
  325. data/src/core/lib/iomgr/event_engine_shims/closure.cc +0 -1
  326. data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +1 -3
  327. data/src/core/lib/iomgr/event_engine_shims/tcp_client.cc +0 -1
  328. data/src/core/lib/iomgr/exec_ctx.cc +1 -7
  329. data/src/core/lib/iomgr/exec_ctx.h +1 -132
  330. data/src/core/lib/iomgr/executor.cc +0 -11
  331. data/src/core/lib/iomgr/resolve_address_posix.cc +0 -2
  332. data/src/core/lib/iomgr/resolve_address_windows.cc +0 -2
  333. data/src/core/lib/iomgr/socket_utils_posix.cc +3 -2
  334. data/src/core/lib/iomgr/tcp_posix.cc +3 -2
  335. data/src/core/lib/iomgr/tcp_server_posix.cc +1 -3
  336. data/src/core/lib/iomgr/tcp_server_windows.cc +0 -1
  337. data/src/core/lib/iomgr/timer_manager.cc +1 -9
  338. data/src/core/lib/promise/activity.cc +2 -0
  339. data/src/core/lib/promise/activity.h +33 -12
  340. data/src/core/lib/promise/detail/join_state.h +16 -68
  341. data/src/core/lib/promise/detail/promise_factory.h +85 -25
  342. data/src/core/lib/promise/detail/promise_like.h +16 -19
  343. data/src/core/lib/promise/detail/seq_state.h +102 -315
  344. data/src/core/lib/promise/for_each.h +14 -5
  345. data/src/core/lib/promise/if.h +48 -20
  346. data/src/core/lib/promise/interceptor_list.h +9 -9
  347. data/src/core/lib/promise/latch.h +14 -6
  348. data/src/core/lib/promise/loop.h +58 -18
  349. data/src/core/lib/promise/map.h +145 -49
  350. data/src/core/lib/promise/party.cc +84 -15
  351. data/src/core/lib/promise/party.h +229 -32
  352. data/src/core/lib/promise/pipe.h +12 -12
  353. data/src/core/lib/promise/poll.h +8 -5
  354. data/src/core/lib/promise/prioritized_race.h +16 -22
  355. data/src/core/lib/promise/promise.h +2 -3
  356. data/src/core/lib/promise/race.h +4 -12
  357. data/src/core/lib/promise/seq.h +41 -6
  358. data/src/core/lib/promise/sleep.cc +3 -3
  359. data/src/core/lib/promise/sleep.h +15 -1
  360. data/src/core/lib/promise/status_flag.h +19 -3
  361. data/src/core/lib/promise/try_join.h +119 -5
  362. data/src/core/lib/promise/try_seq.h +39 -12
  363. data/src/core/lib/resource_quota/arena.h +87 -0
  364. data/src/core/lib/resource_quota/connection_quota.h +4 -0
  365. data/src/core/lib/resource_quota/memory_quota.cc +53 -49
  366. data/src/core/lib/resource_quota/memory_quota.h +4 -4
  367. data/src/core/lib/security/authorization/evaluate_args.cc +3 -3
  368. data/src/core/lib/security/authorization/evaluate_args.h +3 -3
  369. data/src/core/lib/security/authorization/grpc_server_authz_filter.cc +0 -7
  370. data/src/core/lib/security/authorization/grpc_server_authz_filter.h +6 -6
  371. data/src/core/lib/security/authorization/matchers.h +3 -3
  372. data/src/core/lib/security/authorization/rbac_policy.cc +1 -1
  373. data/src/core/lib/security/authorization/rbac_policy.h +3 -3
  374. data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +1 -2
  375. data/src/core/lib/security/credentials/external/external_account_credentials.cc +1 -3
  376. data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +0 -1
  377. data/src/core/lib/security/credentials/google_default/credentials_generic.cc +1 -1
  378. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +2 -2
  379. data/src/core/lib/security/credentials/iam/iam_credentials.cc +1 -1
  380. data/src/core/lib/security/credentials/iam/iam_credentials.h +2 -2
  381. data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +1 -2
  382. data/src/core/lib/security/credentials/jwt/jwt_credentials.h +2 -2
  383. data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +0 -1
  384. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +4 -4
  385. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +3 -3
  386. data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +0 -1
  387. data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +2 -2
  388. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +12 -13
  389. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +14 -14
  390. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +23 -15
  391. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +3 -3
  392. data/src/core/lib/security/credentials/tls/grpc_tls_crl_provider.cc +0 -1
  393. data/src/core/lib/security/credentials/tls/grpc_tls_crl_provider.h +1 -2
  394. data/src/core/lib/security/credentials/tls/tls_credentials.cc +2 -2
  395. data/src/core/lib/security/credentials/token_fetcher/token_fetcher_credentials.cc +4 -5
  396. data/src/core/lib/security/credentials/token_fetcher/token_fetcher_credentials.h +4 -4
  397. data/src/core/lib/security/credentials/xds/xds_credentials.cc +2 -1
  398. data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +1 -1
  399. data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +3 -3
  400. data/src/core/lib/security/security_connector/local/local_security_connector.cc +1 -1
  401. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +9 -9
  402. data/src/core/lib/security/security_connector/tls/tls_security_connector.h +13 -13
  403. data/src/core/lib/security/transport/auth_filters.h +95 -7
  404. data/src/core/lib/security/transport/client_auth_filter.cc +96 -6
  405. data/src/core/lib/security/transport/server_auth_filter.cc +0 -8
  406. data/src/core/lib/slice/slice_buffer.cc +2 -2
  407. data/src/core/lib/slice/slice_buffer.h +2 -2
  408. data/src/core/lib/surface/call.cc +0 -4
  409. data/src/core/lib/surface/call.h +4 -3
  410. data/src/core/lib/surface/call_utils.cc +2 -2
  411. data/src/core/lib/surface/call_utils.h +10 -4
  412. data/src/core/lib/surface/channel.cc +6 -14
  413. data/src/core/lib/surface/channel.h +3 -3
  414. data/src/core/lib/surface/channel_init.cc +1 -1
  415. data/src/core/lib/surface/client_call.cc +56 -41
  416. data/src/core/lib/surface/client_call.h +7 -2
  417. data/src/core/lib/surface/completion_queue.cc +10 -49
  418. data/src/core/lib/surface/event_string.cc +7 -1
  419. data/src/core/lib/surface/filter_stack_call.cc +2 -4
  420. data/src/core/lib/surface/filter_stack_call.h +1 -1
  421. data/src/core/lib/surface/init.cc +17 -12
  422. data/src/core/lib/surface/init_internally.h +13 -2
  423. data/src/core/lib/surface/legacy_channel.cc +10 -8
  424. data/src/core/lib/surface/legacy_channel.h +2 -2
  425. data/src/core/lib/surface/server_call.cc +116 -84
  426. data/src/core/lib/surface/server_call.h +2 -0
  427. data/src/core/lib/surface/version.cc +2 -2
  428. data/src/core/lib/transport/call_filters.cc +10 -4
  429. data/src/core/lib/transport/call_filters.h +108 -59
  430. data/src/core/lib/transport/call_spine.cc +12 -49
  431. data/src/core/lib/transport/call_spine.h +174 -7
  432. data/src/core/lib/transport/call_state.h +140 -47
  433. data/src/core/lib/transport/connectivity_state.cc +8 -9
  434. data/src/core/lib/transport/connectivity_state.h +2 -4
  435. data/src/core/lib/transport/http2_errors.h +5 -3
  436. data/src/core/lib/transport/interception_chain.cc +8 -0
  437. data/src/core/lib/transport/interception_chain.h +36 -7
  438. data/src/core/lib/transport/metadata.h +88 -0
  439. data/src/core/lib/transport/metadata_batch.cc +2 -2
  440. data/src/core/lib/transport/metadata_batch.h +79 -18
  441. data/src/core/lib/transport/timeout_encoding.cc +15 -15
  442. data/src/core/lib/transport/timeout_encoding.h +3 -2
  443. data/src/core/lib/transport/transport.cc +0 -1
  444. data/src/core/lib/transport/transport.h +12 -7
  445. data/src/core/load_balancing/backend_metric_parser.cc +21 -28
  446. data/src/core/load_balancing/endpoint_list.cc +11 -1
  447. data/src/core/load_balancing/endpoint_list.h +20 -13
  448. data/src/core/load_balancing/grpclb/client_load_reporting_filter.cc +1 -6
  449. data/src/core/load_balancing/grpclb/client_load_reporting_filter.h +4 -4
  450. data/src/core/load_balancing/grpclb/grpclb.cc +21 -38
  451. data/src/core/load_balancing/health_check_client.cc +16 -48
  452. data/src/core/load_balancing/health_check_client_internal.h +7 -7
  453. data/src/core/load_balancing/lb_policy.cc +4 -6
  454. data/src/core/load_balancing/lb_policy.h +4 -12
  455. data/src/core/load_balancing/lb_policy_registry.cc +10 -8
  456. data/src/core/load_balancing/outlier_detection/outlier_detection.cc +57 -68
  457. data/src/core/load_balancing/outlier_detection/outlier_detection.h +4 -3
  458. data/src/core/load_balancing/pick_first/pick_first.cc +110 -77
  459. data/src/core/load_balancing/priority/priority.cc +8 -13
  460. data/src/core/load_balancing/ring_hash/ring_hash.cc +210 -158
  461. data/src/core/load_balancing/ring_hash/ring_hash.h +4 -11
  462. data/src/core/load_balancing/rls/rls.cc +105 -194
  463. data/src/core/load_balancing/rls/rls.h +97 -1
  464. data/src/core/load_balancing/round_robin/round_robin.cc +14 -19
  465. data/src/core/load_balancing/weighted_round_robin/static_stride_scheduler.cc +4 -4
  466. data/src/core/load_balancing/weighted_round_robin/static_stride_scheduler.h +2 -2
  467. data/src/core/load_balancing/weighted_round_robin/weighted_round_robin.cc +20 -29
  468. data/src/core/load_balancing/weighted_target/weighted_target.cc +7 -15
  469. data/src/core/load_balancing/xds/cds.cc +11 -15
  470. data/src/core/load_balancing/xds/xds_cluster_impl.cc +15 -18
  471. data/src/core/load_balancing/xds/xds_cluster_manager.cc +10 -18
  472. data/src/core/load_balancing/xds/xds_override_host.cc +45 -92
  473. data/src/core/load_balancing/xds/xds_wrr_locality.cc +10 -12
  474. data/src/core/resolver/dns/c_ares/dns_resolver_ares.cc +11 -11
  475. data/src/core/resolver/dns/event_engine/event_engine_client_channel_resolver.cc +10 -15
  476. data/src/core/resolver/dns/native/dns_resolver.cc +1 -1
  477. data/src/core/resolver/fake/fake_resolver.cc +10 -11
  478. data/src/core/resolver/fake/fake_resolver.h +2 -2
  479. data/src/core/resolver/google_c2p/google_c2p_resolver.cc +9 -12
  480. data/src/core/resolver/polling_resolver.cc +2 -5
  481. data/src/core/resolver/polling_resolver.h +3 -3
  482. data/src/core/resolver/resolver_registry.cc +4 -3
  483. data/src/core/resolver/xds/xds_config.cc +6 -6
  484. data/src/core/resolver/xds/xds_config.h +2 -2
  485. data/src/core/resolver/xds/xds_dependency_manager.cc +190 -183
  486. data/src/core/resolver/xds/xds_dependency_manager.h +28 -18
  487. data/src/core/resolver/xds/xds_resolver.cc +81 -122
  488. data/src/core/server/server.cc +353 -95
  489. data/src/core/server/server.h +214 -65
  490. data/src/core/server/server_call_tracer_filter.cc +3 -7
  491. data/src/core/server/server_config_selector_filter.cc +8 -15
  492. data/src/core/server/xds_server_config_fetcher.cc +93 -159
  493. data/src/core/service_config/service_config_channel_arg_filter.cc +7 -19
  494. data/src/core/service_config/service_config_impl.cc +3 -3
  495. data/src/core/telemetry/call_tracer.cc +8 -8
  496. data/src/core/telemetry/call_tracer.h +6 -5
  497. data/src/core/telemetry/metrics.cc +3 -3
  498. data/src/core/telemetry/metrics.h +2 -8
  499. data/src/core/telemetry/tcp_tracer.h +32 -32
  500. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +3 -3
  501. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +14 -14
  502. data/src/core/tsi/fake_transport_security.cc +5 -0
  503. data/src/core/util/backoff.cc +15 -4
  504. data/src/core/util/dump_args.h +1 -9
  505. data/src/core/util/env.h +3 -4
  506. data/src/core/util/examine_stack.cc +2 -2
  507. data/src/core/util/examine_stack.h +3 -4
  508. data/src/core/util/gpr_time.cc +0 -2
  509. data/src/core/util/http_client/httpcli.cc +69 -22
  510. data/src/core/util/http_client/httpcli.h +18 -8
  511. data/src/core/util/http_client/httpcli_security_connector.cc +2 -2
  512. data/src/core/util/json/json_channel_args.h +2 -1
  513. data/src/core/util/json/json_object_loader.cc +4 -4
  514. data/src/core/util/json/json_object_loader.h +12 -12
  515. data/src/core/util/json/json_reader.cc +4 -4
  516. data/src/core/util/json/json_writer.cc +3 -3
  517. data/src/core/util/latent_see.cc +3 -3
  518. data/src/core/util/latent_see.h +2 -2
  519. data/src/core/util/linux/env.cc +3 -4
  520. data/src/core/util/lru_cache.h +4 -4
  521. data/src/core/util/match.h +7 -7
  522. data/src/core/util/matchers.cc +1 -2
  523. data/src/core/util/matchers.h +7 -12
  524. data/src/core/util/posix/env.cc +2 -2
  525. data/src/core/util/posix/sync.cc +0 -1
  526. data/src/core/util/posix/time.cc +0 -1
  527. data/src/core/util/ref_counted.h +1 -0
  528. data/src/core/util/ref_counted_ptr.h +1 -1
  529. data/src/core/util/ring_buffer.h +4 -5
  530. data/src/core/util/status_helper.cc +16 -20
  531. data/src/core/util/status_helper.h +5 -5
  532. data/src/core/util/sync_abseil.cc +0 -1
  533. data/src/core/util/table.h +6 -21
  534. data/src/core/util/time.cc +1 -1
  535. data/src/core/util/time.h +3 -3
  536. data/src/core/util/time_precise.cc +0 -1
  537. data/src/core/util/type_list.h +56 -0
  538. data/src/core/util/uri.cc +6 -4
  539. data/src/core/util/uri.h +7 -0
  540. data/src/core/util/useful.h +13 -15
  541. data/src/core/util/validation_errors.cc +5 -5
  542. data/src/core/util/wait_for_single_owner.h +62 -0
  543. data/src/core/util/windows/env.cc +3 -3
  544. data/src/core/util/windows/sync.cc +0 -1
  545. data/src/core/util/windows/time.cc +0 -1
  546. data/src/core/util/work_serializer.cc +27 -267
  547. data/src/core/util/work_serializer.h +3 -27
  548. data/src/core/xds/grpc/certificate_provider_store.cc +12 -17
  549. data/src/core/xds/grpc/file_watcher_certificate_provider_factory.cc +2 -2
  550. data/src/core/xds/grpc/xds_audit_logger_registry.cc +1 -1
  551. data/src/core/xds/grpc/xds_bootstrap_grpc.cc +11 -14
  552. data/src/core/xds/grpc/xds_bootstrap_grpc.h +2 -2
  553. data/src/core/xds/grpc/xds_certificate_provider.cc +15 -15
  554. data/src/core/xds/grpc/xds_client_grpc.cc +7 -8
  555. data/src/core/xds/grpc/xds_cluster.h +4 -4
  556. data/src/core/xds/grpc/xds_cluster_parser.cc +26 -26
  557. data/src/core/xds/grpc/xds_cluster_specifier_plugin.cc +4 -4
  558. data/src/core/xds/grpc/xds_common_types.cc +2 -2
  559. data/src/core/xds/grpc/xds_common_types.h +4 -4
  560. data/src/core/xds/grpc/xds_common_types_parser.cc +29 -31
  561. data/src/core/xds/grpc/xds_common_types_parser.h +8 -7
  562. data/src/core/xds/grpc/xds_endpoint.cc +3 -4
  563. data/src/core/xds/grpc/xds_endpoint_parser.cc +68 -37
  564. data/src/core/xds/grpc/xds_health_status.cc +4 -4
  565. data/src/core/xds/grpc/xds_health_status.h +4 -3
  566. data/src/core/xds/grpc/xds_http_fault_filter.cc +18 -20
  567. data/src/core/xds/grpc/xds_http_fault_filter.h +4 -3
  568. data/src/core/xds/grpc/xds_http_filter.h +3 -3
  569. data/src/core/xds/grpc/xds_http_filter_registry.cc +7 -7
  570. data/src/core/xds/grpc/xds_http_filter_registry.h +3 -3
  571. data/src/core/xds/grpc/xds_http_gcp_authn_filter.cc +7 -7
  572. data/src/core/xds/grpc/xds_http_gcp_authn_filter.h +4 -3
  573. data/src/core/xds/grpc/xds_http_rbac_filter.cc +30 -23
  574. data/src/core/xds/grpc/xds_http_rbac_filter.h +4 -3
  575. data/src/core/xds/grpc/xds_http_stateful_session_filter.cc +10 -10
  576. data/src/core/xds/grpc/xds_http_stateful_session_filter.h +4 -3
  577. data/src/core/xds/grpc/xds_lb_policy_registry.cc +4 -4
  578. data/src/core/xds/grpc/xds_listener.cc +4 -6
  579. data/src/core/xds/grpc/xds_listener.h +10 -10
  580. data/src/core/xds/grpc/xds_listener_parser.cc +58 -51
  581. data/src/core/xds/grpc/xds_listener_parser.h +2 -1
  582. data/src/core/xds/grpc/xds_metadata.cc +5 -5
  583. data/src/core/xds/grpc/xds_metadata.h +8 -0
  584. data/src/core/xds/grpc/xds_metadata_parser.cc +65 -52
  585. data/src/core/xds/grpc/xds_route_config.cc +9 -15
  586. data/src/core/xds/grpc/xds_route_config.h +9 -9
  587. data/src/core/xds/grpc/xds_route_config_parser.cc +114 -116
  588. data/src/core/xds/grpc/xds_route_config_parser.h +4 -4
  589. data/src/core/xds/grpc/xds_routing.cc +6 -6
  590. data/src/core/xds/grpc/xds_routing.h +5 -5
  591. data/src/core/xds/grpc/xds_server_grpc.cc +22 -1
  592. data/src/core/xds/grpc/xds_server_grpc.h +5 -2
  593. data/src/core/xds/grpc/xds_server_grpc_interface.h +33 -0
  594. data/src/core/xds/grpc/xds_transport_grpc.cc +5 -6
  595. data/src/core/xds/xds_client/lrs_client.cc +71 -83
  596. data/src/core/xds/xds_client/lrs_client.h +8 -8
  597. data/src/core/xds/xds_client/xds_api.cc +5 -228
  598. data/src/core/xds/xds_client/xds_api.h +1 -133
  599. data/src/core/xds/xds_client/xds_bootstrap.cc +11 -1
  600. data/src/core/xds/xds_client/xds_bootstrap.h +7 -0
  601. data/src/core/xds/xds_client/xds_client.cc +1030 -704
  602. data/src/core/xds/xds_client/xds_client.h +135 -29
  603. data/src/core/xds/xds_client/xds_resource_type.h +2 -3
  604. data/src/core/xds/xds_client/xds_resource_type_impl.h +13 -8
  605. data/src/ruby/ext/grpc/extconf.rb +1 -0
  606. data/src/ruby/lib/grpc/version.rb +1 -1
  607. data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_bitstr.c → a_bitstr.cc} +16 -57
  608. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.cc +53 -0
  609. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_d2i_fp.cc +47 -0
  610. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_dup.cc +42 -0
  611. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.cc +109 -0
  612. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_i2d_fp.cc +43 -0
  613. data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_int.c → a_int.cc} +15 -56
  614. data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_mbstr.c → a_mbstr.cc} +22 -62
  615. data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_object.c → a_object.cc} +14 -56
  616. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.cc +32 -0
  617. data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_strex.c → a_strex.cc} +13 -55
  618. data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_strnid.c → a_strnid.cc} +20 -59
  619. data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_time.c → a_time.cc} +41 -76
  620. data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_type.c → a_type.cc} +17 -59
  621. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.cc +109 -0
  622. data/third_party/boringssl-with-bazel/src/crypto/asn1/{asn1_lib.c → asn1_lib.cc} +17 -59
  623. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_par.cc +61 -0
  624. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.cc +56 -0
  625. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.cc +63 -0
  626. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.cc +52 -0
  627. data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +13 -57
  628. data/third_party/boringssl-with-bazel/src/crypto/asn1/{posix_time.c → posix_time.cc} +14 -14
  629. data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_dec.c → tasn_dec.cc} +17 -58
  630. data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_enc.c → tasn_enc.cc} +22 -61
  631. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.cc +164 -0
  632. data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_new.c → tasn_new.cc} +20 -61
  633. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.cc +84 -0
  634. data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_utl.c → tasn_utl.cc} +26 -65
  635. data/third_party/boringssl-with-bazel/src/crypto/base64/{base64.c → base64.cc} +22 -67
  636. data/third_party/boringssl-with-bazel/src/crypto/bcm_support.h +19 -13
  637. data/third_party/boringssl-with-bazel/src/crypto/bio/{bio.c → bio.cc} +45 -113
  638. data/third_party/boringssl-with-bazel/src/crypto/bio/{bio_mem.c → bio_mem.cc} +21 -62
  639. data/third_party/boringssl-with-bazel/src/crypto/bio/{connect.c → connect.cc} +40 -73
  640. data/third_party/boringssl-with-bazel/src/crypto/bio/errno.cc +50 -0
  641. data/third_party/boringssl-with-bazel/src/crypto/bio/{fd.c → fd.cc} +14 -56
  642. data/third_party/boringssl-with-bazel/src/crypto/bio/{file.c → file.cc} +17 -59
  643. data/third_party/boringssl-with-bazel/src/crypto/bio/hexdump.cc +152 -0
  644. data/third_party/boringssl-with-bazel/src/crypto/bio/internal.h +13 -55
  645. data/third_party/boringssl-with-bazel/src/crypto/bio/{pair.c → pair.cc} +37 -71
  646. data/third_party/boringssl-with-bazel/src/crypto/bio/printf.cc +59 -0
  647. data/third_party/boringssl-with-bazel/src/crypto/bio/socket.cc +147 -0
  648. data/third_party/boringssl-with-bazel/src/crypto/bio/{socket_helper.c → socket_helper.cc} +13 -13
  649. data/third_party/boringssl-with-bazel/src/crypto/blake2/{blake2.c → blake2.cc} +14 -14
  650. data/third_party/boringssl-with-bazel/src/crypto/{bn_extra/bn_asn1.c → bn/bn_asn1.cc} +13 -13
  651. data/third_party/boringssl-with-bazel/src/crypto/{bn_extra/convert.c → bn/convert.cc} +34 -76
  652. data/third_party/boringssl-with-bazel/src/crypto/buf/buf.cc +118 -0
  653. data/third_party/boringssl-with-bazel/src/crypto/bytestring/asn1_compat.cc +53 -0
  654. data/third_party/boringssl-with-bazel/src/crypto/bytestring/{ber.c → ber.cc} +13 -13
  655. data/third_party/boringssl-with-bazel/src/crypto/bytestring/{cbb.c → cbb.cc} +45 -61
  656. data/third_party/boringssl-with-bazel/src/crypto/bytestring/{cbs.c → cbs.cc} +42 -41
  657. data/third_party/boringssl-with-bazel/src/crypto/bytestring/internal.h +13 -13
  658. data/third_party/boringssl-with-bazel/src/crypto/bytestring/{unicode.c → unicode.cc} +13 -13
  659. data/third_party/boringssl-with-bazel/src/crypto/chacha/{chacha.c → chacha.cc} +13 -13
  660. data/third_party/boringssl-with-bazel/src/crypto/chacha/internal.h +18 -18
  661. data/third_party/boringssl-with-bazel/src/crypto/cipher/derive_key.cc +110 -0
  662. data/third_party/boringssl-with-bazel/src/crypto/{cipher_extra/e_aesctrhmac.c → cipher/e_aesctrhmac.cc} +18 -23
  663. data/third_party/boringssl-with-bazel/src/crypto/{cipher_extra/e_aesgcmsiv.c → cipher/e_aesgcmsiv.cc} +42 -38
  664. data/third_party/boringssl-with-bazel/src/crypto/{cipher_extra/e_chacha20poly1305.c → cipher/e_chacha20poly1305.cc} +13 -20
  665. data/third_party/boringssl-with-bazel/src/crypto/cipher/e_des.cc +198 -0
  666. data/third_party/boringssl-with-bazel/src/crypto/cipher/e_null.cc +51 -0
  667. data/third_party/boringssl-with-bazel/src/crypto/{cipher_extra/e_rc2.c → cipher/e_rc2.cc} +50 -88
  668. data/third_party/boringssl-with-bazel/src/crypto/cipher/e_rc4.cc +54 -0
  669. data/third_party/boringssl-with-bazel/src/crypto/{cipher_extra/e_tls.c → cipher/e_tls.cc} +14 -13
  670. data/third_party/boringssl-with-bazel/src/crypto/cipher/get_cipher.cc +85 -0
  671. data/third_party/boringssl-with-bazel/src/crypto/{cipher_extra → cipher}/internal.h +29 -69
  672. data/third_party/boringssl-with-bazel/src/crypto/{cipher_extra/tls_cbc.c → cipher/tls_cbc.cc} +13 -51
  673. data/third_party/boringssl-with-bazel/src/crypto/conf/{conf.c → conf.cc} +31 -72
  674. data/third_party/boringssl-with-bazel/src/crypto/conf/internal.h +13 -13
  675. data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_apple.c → cpu_aarch64_apple.cc} +14 -14
  676. data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_fuchsia.c → cpu_aarch64_fuchsia.cc} +14 -14
  677. data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_linux.c → cpu_aarch64_linux.cc} +14 -14
  678. data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_openbsd.c → cpu_aarch64_openbsd.cc} +17 -17
  679. data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_sysreg.c → cpu_aarch64_sysreg.cc} +15 -14
  680. data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_win.cc +41 -0
  681. data/third_party/boringssl-with-bazel/src/crypto/{cpu_arm_freebsd.c → cpu_arm_freebsd.cc} +15 -15
  682. data/third_party/boringssl-with-bazel/src/crypto/{cpu_arm_linux.c → cpu_arm_linux.cc} +17 -17
  683. data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_linux.h +13 -13
  684. data/third_party/boringssl-with-bazel/src/crypto/{cpu_intel.c → cpu_intel.cc} +60 -99
  685. data/third_party/boringssl-with-bazel/src/crypto/{crypto.c → crypto.cc} +18 -23
  686. data/third_party/boringssl-with-bazel/src/crypto/curve25519/{curve25519.c → curve25519.cc} +40 -43
  687. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519_64_adx.cc +18 -0
  688. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519_tables.h +13 -13
  689. data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h +13 -13
  690. data/third_party/boringssl-with-bazel/src/crypto/curve25519/{spake25519.c → spake25519.cc} +34 -28
  691. data/third_party/boringssl-with-bazel/src/crypto/des/{des.c → des.cc} +13 -55
  692. data/third_party/boringssl-with-bazel/src/crypto/des/internal.h +27 -69
  693. data/third_party/boringssl-with-bazel/src/crypto/dh/dh_asn1.cc +124 -0
  694. data/third_party/boringssl-with-bazel/src/crypto/{dh_extra/params.c → dh/params.cc} +13 -51
  695. data/third_party/boringssl-with-bazel/src/crypto/{digest_extra/digest_extra.c → digest/digest_extra.cc} +126 -86
  696. data/third_party/boringssl-with-bazel/src/crypto/dsa/{dsa.c → dsa.cc} +166 -212
  697. data/third_party/boringssl-with-bazel/src/crypto/dsa/{dsa_asn1.c → dsa_asn1.cc} +13 -53
  698. data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +13 -15
  699. data/third_party/boringssl-with-bazel/src/crypto/{ec_extra/ec_asn1.c → ec/ec_asn1.cc} +59 -61
  700. data/third_party/boringssl-with-bazel/src/crypto/{ec_extra/ec_derive.c → ec/ec_derive.cc} +13 -13
  701. data/third_party/boringssl-with-bazel/src/crypto/{ec_extra/hash_to_curve.c → ec/hash_to_curve.cc} +79 -77
  702. data/third_party/boringssl-with-bazel/src/crypto/{ec_extra → ec}/internal.h +13 -13
  703. data/third_party/boringssl-with-bazel/src/crypto/ecdh/ecdh.cc +73 -0
  704. data/third_party/boringssl-with-bazel/src/crypto/{ecdsa_extra/ecdsa_asn1.c → ecdsa/ecdsa_asn1.cc} +32 -86
  705. data/third_party/boringssl-with-bazel/src/crypto/engine/{engine.c → engine.cc} +24 -20
  706. data/third_party/boringssl-with-bazel/src/crypto/err/{err.c → err.cc} +41 -134
  707. data/third_party/boringssl-with-bazel/src/crypto/err/internal.h +13 -13
  708. data/third_party/boringssl-with-bazel/src/crypto/evp/{evp.c → evp.cc} +37 -88
  709. data/third_party/boringssl-with-bazel/src/crypto/evp/{evp_asn1.c → evp_asn1.cc} +122 -198
  710. data/third_party/boringssl-with-bazel/src/crypto/evp/{evp_ctx.c → evp_ctx.cc} +20 -63
  711. data/third_party/boringssl-with-bazel/src/crypto/evp/internal.h +13 -55
  712. data/third_party/boringssl-with-bazel/src/crypto/evp/{p_dh.c → p_dh.cc} +38 -22
  713. data/third_party/boringssl-with-bazel/src/crypto/evp/{p_dh_asn1.c → p_dh_asn1.cc} +51 -29
  714. data/third_party/boringssl-with-bazel/src/crypto/evp/{p_dsa_asn1.c → p_dsa_asn1.cc} +75 -134
  715. data/third_party/boringssl-with-bazel/src/crypto/evp/{p_ec.c → p_ec.cc} +31 -75
  716. data/third_party/boringssl-with-bazel/src/crypto/evp/{p_ec_asn1.c → p_ec_asn1.cc} +36 -82
  717. data/third_party/boringssl-with-bazel/src/crypto/evp/{p_ed25519.c → p_ed25519.cc} +34 -31
  718. data/third_party/boringssl-with-bazel/src/crypto/evp/{p_ed25519_asn1.c → p_ed25519_asn1.cc} +26 -25
  719. data/third_party/boringssl-with-bazel/src/crypto/evp/{p_hkdf.c → p_hkdf.cc} +30 -26
  720. data/third_party/boringssl-with-bazel/src/crypto/evp/{p_rsa.c → p_rsa.cc} +54 -91
  721. data/third_party/boringssl-with-bazel/src/crypto/evp/{p_rsa_asn1.c → p_rsa_asn1.cc} +26 -69
  722. data/third_party/boringssl-with-bazel/src/crypto/evp/{p_x25519.c → p_x25519.cc} +34 -31
  723. data/third_party/boringssl-with-bazel/src/crypto/evp/{p_x25519_asn1.c → p_x25519_asn1.cc} +30 -29
  724. data/third_party/boringssl-with-bazel/src/crypto/evp/pbkdf.cc +98 -0
  725. data/third_party/boringssl-with-bazel/src/crypto/evp/{print.c → print.cc} +17 -56
  726. data/third_party/boringssl-with-bazel/src/crypto/evp/{scrypt.c → scrypt.cc} +20 -13
  727. data/third_party/boringssl-with-bazel/src/crypto/evp/sign.cc +114 -0
  728. data/third_party/boringssl-with-bazel/src/crypto/ex_data.cc +141 -0
  729. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes.cc.inc +191 -0
  730. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{aes_nohw.c.inc → aes_nohw.cc.inc} +13 -13
  731. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/{modes/cbc.c.inc → aes/cbc.cc.inc} +13 -47
  732. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/{modes/cfb.c.inc → aes/cfb.cc.inc} +13 -47
  733. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/ctr.cc.inc +100 -0
  734. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/{modes/gcm.c.inc → aes/gcm.cc.inc} +175 -314
  735. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/{modes/gcm_nohw.c.inc → aes/gcm_nohw.cc.inc} +13 -13
  736. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +419 -70
  737. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{key_wrap.c.inc → key_wrap.cc.inc} +14 -48
  738. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.cc.inc +84 -0
  739. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/ofb.cc.inc +53 -0
  740. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/{modes/polyval.c.inc → aes/polyval.cc.inc} +14 -15
  741. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/{bcm.c → bcm.cc} +116 -113
  742. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm_interface.h +665 -25
  743. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{add.c.inc → add.cc.inc} +14 -55
  744. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/asm/{x86_64-gcc.c.inc → x86_64-gcc.cc.inc} +19 -6
  745. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{bn.c.inc → bn.cc.inc} +25 -79
  746. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{bytes.c.inc → bytes.cc.inc} +13 -55
  747. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{cmp.c.inc → cmp.cc.inc} +13 -55
  748. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{ctx.c.inc → ctx.cc.inc} +20 -63
  749. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{div.c.inc → div.cc.inc} +42 -93
  750. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{div_extra.c.inc → div_extra.cc.inc} +13 -13
  751. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{exponentiation.c.inc → exponentiation.cc.inc} +38 -131
  752. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{gcd.c.inc → gcd.cc.inc} +16 -113
  753. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{gcd_extra.c.inc → gcd_extra.cc.inc} +45 -37
  754. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{generic.c.inc → generic.cc.inc} +13 -55
  755. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +25 -134
  756. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/jacobi.cc.inc +108 -0
  757. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{montgomery.c.inc → montgomery.cc.inc} +24 -126
  758. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{montgomery_inv.c.inc → montgomery_inv.cc.inc} +13 -13
  759. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{mul.c.inc → mul.cc.inc} +24 -70
  760. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{prime.c.inc → prime.cc.inc} +44 -141
  761. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{random.c.inc → random.cc.inc} +13 -107
  762. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{rsaz_exp.c.inc → rsaz_exp.cc.inc} +18 -13
  763. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.h +20 -17
  764. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{shift.c.inc → shift.cc.inc} +16 -59
  765. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{sqrt.c.inc → sqrt.cc.inc} +13 -53
  766. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{aead.c.inc → aead.cc.inc} +30 -22
  767. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{cipher.c.inc → cipher.cc.inc} +20 -65
  768. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{e_aes.c.inc → e_aes.cc.inc} +113 -335
  769. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{e_aesccm.c.inc → e_aesccm.cc.inc} +21 -58
  770. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/internal.h +14 -65
  771. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cmac/{cmac.c.inc → cmac.cc.inc} +19 -53
  772. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/delocate.h +26 -22
  773. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/{check.c.inc → check.cc.inc} +13 -55
  774. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/{dh.c.inc → dh.cc.inc} +28 -74
  775. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/internal.h +13 -15
  776. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/{digest.c.inc → digest.cc.inc} +30 -68
  777. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.cc.inc +178 -0
  778. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/internal.h +13 -55
  779. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/md32_common.h +13 -47
  780. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digestsign/{digestsign.c.inc → digestsign.cc.inc} +14 -55
  781. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/builtin_curves.h +91 -91
  782. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec.c.inc → ec.cc.inc} +24 -81
  783. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec_key.c.inc → ec_key.cc.inc} +26 -86
  784. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec_montgomery.c.inc → ec_montgomery.cc.inc} +14 -66
  785. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{felem.c.inc → felem.cc.inc} +13 -13
  786. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +19 -66
  787. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{oct.c.inc → oct.cc.inc} +19 -72
  788. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p224-64.c.inc → p224-64.cc.inc} +13 -13
  789. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-nistz-table.h +15 -10
  790. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-nistz.c.inc → p256-nistz.cc.inc} +37 -30
  791. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-nistz.h +22 -17
  792. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256.c.inc → p256.cc.inc} +13 -13
  793. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +13 -13
  794. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{scalar.c.inc → scalar.cc.inc} +21 -15
  795. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{simple.c.inc → simple.cc.inc} +14 -66
  796. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{simple_mul.c.inc → simple_mul.cc.inc} +13 -13
  797. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{util.c.inc → util.cc.inc} +13 -13
  798. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{wnaf.c.inc → wnaf.cc.inc} +38 -81
  799. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.cc.inc +88 -0
  800. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/{ecdsa.c.inc → ecdsa.cc.inc} +19 -58
  801. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +13 -13
  802. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/fips_shared_support.cc +28 -0
  803. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hkdf/{hkdf.c.inc → hkdf.cc.inc} +13 -13
  804. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hmac/{hmac.c.inc → hmac.cc.inc} +16 -57
  805. data/third_party/boringssl-with-bazel/src/crypto/{keccak → fipsmodule/keccak}/internal.h +13 -13
  806. data/third_party/boringssl-with-bazel/src/crypto/{keccak/keccak.c → fipsmodule/keccak/keccak.cc.inc} +14 -14
  807. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/mldsa/mldsa.cc.inc +1993 -0
  808. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/mlkem/mlkem.cc.inc +1165 -0
  809. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/{ctrdrbg.c.inc → ctrdrbg.cc.inc} +22 -28
  810. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +18 -24
  811. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/{rand.c.inc → rand.cc.inc} +34 -30
  812. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.cc.inc +147 -0
  813. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +13 -56
  814. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{padding.c.inc → padding.cc.inc} +32 -73
  815. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{rsa.c.inc → rsa.cc.inc} +93 -148
  816. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{rsa_impl.c.inc → rsa_impl.cc.inc} +82 -137
  817. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/{fips.c.inc → fips.cc.inc} +26 -18
  818. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/{self_check.c.inc → self_check.cc.inc} +68 -64
  819. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/internal.h +34 -34
  820. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/{service_indicator.c.inc → service_indicator.cc.inc} +23 -24
  821. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +43 -57
  822. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha1.c.inc → sha1.cc.inc} +39 -88
  823. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha256.c.inc → sha256.cc.inc} +50 -110
  824. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha512.c.inc → sha512.cc.inc} +61 -131
  825. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/slhdsa/address.h +119 -0
  826. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/slhdsa/fors.cc.inc +169 -0
  827. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/slhdsa/fors.h +58 -0
  828. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/slhdsa/merkle.cc.inc +161 -0
  829. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/slhdsa/merkle.h +70 -0
  830. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/slhdsa/params.h +78 -0
  831. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/slhdsa/slhdsa.cc.inc +329 -0
  832. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/slhdsa/thash.cc.inc +173 -0
  833. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/slhdsa/thash.h +85 -0
  834. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/slhdsa/wots.cc.inc +171 -0
  835. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/slhdsa/wots.h +50 -0
  836. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/internal.h +13 -13
  837. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/{kdf.c.inc → kdf.cc.inc} +13 -51
  838. data/third_party/boringssl-with-bazel/src/crypto/hpke/{hpke.c → hpke.cc} +19 -16
  839. data/third_party/boringssl-with-bazel/src/crypto/hrss/{hrss.c → hrss.cc} +73 -122
  840. data/third_party/boringssl-with-bazel/src/crypto/hrss/internal.h +13 -13
  841. data/third_party/boringssl-with-bazel/src/crypto/internal.h +242 -442
  842. data/third_party/boringssl-with-bazel/src/crypto/kyber/internal.h +13 -13
  843. data/third_party/boringssl-with-bazel/src/crypto/kyber/{kyber.c → kyber.cc} +52 -28
  844. data/third_party/boringssl-with-bazel/src/crypto/lhash/internal.h +31 -75
  845. data/third_party/boringssl-with-bazel/src/crypto/lhash/{lhash.c → lhash.cc} +21 -62
  846. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/md4/md4.c.inc → md4/md4.cc} +21 -67
  847. data/third_party/boringssl-with-bazel/src/crypto/md5/internal.h +37 -0
  848. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/md5/md5.c.inc → md5/md5.cc} +17 -58
  849. data/third_party/boringssl-with-bazel/src/crypto/{mem.c → mem.cc} +47 -77
  850. data/third_party/boringssl-with-bazel/src/crypto/mldsa/mldsa.cc +90 -0
  851. data/third_party/boringssl-with-bazel/src/crypto/mlkem/mlkem.cc +97 -1042
  852. data/third_party/boringssl-with-bazel/src/crypto/obj/{obj.c → obj.cc} +40 -85
  853. data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +14 -56
  854. data/third_party/boringssl-with-bazel/src/crypto/obj/obj_xref.cc +80 -0
  855. data/third_party/boringssl-with-bazel/src/crypto/pem/internal.h +44 -0
  856. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_all.cc +149 -0
  857. data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_info.c → pem_info.cc} +20 -60
  858. data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_lib.c → pem_lib.cc} +59 -107
  859. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_oth.cc +45 -0
  860. data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_pk8.c → pem_pk8.cc} +13 -55
  861. data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_pkey.c → pem_pkey.cc} +13 -55
  862. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_x509.cc +22 -0
  863. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_xaux.cc +22 -0
  864. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/internal.h +13 -13
  865. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/{pkcs7.c → pkcs7.cc} +17 -17
  866. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/{pkcs7_x509.c → pkcs7_x509.cc} +40 -37
  867. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/internal.h +13 -54
  868. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/{p5_pbev2.c → p5_pbev2.cc} +13 -54
  869. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/{pkcs8.c → pkcs8.cc} +170 -210
  870. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/{pkcs8_x509.c → pkcs8_x509.cc} +101 -149
  871. data/third_party/boringssl-with-bazel/src/crypto/poly1305/internal.h +13 -13
  872. data/third_party/boringssl-with-bazel/src/crypto/poly1305/{poly1305.c → poly1305.cc} +15 -15
  873. data/third_party/boringssl-with-bazel/src/crypto/poly1305/{poly1305_arm.c → poly1305_arm.cc} +16 -14
  874. data/third_party/boringssl-with-bazel/src/crypto/poly1305/{poly1305_vec.c → poly1305_vec.cc} +26 -23
  875. data/third_party/boringssl-with-bazel/src/crypto/pool/internal.h +13 -13
  876. data/third_party/boringssl-with-bazel/src/crypto/pool/{pool.c → pool.cc} +24 -23
  877. data/third_party/boringssl-with-bazel/src/crypto/{rand_extra/deterministic.c → rand/deterministic.cc} +14 -14
  878. data/third_party/boringssl-with-bazel/src/crypto/{rand_extra/fork_detect.c → rand/fork_detect.cc} +23 -24
  879. data/third_party/boringssl-with-bazel/src/crypto/rand/forkunsafe.cc +44 -0
  880. data/third_party/boringssl-with-bazel/src/crypto/{rand_extra/getentropy.c → rand/getentropy.cc} +13 -13
  881. data/third_party/boringssl-with-bazel/src/crypto/{rand_extra → rand}/getrandom_fillin.h +13 -13
  882. data/third_party/boringssl-with-bazel/src/crypto/rand/ios.cc +42 -0
  883. data/third_party/boringssl-with-bazel/src/crypto/{rand_extra/passive.c → rand/passive.cc} +34 -30
  884. data/third_party/boringssl-with-bazel/src/crypto/{rand_extra/rand_extra.c → rand/rand.cc} +13 -13
  885. data/third_party/boringssl-with-bazel/src/crypto/rand/sysrand_internal.h +37 -0
  886. data/third_party/boringssl-with-bazel/src/crypto/rand/trusty.cc +46 -0
  887. data/third_party/boringssl-with-bazel/src/crypto/{rand_extra/urandom.c → rand/urandom.cc} +19 -19
  888. data/third_party/boringssl-with-bazel/src/crypto/{rand_extra/windows.c → rand/windows.cc} +13 -13
  889. data/third_party/boringssl-with-bazel/src/crypto/rc4/rc4.cc +56 -0
  890. data/third_party/boringssl-with-bazel/src/crypto/{refcount.c → refcount.cc} +13 -13
  891. data/third_party/boringssl-with-bazel/src/crypto/rsa/internal.h +36 -0
  892. data/third_party/boringssl-with-bazel/src/crypto/{rsa_extra/rsa_asn1.c → rsa/rsa_asn1.cc} +13 -54
  893. data/third_party/boringssl-with-bazel/src/crypto/{rsa_extra/rsa_crypt.c → rsa/rsa_crypt.cc} +94 -133
  894. data/third_party/boringssl-with-bazel/src/crypto/rsa/rsa_extra.cc +19 -0
  895. data/third_party/boringssl-with-bazel/src/crypto/rsa/rsa_print.cc +27 -0
  896. data/third_party/boringssl-with-bazel/src/crypto/sha/sha1.cc +52 -0
  897. data/third_party/boringssl-with-bazel/src/crypto/sha/sha256.cc +87 -0
  898. data/third_party/boringssl-with-bazel/src/crypto/sha/sha512.cc +104 -0
  899. data/third_party/boringssl-with-bazel/src/crypto/siphash/{siphash.c → siphash.cc} +13 -13
  900. data/third_party/boringssl-with-bazel/src/crypto/slhdsa/slhdsa.cc +113 -0
  901. data/third_party/boringssl-with-bazel/src/crypto/spake2plus/internal.h +204 -0
  902. data/third_party/boringssl-with-bazel/src/crypto/spake2plus/spake2plus.cc +501 -0
  903. data/third_party/boringssl-with-bazel/src/crypto/stack/{stack.c → stack.cc} +23 -61
  904. data/third_party/boringssl-with-bazel/src/crypto/thread.cc +68 -0
  905. data/third_party/boringssl-with-bazel/src/crypto/{thread_none.c → thread_none.cc} +13 -13
  906. data/third_party/boringssl-with-bazel/src/crypto/{thread_pthread.c → thread_pthread.cc} +21 -20
  907. data/third_party/boringssl-with-bazel/src/crypto/{thread_win.c → thread_win.cc} +33 -29
  908. data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +13 -13
  909. data/third_party/boringssl-with-bazel/src/crypto/trust_token/{pmbtoken.c → pmbtoken.cc} +159 -171
  910. data/third_party/boringssl-with-bazel/src/crypto/trust_token/{trust_token.c → trust_token.cc} +32 -34
  911. data/third_party/boringssl-with-bazel/src/crypto/trust_token/{voprf.c → voprf.cc} +178 -182
  912. data/third_party/boringssl-with-bazel/src/crypto/x509/a_digest.cc +52 -0
  913. data/third_party/boringssl-with-bazel/src/crypto/x509/a_sign.cc +97 -0
  914. data/third_party/boringssl-with-bazel/src/crypto/x509/a_verify.cc +74 -0
  915. data/third_party/boringssl-with-bazel/src/crypto/x509/{algorithm.c → algorithm.cc} +14 -56
  916. data/third_party/boringssl-with-bazel/src/crypto/x509/{asn1_gen.c → asn1_gen.cc} +19 -62
  917. data/third_party/boringssl-with-bazel/src/crypto/x509/{by_dir.c → by_dir.cc} +32 -77
  918. data/third_party/boringssl-with-bazel/src/crypto/x509/{by_file.c → by_file.cc} +13 -55
  919. data/third_party/boringssl-with-bazel/src/crypto/x509/ext_dat.h +13 -55
  920. data/third_party/boringssl-with-bazel/src/crypto/x509/i2d_pr.cc +37 -0
  921. data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +13 -57
  922. data/third_party/boringssl-with-bazel/src/crypto/x509/{name_print.c → name_print.cc} +13 -55
  923. data/third_party/boringssl-with-bazel/src/crypto/x509/{policy.c → policy.cc} +200 -190
  924. data/third_party/boringssl-with-bazel/src/crypto/x509/{rsa_pss.c → rsa_pss.cc} +59 -96
  925. data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.cc +103 -0
  926. data/third_party/boringssl-with-bazel/src/crypto/x509/{t_req.c → t_req.cc} +13 -55
  927. data/third_party/boringssl-with-bazel/src/crypto/x509/{t_x509.c → t_x509.cc} +13 -55
  928. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509a.cc +79 -0
  929. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_akey.c → v3_akey.cc} +17 -57
  930. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_akeya.cc +31 -0
  931. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_alt.c → v3_alt.cc} +17 -58
  932. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_bcons.cc +95 -0
  933. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_bitst.cc +102 -0
  934. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_conf.c → v3_conf.cc} +18 -60
  935. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_cpols.c → v3_cpols.cc} +60 -98
  936. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_crld.c → v3_crld.cc} +16 -57
  937. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_enum.cc +73 -0
  938. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_extku.cc +114 -0
  939. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_genn.c → v3_genn.cc} +20 -62
  940. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_ia5.cc +79 -0
  941. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_info.c → v3_info.cc} +20 -67
  942. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_int.cc +81 -0
  943. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_lib.c → v3_lib.cc} +23 -63
  944. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_ncons.c → v3_ncons.cc} +15 -56
  945. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_ocsp.c → v3_ocsp.cc} +17 -9
  946. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_pcons.cc +101 -0
  947. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_pmaps.c → v3_pmaps.cc} +15 -56
  948. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_prn.c → v3_prn.cc} +15 -56
  949. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_purp.c → v3_purp.cc} +29 -63
  950. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_skey.cc +131 -0
  951. data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_utl.c → v3_utl.cc} +30 -78
  952. data/third_party/boringssl-with-bazel/src/crypto/x509/x509.cc +47 -0
  953. data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_att.c → x509_att.cc} +16 -57
  954. data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_cmp.c → x509_cmp.cc} +13 -55
  955. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_d2.cc +66 -0
  956. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_def.cc +44 -0
  957. data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_ext.c → x509_ext.cc} +13 -55
  958. data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_lu.c → x509_lu.cc} +20 -65
  959. data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_obj.c → x509_obj.cc} +13 -55
  960. data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_req.c → x509_req.cc} +13 -55
  961. data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_set.c → x509_set.cc} +13 -55
  962. data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_trs.c → x509_trs.cc} +13 -55
  963. data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_txt.c → x509_txt.cc} +13 -55
  964. data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_v3.c → x509_v3.cc} +15 -57
  965. data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_vfy.c → x509_vfy.cc} +229 -267
  966. data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_vpm.c → x509_vpm.cc} +68 -68
  967. data/third_party/boringssl-with-bazel/src/crypto/x509/{x509cset.c → x509cset.cc} +13 -55
  968. data/third_party/boringssl-with-bazel/src/crypto/x509/{x509name.c → x509name.cc} +13 -55
  969. data/third_party/boringssl-with-bazel/src/crypto/x509/x509rset.cc +67 -0
  970. data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.cc +91 -0
  971. data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.cc +107 -0
  972. data/third_party/boringssl-with-bazel/src/crypto/x509/{x_all.c → x_all.cc} +23 -61
  973. data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.cc +55 -0
  974. data/third_party/boringssl-with-bazel/src/crypto/x509/{x_crl.c → x_crl.cc} +19 -61
  975. data/third_party/boringssl-with-bazel/src/crypto/x509/x_exten.cc +36 -0
  976. data/third_party/boringssl-with-bazel/src/crypto/x509/{x_name.c → x_name.cc} +52 -87
  977. data/third_party/boringssl-with-bazel/src/crypto/x509/{x_pubkey.c → x_pubkey.cc} +17 -57
  978. data/third_party/boringssl-with-bazel/src/crypto/x509/x_req.cc +74 -0
  979. data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.cc +51 -0
  980. data/third_party/boringssl-with-bazel/src/crypto/x509/x_spki.cc +34 -0
  981. data/third_party/boringssl-with-bazel/src/crypto/x509/x_val.cc +28 -0
  982. data/third_party/boringssl-with-bazel/src/crypto/x509/{x_x509.c → x_x509.cc} +61 -99
  983. data/third_party/boringssl-with-bazel/src/crypto/x509/{x_x509a.c → x_x509a.cc} +17 -57
  984. data/third_party/boringssl-with-bazel/src/gen/crypto/{err_data.c → err_data.cc} +468 -453
  985. data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +13 -13
  986. data/third_party/boringssl-with-bazel/src/include/openssl/aes.h +13 -47
  987. data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +13 -51
  988. data/third_party/boringssl-with-bazel/src/include/openssl/asm_base.h +14 -14
  989. data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +23 -62
  990. data/third_party/boringssl-with-bazel/src/include/openssl/asn1_mac.h +13 -13
  991. data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +248 -328
  992. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +24 -55
  993. data/third_party/boringssl-with-bazel/src/include/openssl/base64.h +13 -55
  994. data/third_party/boringssl-with-bazel/src/include/openssl/bcm_public.h +82 -0
  995. data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +13 -55
  996. data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +13 -13
  997. data/third_party/boringssl-with-bazel/src/include/openssl/blowfish.h +13 -55
  998. data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +14 -121
  999. data/third_party/boringssl-with-bazel/src/include/openssl/buf.h +13 -55
  1000. data/third_party/boringssl-with-bazel/src/include/openssl/buffer.h +13 -13
  1001. data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +31 -16
  1002. data/third_party/boringssl-with-bazel/src/include/openssl/cast.h +13 -55
  1003. data/third_party/boringssl-with-bazel/src/include/openssl/chacha.h +13 -13
  1004. data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +31 -59
  1005. data/third_party/boringssl-with-bazel/src/include/openssl/cmac.h +13 -13
  1006. data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +13 -55
  1007. data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +13 -13
  1008. data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +25 -14
  1009. data/third_party/boringssl-with-bazel/src/include/openssl/ctrdrbg.h +13 -13
  1010. data/third_party/boringssl-with-bazel/src/include/openssl/curve25519.h +13 -13
  1011. data/third_party/boringssl-with-bazel/src/include/openssl/des.h +13 -55
  1012. data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +17 -55
  1013. data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +19 -56
  1014. data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +17 -58
  1015. data/third_party/boringssl-with-bazel/src/include/openssl/dtls1.h +13 -13
  1016. data/third_party/boringssl-with-bazel/src/include/openssl/e_os2.h +13 -13
  1017. data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +14 -66
  1018. data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h +31 -72
  1019. data/third_party/boringssl-with-bazel/src/include/openssl/ecdh.h +14 -65
  1020. data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +13 -51
  1021. data/third_party/boringssl-with-bazel/src/include/openssl/engine.h +13 -13
  1022. data/third_party/boringssl-with-bazel/src/include/openssl/err.h +13 -107
  1023. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +14 -56
  1024. data/third_party/boringssl-with-bazel/src/include/openssl/evp_errors.h +13 -55
  1025. data/third_party/boringssl-with-bazel/src/include/openssl/ex_data.h +13 -107
  1026. data/third_party/boringssl-with-bazel/src/include/openssl/experimental/kyber.h +13 -13
  1027. data/third_party/boringssl-with-bazel/src/include/openssl/hkdf.h +13 -13
  1028. data/third_party/boringssl-with-bazel/src/include/openssl/hmac.h +13 -55
  1029. data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +13 -13
  1030. data/third_party/boringssl-with-bazel/src/include/openssl/hrss.h +13 -13
  1031. data/third_party/boringssl-with-bazel/src/include/openssl/is_boringssl.h +13 -13
  1032. data/third_party/boringssl-with-bazel/src/include/openssl/kdf.h +13 -13
  1033. data/third_party/boringssl-with-bazel/src/include/openssl/lhash.h +13 -55
  1034. data/third_party/boringssl-with-bazel/src/include/openssl/md4.h +13 -55
  1035. data/third_party/boringssl-with-bazel/src/include/openssl/md5.h +13 -55
  1036. data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +13 -55
  1037. data/third_party/boringssl-with-bazel/src/include/openssl/mldsa.h +20 -26
  1038. data/third_party/boringssl-with-bazel/src/include/openssl/mlkem.h +13 -37
  1039. data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +27 -69
  1040. data/third_party/boringssl-with-bazel/src/include/openssl/obj.h +13 -55
  1041. data/third_party/boringssl-with-bazel/src/include/openssl/obj_mac.h +13 -13
  1042. data/third_party/boringssl-with-bazel/src/include/openssl/objects.h +13 -13
  1043. data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +13 -13
  1044. data/third_party/boringssl-with-bazel/src/include/openssl/opensslv.h +13 -13
  1045. data/third_party/boringssl-with-bazel/src/include/openssl/ossl_typ.h +13 -13
  1046. data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +22 -60
  1047. data/third_party/boringssl-with-bazel/src/include/openssl/pkcs12.h +13 -13
  1048. data/third_party/boringssl-with-bazel/src/include/openssl/pkcs7.h +13 -13
  1049. data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +13 -55
  1050. data/third_party/boringssl-with-bazel/src/include/openssl/poly1305.h +13 -13
  1051. data/third_party/boringssl-with-bazel/src/include/openssl/pool.h +13 -13
  1052. data/third_party/boringssl-with-bazel/src/include/openssl/posix_time.h +13 -13
  1053. data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +13 -13
  1054. data/third_party/boringssl-with-bazel/src/include/openssl/rc4.h +13 -55
  1055. data/third_party/boringssl-with-bazel/src/include/openssl/ripemd.h +13 -55
  1056. data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +23 -63
  1057. data/third_party/boringssl-with-bazel/src/include/openssl/safestack.h +13 -13
  1058. data/third_party/boringssl-with-bazel/src/include/openssl/service_indicator.h +13 -13
  1059. data/third_party/boringssl-with-bazel/src/include/openssl/sha.h +15 -95
  1060. data/third_party/boringssl-with-bazel/src/include/openssl/siphash.h +13 -13
  1061. data/third_party/boringssl-with-bazel/src/include/openssl/slhdsa.h +174 -0
  1062. data/third_party/boringssl-with-bazel/src/include/openssl/span.h +24 -32
  1063. data/third_party/boringssl-with-bazel/src/include/openssl/srtp.h +13 -13
  1064. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +358 -290
  1065. data/third_party/boringssl-with-bazel/src/include/openssl/ssl3.h +15 -114
  1066. data/third_party/boringssl-with-bazel/src/include/openssl/stack.h +13 -55
  1067. data/third_party/boringssl-with-bazel/src/include/openssl/target.h +23 -13
  1068. data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +15 -57
  1069. data/third_party/boringssl-with-bazel/src/include/openssl/time.h +13 -13
  1070. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +27 -156
  1071. data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +15 -15
  1072. data/third_party/boringssl-with-bazel/src/include/openssl/type_check.h +13 -55
  1073. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +14 -61
  1074. data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +13 -13
  1075. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +13 -13
  1076. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3_errors.h +13 -53
  1077. data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +15 -14
  1078. data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +680 -434
  1079. data/third_party/boringssl-with-bazel/src/ssl/d1_lib.cc +129 -174
  1080. data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +176 -131
  1081. data/third_party/boringssl-with-bazel/src/ssl/d1_srtp.cc +21 -127
  1082. data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +107 -104
  1083. data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +311 -312
  1084. data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +54 -47
  1085. data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +677 -475
  1086. data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +66 -73
  1087. data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +61 -153
  1088. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +198 -331
  1089. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +88 -212
  1090. data/third_party/boringssl-with-bazel/src/ssl/internal.h +949 -531
  1091. data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +47 -157
  1092. data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +29 -159
  1093. data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +18 -112
  1094. data/third_party/boringssl-with-bazel/src/ssl/ssl_aead_ctx.cc +103 -196
  1095. data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +52 -145
  1096. data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +15 -20
  1097. data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +117 -157
  1098. data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +229 -365
  1099. data/third_party/boringssl-with-bazel/src/ssl/ssl_credential.cc +216 -31
  1100. data/third_party/boringssl-with-bazel/src/ssl/ssl_file.cc +13 -109
  1101. data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +34 -33
  1102. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +194 -350
  1103. data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +38 -83
  1104. data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +101 -236
  1105. data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +17 -91
  1106. data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +109 -157
  1107. data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +44 -30
  1108. data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +66 -195
  1109. data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +45 -176
  1110. data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +58 -42
  1111. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +146 -94
  1112. data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +251 -180
  1113. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +236 -107
  1114. data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +64 -117
  1115. data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +52 -134
  1116. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +6 -0
  1117. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +6 -0
  1118. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64_adx.h +4 -1
  1119. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +1 -1
  1120. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +3 -0
  1121. metadata +357 -348
  1122. data/src/core/ext/upb-gen/envoy/config/trace/v3/opencensus.upb.h +0 -426
  1123. data/src/core/ext/upb-gen/envoy/config/trace/v3/opencensus.upb_minitable.c +0 -87
  1124. data/src/core/ext/upb-gen/envoy/config/trace/v3/opencensus.upb_minitable.h +0 -32
  1125. data/src/core/ext/upb-gen/opencensus/proto/trace/v1/trace_config.upb.h +0 -408
  1126. data/src/core/ext/upb-gen/opencensus/proto/trace/v1/trace_config.upb_minitable.c +0 -124
  1127. data/src/core/ext/upb-gen/opencensus/proto/trace/v1/trace_config.upb_minitable.h +0 -38
  1128. data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/opencensus.upbdefs.c +0 -108
  1129. data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/opencensus.upbdefs.h +0 -33
  1130. data/src/core/ext/upbdefs-gen/opencensus/proto/trace/v1/trace_config.upbdefs.c +0 -67
  1131. data/src/core/ext/upbdefs-gen/opencensus/proto/trace/v1/trace_config.upbdefs.h +0 -48
  1132. data/src/core/util/atm.cc +0 -34
  1133. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +0 -95
  1134. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_d2i_fp.c +0 -89
  1135. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_dup.c +0 -84
  1136. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.c +0 -151
  1137. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_i2d_fp.c +0 -85
  1138. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +0 -74
  1139. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +0 -183
  1140. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_par.c +0 -103
  1141. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +0 -98
  1142. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +0 -105
  1143. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +0 -94
  1144. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +0 -212
  1145. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +0 -126
  1146. data/third_party/boringssl-with-bazel/src/crypto/bio/errno.c +0 -92
  1147. data/third_party/boringssl-with-bazel/src/crypto/bio/hexdump.c +0 -192
  1148. data/third_party/boringssl-with-bazel/src/crypto/bio/printf.c +0 -102
  1149. data/third_party/boringssl-with-bazel/src/crypto/bio/socket.c +0 -189
  1150. data/third_party/boringssl-with-bazel/src/crypto/buf/buf.c +0 -158
  1151. data/third_party/boringssl-with-bazel/src/crypto/bytestring/asn1_compat.c +0 -53
  1152. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/cipher_extra.c +0 -127
  1153. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +0 -152
  1154. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_des.c +0 -228
  1155. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_null.c +0 -90
  1156. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc4.c +0 -94
  1157. data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_win.c +0 -41
  1158. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519_64_adx.c +0 -18
  1159. data/third_party/boringssl-with-bazel/src/crypto/dh_extra/dh_asn1.c +0 -165
  1160. data/third_party/boringssl-with-bazel/src/crypto/dilithium/dilithium.c +0 -1539
  1161. data/third_party/boringssl-with-bazel/src/crypto/dilithium/internal.h +0 -58
  1162. data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/ecdh_extra.c +0 -124
  1163. data/third_party/boringssl-with-bazel/src/crypto/evp/pbkdf.c +0 -146
  1164. data/third_party/boringssl-with-bazel/src/crypto/evp/sign.c +0 -156
  1165. data/third_party/boringssl-with-bazel/src/crypto/ex_data.c +0 -236
  1166. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes.c.inc +0 -127
  1167. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c.inc +0 -124
  1168. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/jacobi.c.inc +0 -146
  1169. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.c.inc +0 -304
  1170. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c.inc +0 -130
  1171. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/fips_shared_support.c +0 -29
  1172. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md5/internal.h +0 -37
  1173. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c.inc +0 -196
  1174. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +0 -428
  1175. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c.inc +0 -87
  1176. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c.inc +0 -241
  1177. data/third_party/boringssl-with-bazel/src/crypto/mldsa/internal.h +0 -73
  1178. data/third_party/boringssl-with-bazel/src/crypto/mldsa/mldsa.c +0 -1687
  1179. data/third_party/boringssl-with-bazel/src/crypto/mlkem/internal.h +0 -90
  1180. data/third_party/boringssl-with-bazel/src/crypto/obj/obj_xref.c +0 -122
  1181. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_all.c +0 -243
  1182. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_oth.c +0 -87
  1183. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_x509.c +0 -64
  1184. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_xaux.c +0 -64
  1185. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/forkunsafe.c +0 -44
  1186. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/ios.c +0 -42
  1187. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/sysrand_internal.h +0 -37
  1188. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/trusty.c +0 -46
  1189. data/third_party/boringssl-with-bazel/src/crypto/rc4/rc4.c +0 -98
  1190. data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/internal.h +0 -79
  1191. data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_print.c +0 -22
  1192. data/third_party/boringssl-with-bazel/src/crypto/spx/address.c +0 -101
  1193. data/third_party/boringssl-with-bazel/src/crypto/spx/address.h +0 -50
  1194. data/third_party/boringssl-with-bazel/src/crypto/spx/fors.c +0 -133
  1195. data/third_party/boringssl-with-bazel/src/crypto/spx/fors.h +0 -54
  1196. data/third_party/boringssl-with-bazel/src/crypto/spx/merkle.c +0 -150
  1197. data/third_party/boringssl-with-bazel/src/crypto/spx/merkle.h +0 -61
  1198. data/third_party/boringssl-with-bazel/src/crypto/spx/params.h +0 -71
  1199. data/third_party/boringssl-with-bazel/src/crypto/spx/spx.c +0 -140
  1200. data/third_party/boringssl-with-bazel/src/crypto/spx/spx_util.c +0 -53
  1201. data/third_party/boringssl-with-bazel/src/crypto/spx/spx_util.h +0 -44
  1202. data/third_party/boringssl-with-bazel/src/crypto/spx/thash.c +0 -136
  1203. data/third_party/boringssl-with-bazel/src/crypto/spx/thash.h +0 -70
  1204. data/third_party/boringssl-with-bazel/src/crypto/spx/wots.c +0 -135
  1205. data/third_party/boringssl-with-bazel/src/crypto/spx/wots.h +0 -45
  1206. data/third_party/boringssl-with-bazel/src/crypto/thread.c +0 -110
  1207. data/third_party/boringssl-with-bazel/src/crypto/x509/a_digest.c +0 -94
  1208. data/third_party/boringssl-with-bazel/src/crypto/x509/a_sign.c +0 -136
  1209. data/third_party/boringssl-with-bazel/src/crypto/x509/a_verify.c +0 -116
  1210. data/third_party/boringssl-with-bazel/src/crypto/x509/i2d_pr.c +0 -79
  1211. data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +0 -145
  1212. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509a.c +0 -121
  1213. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_akeya.c +0 -73
  1214. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_bcons.c +0 -135
  1215. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_bitst.c +0 -141
  1216. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_enum.c +0 -112
  1217. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_extku.c +0 -154
  1218. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_ia5.c +0 -122
  1219. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_int.c +0 -121
  1220. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_pcons.c +0 -142
  1221. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_skey.c +0 -170
  1222. data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +0 -89
  1223. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_d2.c +0 -108
  1224. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_def.c +0 -86
  1225. data/third_party/boringssl-with-bazel/src/crypto/x509/x509rset.c +0 -109
  1226. data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.c +0 -133
  1227. data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +0 -149
  1228. data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +0 -97
  1229. data/third_party/boringssl-with-bazel/src/crypto/x509/x_exten.c +0 -78
  1230. data/third_party/boringssl-with-bazel/src/crypto/x509/x_req.c +0 -116
  1231. data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +0 -93
  1232. data/third_party/boringssl-with-bazel/src/crypto/x509/x_spki.c +0 -79
  1233. data/third_party/boringssl-with-bazel/src/crypto/x509/x_val.c +0 -70
  1234. data/third_party/boringssl-with-bazel/src/include/openssl/experimental/dilithium.h +0 -129
  1235. data/third_party/boringssl-with-bazel/src/include/openssl/experimental/spx.h +0 -90
data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc CHANGED
@@ -1,142 +1,18 @@
1
- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2
- * All rights reserved.
3
- *
4
- * This package is an SSL implementation written
5
- * by Eric Young (eay@cryptsoft.com).
6
- * The implementation was written so as to conform with Netscapes SSL.
7
- *
8
- * This library is free for commercial and non-commercial use as long as
9
- * the following conditions are aheared to. The following conditions
10
- * apply to all code found in this distribution, be it the RC4, RSA,
11
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12
- * included with this distribution is covered by the same copyright terms
13
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14
- *
15
- * Copyright remains Eric Young's, and as such any Copyright notices in
16
- * the code are not to be removed.
17
- * If this package is used in a product, Eric Young should be given attribution
18
- * as the author of the parts of the library used.
19
- * This can be in the form of a textual message at program startup or
20
- * in documentation (online or textual) provided with the package.
21
- *
22
- * Redistribution and use in source and binary forms, with or without
23
- * modification, are permitted provided that the following conditions
24
- * are met:
25
- * 1. Redistributions of source code must retain the copyright
26
- * notice, this list of conditions and the following disclaimer.
27
- * 2. Redistributions in binary form must reproduce the above copyright
28
- * notice, this list of conditions and the following disclaimer in the
29
- * documentation and/or other materials provided with the distribution.
30
- * 3. All advertising materials mentioning features or use of this software
31
- * must display the following acknowledgement:
32
- * "This product includes cryptographic software written by
33
- * Eric Young (eay@cryptsoft.com)"
34
- * The word 'cryptographic' can be left out if the rouines from the library
35
- * being used are not cryptographic related :-).
36
- * 4. If you include any Windows specific code (or a derivative thereof) from
37
- * the apps directory (application code) you must include an acknowledgement:
38
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39
- *
40
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50
- * SUCH DAMAGE.
51
- *
52
- * The licence and distribution terms for any publically available version or
53
- * derivative of this code cannot be changed. i.e. this code cannot simply be
54
- * copied and put under another distribution licence
55
- * [including the GNU Public Licence.]
56
- */
57
- /* ====================================================================
58
- * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
59
- *
60
- * Redistribution and use in source and binary forms, with or without
61
- * modification, are permitted provided that the following conditions
62
- * are met:
63
- *
64
- * 1. Redistributions of source code must retain the above copyright
65
- * notice, this list of conditions and the following disclaimer.
66
- *
67
- * 2. Redistributions in binary form must reproduce the above copyright
68
- * notice, this list of conditions and the following disclaimer in
69
- * the documentation and/or other materials provided with the
70
- * distribution.
71
- *
72
- * 3. All advertising materials mentioning features or use of this
73
- * software must display the following acknowledgment:
74
- * "This product includes software developed by the OpenSSL Project
75
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
76
- *
77
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
78
- * endorse or promote products derived from this software without
79
- * prior written permission. For written permission, please contact
80
- * openssl-core@openssl.org.
81
- *
82
- * 5. Products derived from this software may not be called "OpenSSL"
83
- * nor may "OpenSSL" appear in their names without prior written
84
- * permission of the OpenSSL Project.
85
- *
86
- * 6. Redistributions of any form whatsoever must retain the following
87
- * acknowledgment:
88
- * "This product includes software developed by the OpenSSL Project
89
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
90
- *
91
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
92
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
93
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
94
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
95
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
96
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
97
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
98
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
99
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
100
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
101
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
102
- * OF THE POSSIBILITY OF SUCH DAMAGE.
103
- * ====================================================================
104
- *
105
- * This product includes cryptographic software written by Eric Young
106
- * (eay@cryptsoft.com). This product includes software written by Tim
107
- * Hudson (tjh@cryptsoft.com).
108
- *
109
- */
110
- /* ====================================================================
111
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
112
- * ECC cipher suite support in OpenSSL originally developed by
113
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
114
- */
115
- /* ====================================================================
116
- * Copyright 2005 Nokia. All rights reserved.
117
- *
118
- * The portions of the attached software ("Contribution") is developed by
119
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
120
- * license.
121
- *
122
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
123
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
124
- * support (see RFC 4279) to OpenSSL.
125
- *
126
- * No patent licenses or other rights except those expressly stated in
127
- * the OpenSSL open source license shall be deemed granted or received
128
- * expressly, by implication, estoppel, or otherwise.
129
- *
130
- * No assurances are provided by Nokia that the Contribution does not
131
- * infringe the patent or other intellectual property rights of any third
132
- * party or that the license provides you with all the necessary rights
133
- * to make use of the Contribution.
134
- *
135
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
136
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
137
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
138
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
139
- * OTHERWISE. */
1
+ // Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
2
+ // Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved.
3
+ // Copyright 2005 Nokia. All rights reserved.
4
+ //
5
+ // Licensed under the Apache License, Version 2.0 (the "License");
6
+ // you may not use this file except in compliance with the License.
7
+ // You may obtain a copy of the License at
8
+ //
9
+ // https://www.apache.org/licenses/LICENSE-2.0
10
+ //
11
+ // Unless required by applicable law or agreed to in writing, software
12
+ // distributed under the License is distributed on an "AS IS" BASIS,
13
+ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ // See the License for the specific language governing permissions and
15
+ // limitations under the License.
140
16
 
141
17
  #include <openssl/ssl.h>
142
18
 
@@ -154,8 +30,8 @@
154
30
  #include <openssl/mem.h>
155
31
  #include <openssl/rand.h>
156
32
 
157
- #include "internal.h"
158
33
  #include "../crypto/internal.h"
34
+ #include "internal.h"
159
35
 
160
36
  #if defined(OPENSSL_WINDOWS)
161
37
  #include <sys/timeb.h>
@@ -213,7 +89,7 @@ void ssl_reset_error_state(SSL *ssl) {
213
89
  ERR_clear_system_error();
214
90
  }
215
91
 
216
- void ssl_set_read_error(SSL* ssl) {
92
+ void ssl_set_read_error(SSL *ssl) {
217
93
  ssl->s3->read_shutdown = ssl_shutdown_error;
218
94
  ssl->s3->read_error.reset(ERR_save_state());
219
95
  }
@@ -287,7 +163,7 @@ static uint8_t hex_char_consttime(uint8_t b) {
287
163
 
288
164
  static bool cbb_add_hex_consttime(CBB *cbb, Span<const uint8_t> in) {
289
165
  uint8_t *out;
290
- if (!CBB_add_space(cbb, &out, in.size() * 2)) {
166
+ if (!CBB_add_space(cbb, &out, in.size() * 2)) {
291
167
  return false;
292
168
  }
293
169
 
@@ -307,10 +183,10 @@ bool ssl_log_secret(const SSL *ssl, const char *label,
307
183
 
308
184
  ScopedCBB cbb;
309
185
  Array<uint8_t> line;
186
+ auto label_bytes = bssl::StringAsBytes(label);
310
187
  if (!CBB_init(cbb.get(), strlen(label) + 1 + SSL3_RANDOM_SIZE * 2 + 1 +
311
188
  secret.size() * 2 + 1) ||
312
- !CBB_add_bytes(cbb.get(), reinterpret_cast<const uint8_t *>(label),
313
- strlen(label)) ||
189
+ !CBB_add_bytes(cbb.get(), label_bytes.data(), label_bytes.size()) ||
314
190
  !CBB_add_u8(cbb.get(), ' ') ||
315
191
  !cbb_add_hex_consttime(cbb.get(), ssl->s3->client_random) ||
316
192
  !CBB_add_u8(cbb.get(), ' ') ||
@@ -364,14 +240,7 @@ void ssl_do_msg_callback(const SSL *ssl, int is_write, int content_type,
364
240
  const_cast<SSL *>(ssl), ssl->msg_callback_arg);
365
241
  }
366
242
 
367
- void ssl_get_current_time(const SSL *ssl, struct OPENSSL_timeval *out_clock) {
368
- // TODO(martinkr): Change callers to |ssl_ctx_get_current_time| and drop the
369
- // |ssl| arg from |current_time_cb| if possible.
370
- ssl_ctx_get_current_time(ssl->ctx.get(), out_clock);
371
- }
372
-
373
- void ssl_ctx_get_current_time(const SSL_CTX *ctx,
374
- struct OPENSSL_timeval *out_clock) {
243
+ OPENSSL_timeval ssl_ctx_get_current_time(const SSL_CTX *ctx) {
375
244
  if (ctx->current_time_cb != NULL) {
376
245
  // TODO(davidben): Update current_time_cb to use OPENSSL_timeval. See
377
246
  // https://crbug.com/boringssl/155.
@@ -379,54 +248,47 @@ void ssl_ctx_get_current_time(const SSL_CTX *ctx,
379
248
  ctx->current_time_cb(nullptr /* ssl */, &clock);
380
249
  if (clock.tv_sec < 0) {
381
250
  assert(0);
382
- out_clock->tv_sec = 0;
383
- out_clock->tv_usec = 0;
251
+ return {0, 0};
384
252
  } else {
385
- out_clock->tv_sec = (uint64_t)clock.tv_sec;
386
- out_clock->tv_usec = (uint32_t)clock.tv_usec;
253
+ return {static_cast<uint64_t>(clock.tv_sec),
254
+ static_cast<uint32_t>(clock.tv_usec)};
387
255
  }
388
- return;
389
256
  }
390
257
 
391
258
  #if defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
392
- out_clock->tv_sec = 1234;
393
- out_clock->tv_usec = 1234;
259
+ return {1234, 1234};
394
260
  #elif defined(OPENSSL_WINDOWS)
395
261
  struct _timeb time;
396
262
  _ftime(&time);
397
263
  if (time.time < 0) {
398
264
  assert(0);
399
- out_clock->tv_sec = 0;
400
- out_clock->tv_usec = 0;
265
+ return {0, 0};
401
266
  } else {
402
- out_clock->tv_sec = time.time;
403
- out_clock->tv_usec = time.millitm * 1000;
267
+ return {static_cast<uint64_t>(time.time),
268
+ static_cast<uint32_t>(time.millitm * 1000)};
404
269
  }
405
270
  #else
406
271
  struct timeval clock;
407
272
  gettimeofday(&clock, NULL);
408
273
  if (clock.tv_sec < 0) {
409
274
  assert(0);
410
- out_clock->tv_sec = 0;
411
- out_clock->tv_usec = 0;
275
+ return {0, 0};
412
276
  } else {
413
- out_clock->tv_sec = (uint64_t)clock.tv_sec;
414
- out_clock->tv_usec = (uint32_t)clock.tv_usec;
277
+ return {static_cast<uint64_t>(clock.tv_sec),
278
+ static_cast<uint32_t>(clock.tv_usec)};
415
279
  }
416
280
  #endif
417
281
  }
418
282
 
419
- void SSL_CTX_set_handoff_mode(SSL_CTX *ctx, bool on) {
420
- ctx->handoff = on;
421
- }
283
+ void SSL_CTX_set_handoff_mode(SSL_CTX *ctx, bool on) { ctx->handoff = on; }
422
284
 
423
285
  static bool ssl_can_renegotiate(const SSL *ssl) {
424
286
  if (ssl->server || SSL_is_dtls(ssl)) {
425
287
  return false;
426
288
  }
427
289
 
428
- if (ssl->s3->have_version &&
429
- ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
290
+ if (ssl->s3->version != 0 //
291
+ && ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
430
292
  return false;
431
293
  }
432
294
 
@@ -452,9 +314,9 @@ static bool ssl_can_renegotiate(const SSL *ssl) {
452
314
  }
453
315
 
454
316
  static void ssl_maybe_shed_handshake_config(SSL *ssl) {
455
- if (ssl->s3->hs != nullptr ||
456
- ssl->config == nullptr ||
457
- !ssl->config->shed_handshake_config ||
317
+ if (ssl->s3->hs != nullptr || //
318
+ ssl->config == nullptr || //
319
+ !ssl->config->shed_handshake_config || //
458
320
  ssl_can_renegotiate(ssl)) {
459
321
  return;
460
322
  }
@@ -472,8 +334,10 @@ void SSL_set_handoff_mode(SSL *ssl, bool on) {
472
334
  bool SSL_get_traffic_secrets(const SSL *ssl,
473
335
  Span<const uint8_t> *out_read_traffic_secret,
474
336
  Span<const uint8_t> *out_write_traffic_secret) {
475
- if (SSL_version(ssl) < TLS1_3_VERSION) {
476
- OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_SSL_VERSION);
337
+ // This API is not well-defined for DTLS 1.3 (see https://crbug.com/42290608)
338
+ // or QUIC, where multiple epochs may be alive at once.
339
+ if (SSL_is_dtls(ssl) || SSL_is_quic(ssl)) {
340
+ OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
477
341
  return false;
478
342
  }
479
343
 
@@ -482,11 +346,13 @@ bool SSL_get_traffic_secrets(const SSL *ssl,
482
346
  return false;
483
347
  }
484
348
 
485
- *out_read_traffic_secret = Span<const uint8_t>(
486
- ssl->s3->read_traffic_secret, ssl->s3->read_traffic_secret_len);
487
- *out_write_traffic_secret = Span<const uint8_t>(
488
- ssl->s3->write_traffic_secret, ssl->s3->write_traffic_secret_len);
349
+ if (SSL_version(ssl) < TLS1_3_VERSION) {
350
+ OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_SSL_VERSION);
351
+ return false;
352
+ }
489
353
 
354
+ *out_read_traffic_secret = ssl->s3->read_traffic_secret;
355
+ *out_write_traffic_secret = ssl->s3->write_traffic_secret;
490
356
  return true;
491
357
  }
492
358
 
@@ -512,16 +378,11 @@ int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) {
512
378
  }
513
379
 
514
380
  static uint32_t ssl_session_hash(const SSL_SESSION *sess) {
515
- return ssl_hash_session_id(
516
- MakeConstSpan(sess->session_id, sess->session_id_length));
381
+ return ssl_hash_session_id(sess->session_id);
517
382
  }
518
383
 
519
384
  static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) {
520
- if (a->session_id_length != b->session_id_length) {
521
- return 1;
522
- }
523
-
524
- return OPENSSL_memcmp(a->session_id, b->session_id, a->session_id_length);
385
+ return Span(a->session_id) == b->session_id ? 0 : 1;
525
386
  }
526
387
 
527
388
  ssl_ctx_st::ssl_ctx_st(const SSL_METHOD *ssl_method)
@@ -572,10 +433,12 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *method) {
572
433
  ret->cert = MakeUnique<CERT>(method->x509_method);
573
434
  ret->sessions = lh_SSL_SESSION_new(ssl_session_hash, ssl_session_cmp);
574
435
  ret->client_CA.reset(sk_CRYPTO_BUFFER_new_null());
436
+ ret->CA_names.reset(sk_CRYPTO_BUFFER_new_null());
575
437
  if (ret->cert == nullptr || //
576
438
  !ret->cert->is_valid() || //
577
439
  ret->sessions == nullptr || //
578
440
  ret->client_CA == nullptr || //
441
+ ret->CA_names == nullptr || //
579
442
  !ret->x509_method->ssl_ctx_new(ret.get())) {
580
443
  return nullptr;
581
444
  }
@@ -659,7 +522,7 @@ SSL *SSL_new(SSL_CTX *ctx) {
659
522
  ssl->config->permute_extensions = ctx->permute_extensions;
660
523
  ssl->config->aes_hw_override = ctx->aes_hw_override;
661
524
  ssl->config->aes_hw_override_value = ctx->aes_hw_override_value;
662
- ssl->config->tls13_cipher_policy = ctx->tls13_cipher_policy;
525
+ ssl->config->compliance_policy = ctx->compliance_policy;
663
526
 
664
527
  if (!ssl->config->supported_group_list.CopyFrom(ctx->supported_group_list) ||
665
528
  !ssl->config->alpn_client_proto_list.CopyFrom(
@@ -708,9 +571,7 @@ SSL_CONFIG::SSL_CONFIG(SSL *ssl_arg)
708
571
  jdk11_workaround(false),
709
572
  quic_use_legacy_codepoint(false),
710
573
  permute_extensions(false),
711
- alps_use_new_codepoint(false),
712
- check_client_certificate_type(true),
713
- check_ecdsa_curve(true) {
574
+ alps_use_new_codepoint(false) {
714
575
  assert(ssl);
715
576
  }
716
577
 
@@ -720,9 +581,7 @@ SSL_CONFIG::~SSL_CONFIG() {
720
581
  }
721
582
  }
722
583
 
723
- void SSL_free(SSL *ssl) {
724
- Delete(ssl);
725
- }
584
+ void SSL_free(SSL *ssl) { Delete(ssl); }
726
585
 
727
586
  void SSL_set_connect_state(SSL *ssl) {
728
587
  ssl->server = false;
@@ -734,13 +593,9 @@ void SSL_set_accept_state(SSL *ssl) {
734
593
  ssl->do_handshake = ssl_server_handshake;
735
594
  }
736
595
 
737
- void SSL_set0_rbio(SSL *ssl, BIO *rbio) {
738
- ssl->rbio.reset(rbio);
739
- }
596
+ void SSL_set0_rbio(SSL *ssl, BIO *rbio) { ssl->rbio.reset(rbio); }
740
597
 
741
- void SSL_set0_wbio(SSL *ssl, BIO *wbio) {
742
- ssl->wbio.reset(wbio);
743
- }
598
+ void SSL_set0_wbio(SSL *ssl, BIO *wbio) { ssl->wbio.reset(wbio); }
744
599
 
745
600
  void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio) {
746
601
  // For historical reasons, this function has many different cases in ownership
@@ -803,8 +658,8 @@ size_t SSL_quic_max_handshake_flight_len(const SSL *ssl,
803
658
  } else {
804
659
  // Clients may receive both Certificate message and a CertificateRequest
805
660
  // message.
806
- if (2*ssl->max_cert_list > kDefaultLimit) {
807
- return 2*ssl->max_cert_list;
661
+ if (2 * ssl->max_cert_list > kDefaultLimit) {
662
+ return 2 * ssl->max_cert_list;
808
663
  }
809
664
  }
810
665
  return kDefaultLimit;
@@ -819,21 +674,23 @@ size_t SSL_quic_max_handshake_flight_len(const SSL *ssl,
819
674
  }
820
675
 
821
676
  enum ssl_encryption_level_t SSL_quic_read_level(const SSL *ssl) {
822
- return ssl->s3->read_level;
677
+ assert(SSL_is_quic(ssl));
678
+ return ssl->s3->quic_read_level;
823
679
  }
824
680
 
825
681
  enum ssl_encryption_level_t SSL_quic_write_level(const SSL *ssl) {
826
- return ssl->s3->write_level;
682
+ assert(SSL_is_quic(ssl));
683
+ return ssl->s3->quic_write_level;
827
684
  }
828
685
 
829
686
  int SSL_provide_quic_data(SSL *ssl, enum ssl_encryption_level_t level,
830
687
  const uint8_t *data, size_t len) {
831
- if (ssl->quic_method == nullptr) {
688
+ if (!SSL_is_quic(ssl)) {
832
689
  OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
833
690
  return 0;
834
691
  }
835
692
 
836
- if (level != ssl->s3->read_level) {
693
+ if (level != ssl->s3->quic_read_level) {
837
694
  OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED);
838
695
  return 0;
839
696
  }
@@ -845,7 +702,7 @@ int SSL_provide_quic_data(SSL *ssl, enum ssl_encryption_level_t level,
845
702
  return 0;
846
703
  }
847
704
 
848
- return tls_append_handshake_data(ssl, MakeConstSpan(data, len));
705
+ return tls_append_handshake_data(ssl, Span(data, len));
849
706
  }
850
707
 
851
708
  int SSL_do_handshake(SSL *ssl) {
@@ -937,7 +794,7 @@ static int ssl_do_post_handshake(SSL *ssl, const SSLMessage &msg) {
937
794
  int SSL_process_quic_post_handshake(SSL *ssl) {
938
795
  ssl_reset_error_state(ssl);
939
796
 
940
- if (SSL_in_init(ssl)) {
797
+ if (!SSL_is_quic(ssl) || SSL_in_init(ssl)) {
941
798
  OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
942
799
  return 0;
943
800
  }
@@ -980,6 +837,15 @@ static int ssl_read_impl(SSL *ssl) {
980
837
  return -1;
981
838
  }
982
839
 
840
+ // If a read triggered a DTLS ACK or retransmit, resolve that before reading
841
+ // more.
842
+ if (SSL_is_dtls(ssl)) {
843
+ int ret = ssl->method->flush(ssl);
844
+ if (ret <= 0) {
845
+ return ret;
846
+ }
847
+ }
848
+
983
849
  // Complete the current handshake, if any. False Start will cause
984
850
  // |SSL_do_handshake| to return mid-handshake, so this may require multiple
985
851
  // iterations.
@@ -1047,7 +913,7 @@ int SSL_read(SSL *ssl, void *buf, int num) {
1047
913
  }
1048
914
 
1049
915
  int SSL_peek(SSL *ssl, void *buf, int num) {
1050
- if (ssl->quic_method != nullptr) {
916
+ if (SSL_is_quic(ssl)) {
1051
917
  OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1052
918
  return -1;
1053
919
  }
@@ -1068,7 +934,7 @@ int SSL_peek(SSL *ssl, void *buf, int num) {
1068
934
  int SSL_write(SSL *ssl, const void *buf, int num) {
1069
935
  ssl_reset_error_state(ssl);
1070
936
 
1071
- if (ssl->quic_method != nullptr) {
937
+ if (SSL_is_quic(ssl)) {
1072
938
  OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1073
939
  return -1;
1074
940
  }
@@ -1100,8 +966,7 @@ int SSL_write(SSL *ssl, const void *buf, int num) {
1100
966
  }
1101
967
  ret = ssl->method->write_app_data(
1102
968
  ssl, &needs_handshake, &bytes_written,
1103
- MakeConstSpan(static_cast<const uint8_t *>(buf),
1104
- static_cast<size_t>(num)));
969
+ Span(static_cast<const uint8_t *>(buf), static_cast<size_t>(num)));
1105
970
  } while (needs_handshake);
1106
971
  return ret <= 0 ? ret : static_cast<int>(bytes_written);
1107
972
  }
@@ -1114,7 +979,7 @@ int SSL_key_update(SSL *ssl, int request_type) {
1114
979
  return 0;
1115
980
  }
1116
981
 
1117
- if (ssl->ctx->quic_method != nullptr) {
982
+ if (SSL_is_quic(ssl)) {
1118
983
  OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1119
984
  return 0;
1120
985
  }
@@ -1129,12 +994,7 @@ int SSL_key_update(SSL *ssl, int request_type) {
1129
994
  return 0;
1130
995
  }
1131
996
 
1132
- if (!ssl->s3->key_update_pending &&
1133
- !tls13_add_key_update(ssl, request_type)) {
1134
- return 0;
1135
- }
1136
-
1137
- return 1;
997
+ return tls13_add_key_update(ssl, request_type);
1138
998
  }
1139
999
 
1140
1000
  int SSL_shutdown(SSL *ssl) {
@@ -1217,8 +1077,8 @@ int SSL_send_fatal_alert(SSL *ssl, uint8_t alert) {
1217
1077
 
1218
1078
  int SSL_set_quic_transport_params(SSL *ssl, const uint8_t *params,
1219
1079
  size_t params_len) {
1220
- return ssl->config && ssl->config->quic_transport_params.CopyFrom(
1221
- MakeConstSpan(params, params_len));
1080
+ return ssl->config &&
1081
+ ssl->config->quic_transport_params.CopyFrom(Span(params, params_len));
1222
1082
  }
1223
1083
 
1224
1084
  void SSL_get_peer_quic_transport_params(const SSL *ssl,
@@ -1231,7 +1091,7 @@ void SSL_get_peer_quic_transport_params(const SSL *ssl,
1231
1091
  int SSL_set_quic_early_data_context(SSL *ssl, const uint8_t *context,
1232
1092
  size_t context_len) {
1233
1093
  return ssl->config && ssl->config->quic_early_data_context.CopyFrom(
1234
- MakeConstSpan(context, context_len));
1094
+ Span(context, context_len));
1235
1095
  }
1236
1096
 
1237
1097
  void SSL_CTX_set_early_data_enabled(SSL_CTX *ctx, int enabled) {
@@ -1255,7 +1115,7 @@ int SSL_early_data_accepted(const SSL *ssl) {
1255
1115
 
1256
1116
  void SSL_reset_early_data_reject(SSL *ssl) {
1257
1117
  SSL_HANDSHAKE *hs = ssl->s3->hs.get();
1258
- if (hs == NULL ||
1118
+ if (hs == NULL || //
1259
1119
  hs->wait != ssl_hs_early_data_rejected) {
1260
1120
  abort();
1261
1121
  }
@@ -1360,7 +1220,7 @@ int SSL_get_error(const SSL *ssl, int ret_code) {
1360
1220
  return ssl->s3->rwstate;
1361
1221
 
1362
1222
  case SSL_ERROR_WANT_READ: {
1363
- if (ssl->quic_method) {
1223
+ if (SSL_is_quic(ssl)) {
1364
1224
  return SSL_ERROR_WANT_READ;
1365
1225
  }
1366
1226
  BIO *bio = SSL_get_rbio(ssl);
@@ -1515,36 +1375,31 @@ int SSL_get_tls_unique(const SSL *ssl, uint8_t *out, size_t *out_len,
1515
1375
  // The tls-unique value is the first Finished message in the handshake, which
1516
1376
  // is the client's in a full handshake and the server's for a resumption. See
1517
1377
  // https://tools.ietf.org/html/rfc5929#section-3.1.
1518
- const uint8_t *finished = ssl->s3->previous_client_finished;
1519
- size_t finished_len = ssl->s3->previous_client_finished_len;
1378
+ Span<const uint8_t> finished = ssl->s3->previous_client_finished;
1520
1379
  if (ssl->session != NULL) {
1521
1380
  // tls-unique is broken for resumed sessions unless EMS is used.
1522
1381
  if (!ssl->session->extended_master_secret) {
1523
1382
  return 0;
1524
1383
  }
1525
1384
  finished = ssl->s3->previous_server_finished;
1526
- finished_len = ssl->s3->previous_server_finished_len;
1527
1385
  }
1528
1386
 
1529
- *out_len = finished_len;
1530
- if (finished_len > max_out) {
1387
+ *out_len = finished.size();
1388
+ if (finished.size() > max_out) {
1531
1389
  *out_len = max_out;
1532
1390
  }
1533
1391
 
1534
- OPENSSL_memcpy(out, finished, *out_len);
1392
+ OPENSSL_memcpy(out, finished.data(), *out_len);
1535
1393
  return 1;
1536
1394
  }
1537
1395
 
1538
1396
  static int set_session_id_context(CERT *cert, const uint8_t *sid_ctx,
1539
- size_t sid_ctx_len) {
1540
- if (sid_ctx_len > sizeof(cert->sid_ctx)) {
1397
+ size_t sid_ctx_len) {
1398
+ if (!cert->sid_ctx.TryCopyFrom(Span(sid_ctx, sid_ctx_len))) {
1541
1399
  OPENSSL_PUT_ERROR(SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
1542
1400
  return 0;
1543
1401
  }
1544
1402
 
1545
- static_assert(sizeof(cert->sid_ctx) < 256, "sid_ctx too large");
1546
- cert->sid_ctx_length = (uint8_t)sid_ctx_len;
1547
- OPENSSL_memcpy(cert->sid_ctx, sid_ctx, sid_ctx_len);
1548
1403
  return 1;
1549
1404
  }
1550
1405
 
@@ -1567,8 +1422,8 @@ const uint8_t *SSL_get0_session_id_context(const SSL *ssl, size_t *out_len) {
1567
1422
  *out_len = 0;
1568
1423
  return NULL;
1569
1424
  }
1570
- *out_len = ssl->config->cert->sid_ctx_length;
1571
- return ssl->config->cert->sid_ctx;
1425
+ *out_len = ssl->config->cert->sid_ctx.size();
1426
+ return ssl->config->cert->sid_ctx.data();
1572
1427
  }
1573
1428
 
1574
1429
  int SSL_get_fd(const SSL *ssl) { return SSL_get_rfd(ssl); }
@@ -1643,13 +1498,12 @@ int SSL_set_rfd(SSL *ssl, int fd) {
1643
1498
  }
1644
1499
  #endif // !OPENSSL_NO_SOCK
1645
1500
 
1646
- static size_t copy_finished(void *out, size_t out_len, const uint8_t *in,
1647
- size_t in_len) {
1648
- if (out_len > in_len) {
1649
- out_len = in_len;
1501
+ static size_t copy_finished(void *out, size_t out_len, Span<const uint8_t> in) {
1502
+ if (out_len > in.size()) {
1503
+ out_len = in.size();
1650
1504
  }
1651
- OPENSSL_memcpy(out, in, out_len);
1652
- return in_len;
1505
+ OPENSSL_memcpy(out, in.data(), out_len);
1506
+ return in.size();
1653
1507
  }
1654
1508
 
1655
1509
  size_t SSL_get_finished(const SSL *ssl, void *buf, size_t count) {
@@ -1659,12 +1513,10 @@ size_t SSL_get_finished(const SSL *ssl, void *buf, size_t count) {
1659
1513
  }
1660
1514
 
1661
1515
  if (ssl->server) {
1662
- return copy_finished(buf, count, ssl->s3->previous_server_finished,
1663
- ssl->s3->previous_server_finished_len);
1516
+ return copy_finished(buf, count, ssl->s3->previous_server_finished);
1664
1517
  }
1665
1518
 
1666
- return copy_finished(buf, count, ssl->s3->previous_client_finished,
1667
- ssl->s3->previous_client_finished_len);
1519
+ return copy_finished(buf, count, ssl->s3->previous_client_finished);
1668
1520
  }
1669
1521
 
1670
1522
  size_t SSL_get_peer_finished(const SSL *ssl, void *buf, size_t count) {
@@ -1674,12 +1526,10 @@ size_t SSL_get_peer_finished(const SSL *ssl, void *buf, size_t count) {
1674
1526
  }
1675
1527
 
1676
1528
  if (ssl->server) {
1677
- return copy_finished(buf, count, ssl->s3->previous_client_finished,
1678
- ssl->s3->previous_client_finished_len);
1529
+ return copy_finished(buf, count, ssl->s3->previous_client_finished);
1679
1530
  }
1680
1531
 
1681
- return copy_finished(buf, count, ssl->s3->previous_server_finished,
1682
- ssl->s3->previous_server_finished_len);
1532
+ return copy_finished(buf, count, ssl->s3->previous_server_finished);
1683
1533
  }
1684
1534
 
1685
1535
  int SSL_get_verify_mode(const SSL *ssl) {
@@ -1693,7 +1543,7 @@ int SSL_get_verify_mode(const SSL *ssl) {
1693
1543
  int SSL_get_extms_support(const SSL *ssl) {
1694
1544
  // TLS 1.3 does not require extended master secret and always reports as
1695
1545
  // supporting it.
1696
- if (!ssl->s3->have_version) {
1546
+ if (ssl->s3->version == 0) {
1697
1547
  return 0;
1698
1548
  }
1699
1549
  if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
@@ -1748,7 +1598,7 @@ static bool has_cert_and_key(const SSL_CREDENTIAL *cred) {
1748
1598
  int SSL_CTX_check_private_key(const SSL_CTX *ctx) {
1749
1599
  // There is no need to actually check consistency because inconsistent values
1750
1600
  // can never be configured.
1751
- return has_cert_and_key(ctx->cert->default_credential.get());
1601
+ return has_cert_and_key(ctx->cert->legacy_credential.get());
1752
1602
  }
1753
1603
 
1754
1604
  int SSL_check_private_key(const SSL *ssl) {
@@ -1758,7 +1608,7 @@ int SSL_check_private_key(const SSL *ssl) {
1758
1608
 
1759
1609
  // There is no need to actually check consistency because inconsistent values
1760
1610
  // can never be configured.
1761
- return has_cert_and_key(ssl->config->cert->default_credential.get());
1611
+ return has_cert_and_key(ssl->config->cert->legacy_credential.get());
1762
1612
  }
1763
1613
 
1764
1614
  long SSL_get_default_timeout(const SSL *ssl) {
@@ -1824,9 +1674,7 @@ void SSL_CTX_set_max_cert_list(SSL_CTX *ctx, size_t max_cert_list) {
1824
1674
  ctx->max_cert_list = (uint32_t)max_cert_list;
1825
1675
  }
1826
1676
 
1827
- size_t SSL_get_max_cert_list(const SSL *ssl) {
1828
- return ssl->max_cert_list;
1829
- }
1677
+ size_t SSL_get_max_cert_list(const SSL *ssl) { return ssl->max_cert_list; }
1830
1678
 
1831
1679
  void SSL_set_max_cert_list(SSL *ssl, size_t max_cert_list) {
1832
1680
  if (max_cert_list > kMaxHandshakeSize) {
@@ -1868,7 +1716,7 @@ int SSL_set_mtu(SSL *ssl, unsigned mtu) {
1868
1716
  }
1869
1717
 
1870
1718
  int SSL_get_secure_renegotiation_support(const SSL *ssl) {
1871
- if (!ssl->s3->have_version) {
1719
+ if (ssl->s3->version == 0) {
1872
1720
  return 0;
1873
1721
  }
1874
1722
  return ssl_protocol_version(ssl) >= TLS1_3_VERSION ||
@@ -1949,9 +1797,9 @@ int SSL_CTX_set_tlsext_ticket_keys(SSL_CTX *ctx, const void *in, size_t len) {
1949
1797
  }
1950
1798
 
1951
1799
  int SSL_CTX_set_tlsext_ticket_key_cb(
1952
- SSL_CTX *ctx, int (*callback)(SSL *ssl, uint8_t *key_name, uint8_t *iv,
1953
- EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx,
1954
- int encrypt)) {
1800
+ SSL_CTX *ctx,
1801
+ int (*callback)(SSL *ssl, uint8_t *key_name, uint8_t *iv,
1802
+ EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx, int encrypt)) {
1955
1803
  ctx->ticket_key_cb = callback;
1956
1804
  return 1;
1957
1805
  }
@@ -1968,7 +1816,7 @@ static bool check_group_ids(Span<const uint16_t> group_ids) {
1968
1816
 
1969
1817
  int SSL_CTX_set1_group_ids(SSL_CTX *ctx, const uint16_t *group_ids,
1970
1818
  size_t num_group_ids) {
1971
- auto span = MakeConstSpan(group_ids, num_group_ids);
1819
+ auto span = Span(group_ids, num_group_ids);
1972
1820
  return check_group_ids(span) && ctx->supported_group_list.CopyFrom(span);
1973
1821
  }
1974
1822
 
@@ -1977,7 +1825,7 @@ int SSL_set1_group_ids(SSL *ssl, const uint16_t *group_ids,
1977
1825
  if (!ssl->config) {
1978
1826
  return 0;
1979
1827
  }
1980
- auto span = MakeConstSpan(group_ids, num_group_ids);
1828
+ auto span = Span(group_ids, num_group_ids);
1981
1829
  return check_group_ids(span) &&
1982
1830
  ssl->config->supported_group_list.CopyFrom(span);
1983
1831
  }
@@ -1985,7 +1833,7 @@ int SSL_set1_group_ids(SSL *ssl, const uint16_t *group_ids,
1985
1833
  static bool ssl_nids_to_group_ids(Array<uint16_t> *out_group_ids,
1986
1834
  Span<const int> nids) {
1987
1835
  Array<uint16_t> group_ids;
1988
- if (!group_ids.Init(nids.size())) {
1836
+ if (!group_ids.InitForOverwrite(nids.size())) {
1989
1837
  return false;
1990
1838
  }
1991
1839
 
@@ -2002,7 +1850,7 @@ static bool ssl_nids_to_group_ids(Array<uint16_t> *out_group_ids,
2002
1850
 
2003
1851
  int SSL_CTX_set1_groups(SSL_CTX *ctx, const int *groups, size_t num_groups) {
2004
1852
  return ssl_nids_to_group_ids(&ctx->supported_group_list,
2005
- MakeConstSpan(groups, num_groups));
1853
+ Span(groups, num_groups));
2006
1854
  }
2007
1855
 
2008
1856
  int SSL_set1_groups(SSL *ssl, const int *groups, size_t num_groups) {
@@ -2010,7 +1858,7 @@ int SSL_set1_groups(SSL *ssl, const int *groups, size_t num_groups) {
2010
1858
  return 0;
2011
1859
  }
2012
1860
  return ssl_nids_to_group_ids(&ssl->config->supported_group_list,
2013
- MakeConstSpan(groups, num_groups));
1861
+ Span(groups, num_groups));
2014
1862
  }
2015
1863
 
2016
1864
  static bool ssl_str_to_group_ids(Array<uint16_t> *out_group_ids,
@@ -2027,7 +1875,7 @@ static bool ssl_str_to_group_ids(Array<uint16_t> *out_group_ids,
2027
1875
  } while (col);
2028
1876
 
2029
1877
  Array<uint16_t> group_ids;
2030
- if (!group_ids.Init(count)) {
1878
+ if (!group_ids.InitForOverwrite(count)) {
2031
1879
  return false;
2032
1880
  }
2033
1881
 
@@ -2078,13 +1926,9 @@ int SSL_get_negotiated_group(const SSL *ssl) {
2078
1926
  return ssl_group_id_to_nid(group_id);
2079
1927
  }
2080
1928
 
2081
- int SSL_CTX_set_tmp_dh(SSL_CTX *ctx, const DH *dh) {
2082
- return 1;
2083
- }
1929
+ int SSL_CTX_set_tmp_dh(SSL_CTX *ctx, const DH *dh) { return 1; }
2084
1930
 
2085
- int SSL_set_tmp_dh(SSL *ssl, const DH *dh) {
2086
- return 1;
2087
- }
1931
+ int SSL_set_tmp_dh(SSL *ssl, const DH *dh) { return 1; }
2088
1932
 
2089
1933
  STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx) {
2090
1934
  return ctx->cipher_list->ciphers.get();
@@ -2107,7 +1951,7 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl) {
2107
1951
  }
2108
1952
 
2109
1953
  return ssl->config->cipher_list ? ssl->config->cipher_list->ciphers.get()
2110
- : ssl->ctx->cipher_list->ciphers.get();
1954
+ : ssl->ctx->cipher_list->ciphers.get();
2111
1955
  }
2112
1956
 
2113
1957
  const char *SSL_get_cipher_list(const SSL *ssl, int n) {
@@ -2287,8 +2131,8 @@ int SSL_select_next_proto(uint8_t **out, uint8_t *out_len, const uint8_t *peer,
2287
2131
 
2288
2132
  // Both |peer| and |supported| must be valid protocol lists, but |peer| may be
2289
2133
  // empty in NPN.
2290
- auto peer_span = MakeConstSpan(peer, peer_len);
2291
- auto supported_span = MakeConstSpan(supported, supported_len);
2134
+ auto peer_span = Span(peer, peer_len);
2135
+ auto supported_span = Span(supported, supported_len);
2292
2136
  if ((!peer_span.empty() && !ssl_is_valid_alpn_list(peer_span)) ||
2293
2137
  !ssl_is_valid_alpn_list(supported_span)) {
2294
2138
  return OPENSSL_NPN_NO_OVERLAP;
@@ -2301,7 +2145,7 @@ int SSL_select_next_proto(uint8_t **out, uint8_t *out_len, const uint8_t *peer,
2301
2145
  return OPENSSL_NPN_NO_OVERLAP;
2302
2146
  }
2303
2147
 
2304
- if (ssl_alpn_list_contains_protocol(MakeConstSpan(supported, supported_len),
2148
+ if (ssl_alpn_list_contains_protocol(Span(supported, supported_len),
2305
2149
  proto)) {
2306
2150
  // This function is not const-correct for compatibility with existing
2307
2151
  // callers.
@@ -2343,10 +2187,12 @@ void SSL_CTX_set_next_protos_advertised_cb(
2343
2187
  ctx->next_protos_advertised_cb_arg = arg;
2344
2188
  }
2345
2189
 
2346
- void SSL_CTX_set_next_proto_select_cb(
2347
- SSL_CTX *ctx, int (*cb)(SSL *ssl, uint8_t **out, uint8_t *out_len,
2348
- const uint8_t *in, unsigned in_len, void *arg),
2349
- void *arg) {
2190
+ void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx,
2191
+ int (*cb)(SSL *ssl, uint8_t **out,
2192
+ uint8_t *out_len,
2193
+ const uint8_t *in,
2194
+ unsigned in_len, void *arg),
2195
+ void *arg) {
2350
2196
  ctx->next_proto_select_cb = cb;
2351
2197
  ctx->next_proto_select_cb_arg = arg;
2352
2198
  }
@@ -2354,7 +2200,7 @@ void SSL_CTX_set_next_proto_select_cb(
2354
2200
  int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const uint8_t *protos,
2355
2201
  size_t protos_len) {
2356
2202
  // Note this function's return value is backwards.
2357
- auto span = MakeConstSpan(protos, protos_len);
2203
+ auto span = Span(protos, protos_len);
2358
2204
  if (!span.empty() && !ssl_is_valid_alpn_list(span)) {
2359
2205
  OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_ALPN_PROTOCOL_LIST);
2360
2206
  return 1;
@@ -2367,7 +2213,7 @@ int SSL_set_alpn_protos(SSL *ssl, const uint8_t *protos, size_t protos_len) {
2367
2213
  if (!ssl->config) {
2368
2214
  return 1;
2369
2215
  }
2370
- auto span = MakeConstSpan(protos, protos_len);
2216
+ auto span = Span(protos, protos_len);
2371
2217
  if (!span.empty() && !ssl_is_valid_alpn_list(span)) {
2372
2218
  OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_ALPN_PROTOCOL_LIST);
2373
2219
  return 1;
@@ -2409,8 +2255,8 @@ int SSL_add_application_settings(SSL *ssl, const uint8_t *proto,
2409
2255
  return 0;
2410
2256
  }
2411
2257
  ALPSConfig config;
2412
- if (!config.protocol.CopyFrom(MakeConstSpan(proto, proto_len)) ||
2413
- !config.settings.CopyFrom(MakeConstSpan(settings, settings_len)) ||
2258
+ if (!config.protocol.CopyFrom(Span(proto, proto_len)) ||
2259
+ !config.settings.CopyFrom(Span(settings, settings_len)) ||
2414
2260
  !ssl->config->alps_configs.Push(std::move(config))) {
2415
2261
  return 0;
2416
2262
  }
@@ -2480,9 +2326,8 @@ int SSL_enable_tls_channel_id(SSL *ssl) {
2480
2326
 
2481
2327
  static int is_p256_key(EVP_PKEY *private_key) {
2482
2328
  const EC_KEY *ec_key = EVP_PKEY_get0_EC_KEY(private_key);
2483
- return ec_key != NULL &&
2484
- EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key)) ==
2485
- NID_X9_62_prime256v1;
2329
+ return ec_key != NULL && EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key)) ==
2330
+ NID_X9_62_prime256v1;
2486
2331
  }
2487
2332
 
2488
2333
  int SSL_CTX_set1_tls_channel_id(SSL_CTX *ctx, EVP_PKEY *private_key) {
@@ -2536,7 +2381,7 @@ size_t SSL_get0_peer_verify_algorithms(const SSL *ssl,
2536
2381
  }
2537
2382
 
2538
2383
  size_t SSL_get0_peer_delegation_algorithms(const SSL *ssl,
2539
- const uint16_t **out_sigalgs){
2384
+ const uint16_t **out_sigalgs) {
2540
2385
  Span<const uint16_t> sigalgs;
2541
2386
  if (ssl->s3->hs != nullptr) {
2542
2387
  sigalgs = ssl->s3->hs->peer_delegated_credential_sigalgs;
@@ -2550,11 +2395,11 @@ EVP_PKEY *SSL_get_privatekey(const SSL *ssl) {
2550
2395
  assert(ssl->config);
2551
2396
  return nullptr;
2552
2397
  }
2553
- return ssl->config->cert->default_credential->privkey.get();
2398
+ return ssl->config->cert->legacy_credential->privkey.get();
2554
2399
  }
2555
2400
 
2556
2401
  EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx) {
2557
- return ctx->cert->default_credential->privkey.get();
2402
+ return ctx->cert->legacy_credential->privkey.get();
2558
2403
  }
2559
2404
 
2560
2405
  const SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl) {
@@ -2658,7 +2503,7 @@ int SSL_state(const SSL *ssl) {
2658
2503
  return SSL_in_init(ssl) ? SSL_ST_INIT : SSL_ST_OK;
2659
2504
  }
2660
2505
 
2661
- void SSL_set_state(SSL *ssl, int state) { }
2506
+ void SSL_set_state(SSL *ssl, int state) {}
2662
2507
 
2663
2508
  char *SSL_get_shared_ciphers(const SSL *ssl, char *buf, int len) {
2664
2509
  if (len <= 0) {
@@ -2707,7 +2552,7 @@ int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_unused *unused,
2707
2552
  CRYPTO_EX_dup *dup_unused,
2708
2553
  CRYPTO_EX_free *free_func) {
2709
2554
  return CRYPTO_get_ex_new_index_ex(&g_ex_data_class_ssl_ctx, argl, argp,
2710
- free_func);
2555
+ free_func);
2711
2556
  }
2712
2557
 
2713
2558
  int SSL_CTX_set_ex_data(SSL_CTX *ctx, int idx, void *data) {
@@ -2814,9 +2659,10 @@ void SSL_CTX_set_psk_client_callback(
2814
2659
  ctx->psk_client_callback = cb;
2815
2660
  }
2816
2661
 
2817
- void SSL_set_psk_server_callback(
2818
- SSL *ssl, unsigned (*cb)(SSL *ssl, const char *identity, uint8_t *psk,
2819
- unsigned max_psk_len)) {
2662
+ void SSL_set_psk_server_callback(SSL *ssl,
2663
+ unsigned (*cb)(SSL *ssl, const char *identity,
2664
+ uint8_t *psk,
2665
+ unsigned max_psk_len)) {
2820
2666
  if (!ssl->config) {
2821
2667
  return;
2822
2668
  }
@@ -2824,8 +2670,8 @@ void SSL_set_psk_server_callback(
2824
2670
  }
2825
2671
 
2826
2672
  void SSL_CTX_set_psk_server_callback(
2827
- SSL_CTX *ctx, unsigned (*cb)(SSL *ssl, const char *identity,
2828
- uint8_t *psk, unsigned max_psk_len)) {
2673
+ SSL_CTX *ctx, unsigned (*cb)(SSL *ssl, const char *identity, uint8_t *psk,
2674
+ unsigned max_psk_len)) {
2829
2675
  ctx->psk_server_callback = cb;
2830
2676
  }
2831
2677
 
@@ -2878,9 +2724,7 @@ int SSL_can_release_private_key(const SSL *ssl) {
2878
2724
  return !ssl->s3->hs || ssl->s3->hs->can_release_private_key;
2879
2725
  }
2880
2726
 
2881
- int SSL_is_init_finished(const SSL *ssl) {
2882
- return !SSL_in_init(ssl);
2883
- }
2727
+ int SSL_is_init_finished(const SSL *ssl) { return !SSL_in_init(ssl); }
2884
2728
 
2885
2729
  int SSL_in_init(const SSL *ssl) {
2886
2730
  // This returns false once all the handshake state has been finalized, to
@@ -2897,14 +2741,14 @@ int SSL_in_false_start(const SSL *ssl) {
2897
2741
  return ssl->s3->hs->in_false_start;
2898
2742
  }
2899
2743
 
2900
- int SSL_cutthrough_complete(const SSL *ssl) {
2901
- return SSL_in_false_start(ssl);
2902
- }
2744
+ int SSL_cutthrough_complete(const SSL *ssl) { return SSL_in_false_start(ssl); }
2903
2745
 
2904
2746
  int SSL_is_server(const SSL *ssl) { return ssl->server; }
2905
2747
 
2906
2748
  int SSL_is_dtls(const SSL *ssl) { return ssl->method->is_dtls; }
2907
2749
 
2750
+ int SSL_is_quic(const SSL *ssl) { return ssl->quic_method != nullptr; }
2751
+
2908
2752
  void SSL_CTX_set_select_certificate_cb(
2909
2753
  SSL_CTX *ctx,
2910
2754
  enum ssl_select_cert_result_t (*cb)(const SSL_CLIENT_HELLO *)) {
@@ -2942,6 +2786,13 @@ void SSL_set_renegotiate_mode(SSL *ssl, enum ssl_renegotiate_mode_t mode) {
2942
2786
 
2943
2787
  int SSL_get_ivs(const SSL *ssl, const uint8_t **out_read_iv,
2944
2788
  const uint8_t **out_write_iv, size_t *out_iv_len) {
2789
+ // No cipher suites maintain stateful internal IVs in DTLS. It would not be
2790
+ // compatible with reordering.
2791
+ if (SSL_is_dtls(ssl)) {
2792
+ OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2793
+ return 0;
2794
+ }
2795
+
2945
2796
  size_t write_iv_len;
2946
2797
  if (!ssl->s3->aead_read_ctx->GetIV(out_read_iv, out_iv_len) ||
2947
2798
  !ssl->s3->aead_write_ctx->GetIV(out_write_iv, &write_iv_len) ||
@@ -2954,30 +2805,30 @@ int SSL_get_ivs(const SSL *ssl, const uint8_t **out_read_iv,
2954
2805
 
2955
2806
  uint64_t SSL_get_read_sequence(const SSL *ssl) {
2956
2807
  if (SSL_is_dtls(ssl)) {
2957
- // TODO(crbug.com/42290608): The API for read sequences in DTLS 1.3 needs to
2958
- // reworked. In DTLS 1.3, the read epoch is updated once new keys are
2959
- // derived (before we receive a message encrypted with those keys), which
2960
- // results in the read epoch being ahead of the highest record received.
2961
- // Additionally, when we process a KeyUpdate, we will install new read keys
2962
- // for the new epoch, but we may receive messages from the old epoch for
2963
- // some time if the ACK gets lost or there is reordering.
2964
-
2965
- // max_seq_num already includes the epoch. However, the current epoch may
2966
- // be one ahead of the highest record received, immediately after a key
2967
- // change.
2968
- assert(ssl->d1->r_epoch >= ssl->d1->bitmap.max_seq_num >> 48);
2969
- return ssl->d1->bitmap.max_seq_num;
2808
+ // TODO(crbug.com/42290608): This API needs to reworked.
2809
+ //
2810
+ // In DTLS 1.2, right at an epoch transition, |read_epoch| may not have
2811
+ // received any records. We will then return that sequence 0 is the highest
2812
+ // received, but it's really -1, which is not representable. This is mostly
2813
+ // moot because, after the handshake, we will never be in the state.
2814
+ //
2815
+ // In DTLS 1.3, epochs do not transition until the first record comes in.
2816
+ // This avoids the DTLS 1.2 problem but introduces a different problem:
2817
+ // during a KeyUpdate (which may occur in the steady state), both epochs are
2818
+ // live. We'll likely need a new API for DTLS offload.
2819
+ const DTLSReadEpoch *read_epoch = &ssl->d1->read_epoch;
2820
+ return DTLSRecordNumber(read_epoch->epoch, read_epoch->bitmap.max_seq_num())
2821
+ .combined();
2970
2822
  }
2971
2823
  return ssl->s3->read_sequence;
2972
2824
  }
2973
2825
 
2974
2826
  uint64_t SSL_get_write_sequence(const SSL *ssl) {
2975
- uint64_t ret = ssl->s3->write_sequence;
2976
2827
  if (SSL_is_dtls(ssl)) {
2977
- assert((ret >> 48) == 0);
2978
- ret |= uint64_t{ssl->d1->w_epoch} << 48;
2828
+ return ssl->d1->write_epoch.next_record.combined();
2979
2829
  }
2980
- return ret;
2830
+
2831
+ return ssl->s3->write_sequence;
2981
2832
  }
2982
2833
 
2983
2834
  uint16_t SSL_get_peer_signature_algorithm(const SSL *ssl) {
@@ -3071,20 +2922,6 @@ void SSL_set_jdk11_workaround(SSL *ssl, int enable) {
3071
2922
  ssl->config->jdk11_workaround = !!enable;
3072
2923
  }
3073
2924
 
3074
- void SSL_set_check_client_certificate_type(SSL *ssl, int enable) {
3075
- if (!ssl->config) {
3076
- return;
3077
- }
3078
- ssl->config->check_client_certificate_type = !!enable;
3079
- }
3080
-
3081
- void SSL_set_check_ecdsa_curve(SSL *ssl, int enable) {
3082
- if (!ssl->config) {
3083
- return;
3084
- }
3085
- ssl->config->check_ecdsa_curve = !!enable;
3086
- }
3087
-
3088
2925
  void SSL_set_quic_use_legacy_codepoint(SSL *ssl, int use_legacy) {
3089
2926
  if (!ssl->config) {
3090
2927
  return;
@@ -3179,8 +3016,8 @@ void SSL_CTX_set_ticket_aead_method(SSL_CTX *ctx,
3179
3016
 
3180
3017
  SSL_SESSION *SSL_process_tls13_new_session_ticket(SSL *ssl, const uint8_t *buf,
3181
3018
  size_t buf_len) {
3182
- if (SSL_in_init(ssl) ||
3183
- ssl_protocol_version(ssl) != TLS1_3_VERSION ||
3019
+ if (SSL_in_init(ssl) || //
3020
+ ssl_protocol_version(ssl) != TLS1_3_VERSION || //
3184
3021
  ssl->server) {
3185
3022
  // Only TLS 1.3 clients are supported.
3186
3023
  OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
@@ -3190,8 +3027,8 @@ SSL_SESSION *SSL_process_tls13_new_session_ticket(SSL *ssl, const uint8_t *buf,
3190
3027
  CBS cbs, body;
3191
3028
  CBS_init(&cbs, buf, buf_len);
3192
3029
  uint8_t type;
3193
- if (!CBS_get_u8(&cbs, &type) ||
3194
- !CBS_get_u24_length_prefixed(&cbs, &body) ||
3030
+ if (!CBS_get_u8(&cbs, &type) || //
3031
+ !CBS_get_u24_length_prefixed(&cbs, &body) || //
3195
3032
  CBS_len(&cbs) != 0) {
3196
3033
  OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
3197
3034
  return nullptr;
@@ -3226,8 +3063,8 @@ int SSL_get_tlsext_status_type(const SSL *ssl) {
3226
3063
  if (ssl->server) {
3227
3064
  SSL_HANDSHAKE *hs = ssl->s3->hs.get();
3228
3065
  return hs != nullptr && hs->ocsp_stapling_requested
3229
- ? TLSEXT_STATUSTYPE_ocsp
3230
- : TLSEXT_STATUSTYPE_nothing;
3066
+ ? TLSEXT_STATUSTYPE_ocsp
3067
+ : TLSEXT_STATUSTYPE_nothing;
3231
3068
  }
3232
3069
 
3233
3070
  return ssl->config != nullptr && ssl->config->ocsp_stapling_enabled
@@ -3319,7 +3156,7 @@ static const char kTLS12Ciphers[] =
3319
3156
  "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384";
3320
3157
 
3321
3158
  static int Configure(SSL_CTX *ctx) {
3322
- ctx->tls13_cipher_policy = ssl_compliance_policy_fips_202205;
3159
+ ctx->compliance_policy = ssl_compliance_policy_fips_202205;
3323
3160
 
3324
3161
  return
3325
3162
  // Section 3.1:
@@ -3342,7 +3179,7 @@ static int Configure(SSL_CTX *ctx) {
3342
3179
  }
3343
3180
 
3344
3181
  static int Configure(SSL *ssl) {
3345
- ssl->config->tls13_cipher_policy = ssl_compliance_policy_fips_202205;
3182
+ ssl->config->compliance_policy = ssl_compliance_policy_fips_202205;
3346
3183
 
3347
3184
  // See |Configure(SSL_CTX)|, above, for reasoning.
3348
3185
  return SSL_set_min_proto_version(ssl, TLS1_2_VERSION) &&
@@ -3376,7 +3213,7 @@ static const char kTLS12Ciphers[] =
3376
3213
  "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384";
3377
3214
 
3378
3215
  static int Configure(SSL_CTX *ctx) {
3379
- ctx->tls13_cipher_policy = ssl_compliance_policy_wpa3_192_202304;
3216
+ ctx->compliance_policy = ssl_compliance_policy_wpa3_192_202304;
3380
3217
 
3381
3218
  return SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION) &&
3382
3219
  SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION) &&
@@ -3389,7 +3226,7 @@ static int Configure(SSL_CTX *ctx) {
3389
3226
  }
3390
3227
 
3391
3228
  static int Configure(SSL *ssl) {
3392
- ssl->config->tls13_cipher_policy = ssl_compliance_policy_wpa3_192_202304;
3229
+ ssl->config->compliance_policy = ssl_compliance_policy_wpa3_192_202304;
3393
3230
 
3394
3231
  return SSL_set_min_proto_version(ssl, TLS1_2_VERSION) &&
3395
3232
  SSL_set_max_proto_version(ssl, TLS1_3_VERSION) &&
@@ -3406,17 +3243,16 @@ static int Configure(SSL *ssl) {
3406
3243
  namespace cnsa202407 {
3407
3244
 
3408
3245
  static int Configure(SSL_CTX *ctx) {
3409
- ctx->tls13_cipher_policy = ssl_compliance_policy_cnsa_202407;
3246
+ ctx->compliance_policy = ssl_compliance_policy_cnsa_202407;
3410
3247
  return 1;
3411
3248
  }
3412
3249
 
3413
3250
  static int Configure(SSL *ssl) {
3414
- ssl->config->tls13_cipher_policy =
3415
- ssl_compliance_policy_cnsa_202407;
3251
+ ssl->config->compliance_policy = ssl_compliance_policy_cnsa_202407;
3416
3252
  return 1;
3417
3253
  }
3418
3254
 
3419
- }
3255
+ } // namespace cnsa202407
3420
3256
 
3421
3257
  int SSL_CTX_set_compliance_policy(SSL_CTX *ctx,
3422
3258
  enum ssl_compliance_policy_t policy) {
@@ -3432,6 +3268,10 @@ int SSL_CTX_set_compliance_policy(SSL_CTX *ctx,
3432
3268
  }
3433
3269
  }
3434
3270
 
3271
+ enum ssl_compliance_policy_t SSL_CTX_get_compliance_policy(const SSL_CTX *ctx) {
3272
+ return ctx->compliance_policy;
3273
+ }
3274
+
3435
3275
  int SSL_set_compliance_policy(SSL *ssl, enum ssl_compliance_policy_t policy) {
3436
3276
  switch (policy) {
3437
3277
  case ssl_compliance_policy_fips_202205:
@@ -3444,3 +3284,7 @@ int SSL_set_compliance_policy(SSL *ssl, enum ssl_compliance_policy_t policy) {
3444
3284
  return 0;
3445
3285
  }
3446
3286
  }
3287
+
3288
+ enum ssl_compliance_policy_t SSL_get_compliance_policy(const SSL *ssl) {
3289
+ return ssl->config->compliance_policy;
3290
+ }